云中的防火墙

你的防火墙在哪里?是的，在架子上，但架子在哪儿?我们越来越多地发现，一些组织正在寻找分层防火墙模型，在这种模型中，第一道防线不是在数据中心的机架上，而是在云中。雷竞技电脑网站各组织正在转向基于云的防火墙服务，以实现传统的防火墙功能，以及防御分布式拒绝服务。在这个由三部分组成的系列文章的第2部分中，我们将关注基于云的安全服务，重点是防火墙。防火墙不是静态的。随着业务变化速度的增加，不断更新防火墙的需求也在增加:新的应用程序、新的业务模型、新的贸易伙伴等等。维护防火墙需要大量的时间和金钱投资，以及对防火墙技术人员培训的投资。随着威胁的不断演变和攻击复杂性的增加，这种情况会随着时间的推移而增加。每个安全团队至少有一名员工花时间更新软件、监控日志和调整内部防火墙的规则设置，以便通过平衡开放与保护来持续管理风险。 Firewall teams for that manage 24 x 7 operations require six or seven people. Unfortunately, many IT organizations do not have the necessary resources to dedicate to firewall management so it often becomes a responsibility added to network management jobs. IT organizations that do have the financial resources have trouble finding and retaining skilled firewall technicians. Both situations put the organization at risk. Lacking personnel or resources negatively affects the firewall effectiveness. And, as I discussed in my last post, IT security professionals see a cloud-based security services provider’s effectiveness as the primary driver to move to cloud-based security services. This lack of effectiveness is the weak link, setting up a dilemma for information security management: Organizations that want to pay for an on-premise firewall-management program may not be able to find the human resources to be effective. Those that can find the human resources may not be able to afford it. In both cases, organizations must evaluate a cloud-based firewall service. In the first case, this requires finding a service that can meet the corporate risk appetite. In the second case, it requires finding a service that meets the corporate risk appetite and shows a significant return. In my next post we’ll look at the factors that go into a cloud-based firewall cost analysis.