Tuesday, December 7, 2021


FWaaS may just be what your organization is missing

Like many of the IT leaders we encounter, you’re likely facing a refresh on your firewall appliances or you are due to face one soon. The common practice is to exchange one firewall appliance for another, a new shift has emerged, where enterprises are opting to replace old practices with firewall-as-a-service (FWaaS).

Here at Qcom, we have seen more than 1,000 organizations adopt FWaas to ensure the security of over 300,000 mobile users and 15,000 offices, where FWaas has replaced the original firewall process.

Last year, Gartner® projected that by 2025, 30% of new distributed branch office firewall deployments would switch to FWaaS, up from less than 5% in 2020.

What’s Changing for FWaaS

What’s behind this change? FWaaS eliminates the cost and complexity of buying, evaluating, and upgrading firewall appliances. It also makes keeping security infrastructure up-to-date much easier. Rather than stopping everything and racing to apply new IPS signatures and software patches whenever a zero-day threat is found, FWaaS is kept updated automatically.

Most of all, FWaaS is a better fit for the macro trends shaping your enterprise. No matter where users work or resources reside, FWaaS can deliver secure access, easily. By contrast, physical appliances are poorly suited for securing cloud resources, and virtual appliances consume significant cloud resources while requiring the same upkeep as their physical equivalents, with users working from home, investing in appliances makes little sense. Delivering a secure remote access solution with an office firewall requires backhauling the user’s traffic, increasing latency, and degrading the remote user experience.

Not Just FWaaS, Cloud-Native FWaaS

In order to realize the benefits FWaaS has to offer, it must run on a global cloud architecture.

FWaaS offerings running on physical or virtual appliances hosted in the cloud mean resource utilization is still locked into the granularity of appliances, increasing their costs to the providers — and ultimately to their customers. Appliances also force IT leaders to think through and pay for high-availability (HA) and failover scenarios. It’s not just about running redundant appliances in the cloud. What happens if the PoPs hosting those appliances fail? How do connecting locations and users failover to alternative PoPs? Does the FWaaS even have sufficient PoP density to support that failover?

With our FWaaS we use a cloud-native FWaaS, meaning it shares the virtual infrastructure in a way that abstracts resource utilization from the underlying technology.

FWaaS: A Better Way to Protect the Enterprise

FWaaS built on appliances simply cannot meet enterprise requirements, not for performance nor uptime. Cato’s cloud-native approach not only made FWaaS possible, but we proved that it can meet the needs of the vast majority of sites and users. Over time, cloud-native FWaaS will become the dominant deployment model for enterprise security.