The trend has been obvious for years, more and more IT functions are moving to the cloud. Starting with images and files stored in the network to create local space, keep multiple devices in sync or share files with others, more and more functions that were previously only available locally on the device have been added over the last few years, largely driven by higher available bandwidths and cheaper web storage space.
Firewalls, proxy servers and even a replacement of network infrastructures such as the Virtual Private Network (VPN) that has been used for decades have successfully moved to the cloud in recent years.
This raises many questions, some of which we will answer here. Among others.
Why are services and functions being moved from the endpoint to the network?
What are the advantages and disadvantages for companies and users?
How complex is the migration and how will the new environment be maintained after the move?
Can you smell the smoke already?
First, let's look at the reasons why functions are increasingly being performed on the network instead of with a local application: For example, imagine the firewall as a tape wall in your literal translation. If this is installed on your device, then the threat is only stopped at the smallest possible distance. They can smell the smoke. Also you always have to expect that someone will open the door to see if the fire is really as bad as you think. Everything could be completely exaggerated. Once the fire is in the house, it is already too late.
It is similar with a firewall that is installed on your device or locally in the company. Potential threats are stopped just before they reach the finish line, and the danger of a threat successfully attacking is always present.
In the IT environment, it is also the case that new types of threats are constantly emerging against which one must be prepared. The firewall must therefore always be up to date in order to be able to successfully withstand the latest threats. Assuming that there is no constant update, but only a regular one, there is always the danger that a new threat will attack them before they are (sufficiently) protected against it.
Fire at most on the horizon
Now let's imagine that the ribbon wall is not directly in front of your house, but far away. Any fire that breaks out you can watch from a distance. The extinguish others take over for you and the danger that they fall victim to the fire is much smaller.
In addition, the experienced firefighters are gathered right there and take care of the fire together, also know the latest threats and how to fight them. So you also don't have to worry about another kind of fire jumping over the wall. Because the firefighters are well networked. As soon as someone somewhere discovers a new type of fire, everyone is informed about how best to fight it.
In the IT environment, this means that a perimeter is set up to eliminate threats before they get near your device or your corporate network. Updates are no longer made regularly, but constantly, as if they were clicking the "Update" button non-stop.
Empty streets and always up to date
Other advantages include the fact that the bandwidth that is normally used for updates will remain free in the future, as the updates are carried out on the network and no longer have to be downloaded and installed on your laptop on a daily basis.
The frequency of updates is also much higher with cloud-based services, so protection against newly identified threats is, if not immediate, then much faster than with traditional solutions.
The janitor no longer has much to do
Maintenance work and installations on local devices are no longer necessary, and the associated problem-solving is almost completely eliminated. Since nothing needs to be installed or customized locally (once the cloud services are set up).
New devices are fully protected immediately, as threats can no longer reach them, and protection is the same for all devices. If, however, a rule is changed (for example, something is blocked or released the other way around), then these new rules are immediately available to everyone without any time delay or local update. Waiting times are eliminated and the probability that the change does not work on individual devices and must be reworked is completely negated.
What is the catch?
Of course, this concept also has disadvantages: If the network firewall fails, there is no internet connection anymore (so you are not unprotected). But this case is very unlikely. All providers guarantee a maximum availability of almost 100% and thus significantly more than most providers for Internet connections. These solutions are all designed for high availability. So if one instance fails, the next one takes over. A failure caused by one of these solutions is therefore extremely rare in practice.
The outsourcing of customization options can be seen as both a blessing and a curse. For most companies, it will be the optimal solution in terms of availability of contact persons (internal resources sometimes have to sleep, go on vacation or may be sick), knowledge about the current status of the solution and up-to-dateness as well as in terms of costs.
In the vast majority of cases, this is where so-called "managed services" come into play. What is meant by "Managed Service" and what possibilities they offer you can read in another blog article.
Commentaires