Aviatrix recently published the State of Cloud Network Security: 2025 report, detailing the results from our comprehensive study of 403 U.S. IT professionals. The survey covered many aspects of cloud network security, including the use, management, challenges, risks, and costs of cloud firewalls.
The bottom line is that cloud firewalls, while widely adopted, are challenging to implement and integrate, which leads to increased risks and costs. Let’s unpack this conclusion section by section.
Native cloud provider firewalls are widely adopted
To say that cloud firewalls are widely used is a bit of an understatement. All organizations are using some sort of cloud firewall. And 91% of respondents are using native firewalls from their cloud service provider (CSP), so that particular type of firewall solution has near universal adoption. However, only 25% are relying solely on those CSP-native firewalls; nearly two-thirds (64%) are using third-party firewall solutions, and 41% are using open-source firewall tools—and 21% of respondents are using all three approaches together.
This suggests that organizations recognize that the cloud-native solutions, while dominant, perhaps in part because it’s an easy add-on to their cloud services, aren’t sufficient alone. (To learn more about different kinds of cloud firewalls, check out Virtualized Firewalls Are Not Cloud Firewalls: What You Need to Know.)
As a side note, Kubernetes firewalls—a specialized type of firewall that secures network traffic between containers and pods and the broader internet—are also used in some capacity by nearly all (95%) organizations, and extensively by more than half (56%).
Cloud firewalls are challenging to implement and integrate
Integrating cloud firewalls with existing systems is the number one implementation challenge, plaguing two-thirds (67%) of respondents and underscoring a significant problem industry-wide. Other issues include:
Performance overhead (55%)
Scalability issues (50%)
Lack of skilled personnel (46%)
Budget constraints (41%)
Support of cloud-native apps, like PaaS, Kubernetes, etc. (31%)
Cloud firewall challenges lead to increased risks and costs
Native cloud firewalls, in particular, are complex. As noted above, nearly half of respondents cited lack of skilled personnel as a challenge they faced in implementing their cloud firewall solutions. Faulty assumptions, made perhaps as a result of insufficient knowledge and skills, can have significant repercussions:
Performance issues (52%)
Security gaps (51%)
Increased costs (45%)
Increased operational complexity (45%)
Compliance challenges (44%)
Migration delays (44%)
Only 4% of respondents said they had none of these challenges.
The fact that these issues are all experienced at similar rates (44–52% of respondents) suggests there isn’t one easy fix. Furthermore, of the 96% that did run into problems, 93% experienced two or more of these challenges and two-thirds (66%) had to deal with three or more.
It’s important to emphasize that more than half (51%) of respondents experienced security gaps as a result of assumptions about their native cloud firewall capabilities. It’s essentially tied with performance for the top problem. That’s a striking number for a security-focused solution, underscoring the severe inadequacy of the status quo.
And it’s interesting to note that while less than half (45%) of respondents cited increased costs as an issue with native cloud firewalls, almost two-thirds (63%) were hit with unexpected costs related to their overall cloud firewall implementation in the past 12 months. Here’s the breakdown of exactly how much those unanticipated costs were:
Less than $10,000—5%
$10,000 to $49,999—26%
$50,000 to $99,999—34%
$100,000 to $499,999—33%
$500,000 or more—2%
That is a lot of wasted money.
The key takeaway
Using native cloud firewalls alone is often insufficient to meet the demands of modern, distributed environments. Furthermore, multi-vendor, fragmented setups are a challenge that can create dangerous security gaps. Organizations need to unify protection across clouds with advanced capabilities and centralized management to increase security and eliminate integration headaches while keeping costs in check.
Improve your cloud network security posture with Aviatrix
Aviatrix's Cloud Native Security Fabric (CNSF) helps address these issues to support a stronger security posture than you can get with traditional provider-specific cloud firewalls, solving the widespread challenges of:
Security gaps: Aviatrix combines enterprise-grade NAT capabilities with centralized management, threat prevention, URL filtering, and outbound security measures such as IDS/IPS, TLS decryption, and advanced threat detection. This provides a stronger security posture than traditional provider-specific NAT gateways.
Complex deployment: The solution is designed for rapid, automated deployment without requiring any re-architecture of the existing cloud network. It scales automatically with traffic demands, making it ideal for global, regional, or single-application environments.
Heterogeneous cloud environments: Provides advanced networking and security capabilities for hybrid, single cloud, and multicloud environments, supporting multiple public cloud providers such as AWS, Azure, and Google Cloud.
Unexpected costs: Aviatrix offers flat hourly billing models, eliminating the need for pay-per-instance and throughput pricing for better cost control. Aviatrix customers save an average of 25% annually compared to native solutions.
Experience CNSF with an interactive demo or a personalized walkthrough with one of our specialists.
