In a Perpetually Cloudy World, Do You Still Need a Firewall?
If you've been reading the tech news recently, you have probably noticed the increased coverage of cloud computing. While cloud computing has been mostly talk until now, it's predicted that 2011 will be The Year of the Cloud, when cloud computing begins to take over major chunks of our datacenters. And over time, these same predictors indicate that eventually almost all of your datacenter will be in the cloud and that you'll need to consider polishing up your resume and embarking on a new career, since what you used to do in your on-premises datacenter will be taken care of by some faceless minion in a faraway cloud datacenter.
Whether that vision of cloud computing ever comes to pass or not, it's clear that many companies are currently considering cloud computing options for at least some of the services they now maintain on premises. It's also clear that Microsoft is fully invested in cloud computing. The writing was on the wall when Essential Business Server (EBS) was cancelled right before it was to be released to manufacturing. And there's the possibility that you'll see other Microsoft server products disappear in the coming months, to be replaced with a cloud option. All of this is consistent with Steve Ballmer's assertion that, regarding the cloud, "we're all in"!
So with huge chunks of the datacenter going to the cloud and Microsoft servers disappearing from the on-premises datacenter, what is the future role of the firewall? Will you have any need for a firewall after your entire datacenter has moved to the cloud? Is there a place for the TMG firewall any longer?
Some might argue that if all you have on your network are client operating systems, there be no need for a firewall, as you can manage those systems from the cloud and the host-based Windows Firewall with Advanced Security is enough to secure them. Pair the powerful host-based firewall on Windows 7 and future Windows 8 client operating systems with continuing advances in Microsoft anti-virus and anti-malware technology, and you have a situation where an edge firewall might be considered an expensive "bump on the wire" that really doesn't provide any significant level of network security.
On the other hand, you can make a good argument that a firewall will be required now, more than ever. Even though the servers and data are contained in some faraway cloud datacenter, there is still going to be data stored on those client operating systems. That means there is still a need to provide data leakage protection, and of course there is still a need to filter the web so that employees don't waste time or create a liability-inducing hostile work environment. And no matter how sophisticated the security becomes on the client operating systems, there are always going to be zero-day and other exploits that you can't protect against on the clients because of the lag time between the release of a security update and the time it takes for you to test the updates to insure that they don't bring down your network.
It seems to me that even if the entire datacenter moves to the cloud, there is one server that can't ever be moved off premises: the firewall. For this reason I think the reports of TMG's demise have been greatly exaggerated. The TMG firewall provides essential protection for all your client operating systems and the data they contain. The TMG firewall provides key URL filtering and web anti-malware that you need, regardless of the location of your datacenter. TMG's Network Inspection System helps insure that your client operating systems are protected against attacks during the lag time of security update release and testing.
What do you think? With almost everything moving to the cloud, is there a need for the TMG firewall? Do you think they should move the TMG firewall to the cloud too? Or will you always need on on-premises firewall to protect your client systems. Let me know your opinions! Send me a note at [email protected] and I'll share the results with our readers in the next newsletter.
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)