Firewalls and Cloud Computing
One of the great things about cloud computing is that it lessens the cost and difficulty of protecting the perimeter network security with a firewall. Rules for SMTP (Simple Mail Transport Protocol) can often be eliminated, along with web publishing for corporate websites and SharePoint. Businesses can now use the power of the Internet outside of physical facilities to have web presence, messaging, data, and line-of-business applications at one or more online providers.
This shift in security impacts the type and configuration of your firewall. The 3 common issues we find with firewalls and cloud computing are:
- Failure to eliminate unnecessary rules or holes in the perimeter and lower the attack plane of a business. Why leave the possibility open for malware to SPAM the world from your location and not disable unnecessary SMTP rules? The corollary is all protocols should not be allowed from the internal network outbound to the Internet.
- Utilizing firewall caching is generally not recommended because in this real-time world, content continues to move and change regularly. Firewall caching should not be enabled with online services, as underlying cloud computing IP addresses may change with failover or normal service provider growth. If caching is enabled, then access to online services may be blocked and prevent users from working until the cache is cleared or disabled.
- Inability to change or disable flood mitigation is also a common problem, that in some cases requires replacing the existing firewall solution. Since the bulk of corporate web traffic changes to numerous encrypted SSL connections to and from the same address, some firewalls may treat the traffic as an attack and intermittently block communications to online services. Before implementing cloud computing, verify if your firewall has the ability to change or disable flood mitigation. If not, you should replace the existing firewall or risk intermittent and unknown disruption to online services.
The bottom line is that as you narrow the cost and maintenance funnel of on-premise technology infrastructure, you should change your security strategy to eliminate legacy protection and provide maximum access to cloud computing services.