Did you ever hear those debates in school: why pizza should be removed from the lunch menu, or why the computer rooms should or shouldn’t get additional computers? If you are anything like me, you probably sat by and listened to both sides without getting a word in on your own. That was before the Internet came along and made it so much easier to blast your own opinions out for everyone to see. Well, as I discussed briefly last week in my article on Securing Data and Perfect Security, and old security standby has recently received some flak from the digital security world. That’s right, the firewall has been brought to the stand on charges of irrelevance and, and it is time that we took a second to add our two cents on whether or not the firewall is truly a major concern as a security challenge.
Tune in here after the jump!
Tried and True – Increasing Irrelevance
Before we go ahead and jump in with our opinions, let’s take a look at what the two sides are saying. As far as a security challenge can be categorized, the firewall seems like an ancient, traditional method of security. Regardless, the firewall has held true throughout the years, being in place in many different security solutions and networks across many different verticals.
In an article for DarkReading, Asaf Cidon calls the firewall a “vestige of a simpler time.” Citing its lack of belonging in a world that is increasingly moving forward with cloud access, BYOD programs and the Internet of Things. While there is a certain amount of truth to the matter, the argument builds from this cornerstone to note precisely why the firewall has become a notable security challenge in the modern digital age.
Further citing a Ponemon survey, Cidon notes “81 percent of IT organizations don’t know how much sensitive data resides on mobile devices and the cloud.” The major observation here: the firewall cannot protect all of those devices, or the cloud. There is an obvious security challenge present if your chosen security measure cannot reach two thirds of your information storage locations.
It’s an observation that further composites itself into the next major point of Cidon’s side of the argument – it is becoming increasingly difficult to track sensitive files and information in the digital world.
Cloud access and BYOD bring with them a necessary risk for data access and management. This is nothing new: if you allow a piece of data to be removed from a secure environment, it becomes much more vulnerable to outside attack. Cidon’s point is that this innovation renders the firewall as a security challenge as opposed to solution – if the file gets removed from the network and transported away, the firewall cannot go with it.
Cidon’s article has various strong points. His conclusion is to provide additional layers of encryption and control to, “seal the potential compliance gaps opened by file sync and remote work.” The solution works for addressing this particular security challenge, as well as responding to various other issues in the digital security realm as well. Moreover, end-to-end encryption and network monitoring should be a staple in the moving world of cyber security, and Cidon makes strong strides in pointing out their necessity. More specifically, Cidon points to securing the cloud specifically – the firewall loses power when files are brought outside its jurisdiction – the cloud does not offer extradition, and the firewall is bound by its duty to the network.
In a way, the firewall is limited. There is no such thing as perfect security, and the real security challenge lies in taking the appropriate steps towards achieving as near to that goal as we can in our network security.
Now, let’s take a look at the other side.
Firewalls – a Vital and Necessary Security Challenge
Jody Brazil, Founder and CEO of FireMon, provides the opposing argument in his article: Firewalls Sustain Foundation of Sound Security. Whereas Cidon points to the weaknesses inherent in a legacy security, Brazil takes a primary focus on what he terms, “a multi-layered approach necessitating mechanisms that control access.” In short, the real security challenge in Brazil’s eyes is not the firewall itself, but not having a strong enough security paradigm in place overall.
Brazil makes a strong point to address the notion of protecting data that gets moved to the cloud or outside of the network on personal or mobile devices. The response to this particular security challenge is twofold – there is no doubt that this is an issue with current security models, but the security challenge should not be deemed an issue with the firewall.
Firewalls, according to Brazil, are integral to the current realm of network security, in that they provide key protection to an integral location. “…an attacker will perpetrate the most damage when the data is centralized and critical applications must be effectively protected, not just data at rest or in transit.” The security challenge that the firewall faces is in protecting the data centers, and the multi-layered approach integrates other measures to properly handle the data being removed from the network or stored elsewhere.
Additionally, citing the 2015 Verizon PCI Compliance report, Brazil notes that 73% of organizations that suffered a breach were not in compliance with PCI DSS Requirement one, relating to appropriate firewall management. While Brazil concedes, “…achieving compliance hardly constitutes attaining optimal security,” these standards are in place for good reason.
One major point that should be taken from Brazil’s article is that the security challenge which the firewall directly addresses is one that shows no signs of disappearing: the challenge of regulating access. The firewall excels, when properly managed, at mitigating risk to data centers and other sensitive areas of data storage by limiting access. As part of a tiered system of security, the firewall thrives. Brazil notes, “The firewall remains a critical layer because it does its job, limiting access to only necessary traffic.” The rest is really up to other layers of the security solution itself – that is the real security challenge.
Consider This – My Stand
I’ve always seen the firewall as a foundation from which to build a strong security solution. With respect to Asaf Cidon and his own views on the matter, I find myself standing on Brazil’s side of the debate. There is no doubting that data breaches have spiked in recent years, regardless of the strength in our firewall implementation of late. The digital age has brought with it just as many risks and dangers as it has safety measures and innovations.
Par for the course, if you ask me.
More importantly, however, is the fact that Cidon’s article seems to overlook one key aspect that his opponent touches on from the very beginning: while the firewall alone may be viewed as a dire security challenge, it is an integral part of the security hierarchy. In the same way that no man is an island, no one security measure can be expected to perfectly secure every aspect of a network, either local or in the cloud – that idea seems naïve to me.
The firewall was never meant to be on its own.
As part of a larger, multi-layered system, the firewall appears to be holding strong as a necessary aspect of a security system. It mitigates risk to high-ranking data within a network, and can even be implemented to limit and observe traffic to cloud based data as well. With proper implementation, any security challenge apparently inherent in the firewall is void. The issue is not with the firewall itself, but with proper management and upkeep. A true craftsman does not blame his tools when his work falls just short of perfection, after all. The firewall solves a specific security challenge and solves it beautifully. If I had to guess, I would say the firewall will be around for a long time.