Information on multi-cloud networking, cloud network platform, cloud networking, cloud network security, cloud network operations, aviatrix secure cloud networking
Issue link: https://aviatrix.com/resources/i/1499528
© Aviatrix, 2023. FAST FACTS Distributed Cloud Firewall Why Are Traditional Firewalls Failing in the Cloud? Data-center era firewalls, bolted-on to a cloud network, dramatically increase operational complexity, create bottlenecks, increase application latency, and drive up cloud data transfer costs. There are three areas where cloud has fundamentally changed the firewall game, leading to these common pain points when traditional firewalls are used. 1. The cloud perimeter is endless and dynamic. Cloud environments regularly have thousands of dynamic ingress and egress points on the "endless perimeter", which quickly becomes unfeasible with the traditional approach. 2. Cloud-based applications are dynamic and are rapidly shifting towards a microservices architecture. Modern cloud application workloads are containerized, ephemeral, and require elastic scale. Security teams can no longer leverage IP addresses due to constant change in these dynamic application environments. 3. Cloud infrastructure teams need far more agility to keep up with application requirements. The centralized hardware appliance operational model for network security from the data center cannot meet the rapid release cycles embraced by applications teams, including DevSecOps automation and CI/CD pipelines. New Rules, New Tools To address these three fundamental changes, cloud infrastructure teams need a network security solution specifically designed for the cloud. What's needed is a Distributed Cloud Firewall. What makes a Distributed Cloud Firewall right for cloud, and so different from traditional firewalls? There are five key differences. 1. Distributed Enforcement Embedded into Natural Cloud Traffic Flow – Traffic does not have to be pushed into centralized inspection points, thereby eliminating bottlenecks and automatically scaling with application environments. 2. Centralized Policy Creation Consistent Across Multicloud Environment – The entire system will appear and function as a single large firewall. 3. Cloud Operational Model– A fully programmable Terraform provider enables DevSecOps and CI/CD pipelines, in order to match application requirements. 4. Native Cloud Network and Security Orchestration – Creates consistency across cloud service providers and avoids conflicts between networking and security configurations. 5. Advanced Security Services Consolidation – Supports commoditized features (L7 decryption and inspection, full traffic visibility, and audit reporting) plus micro-segmentation, network isolation, automated threat detection and mitigation, anomaly detection, vulnerability scanning, and cloud workload risk scoring, all with the same distributed architecture and central policy creation. "This is more cloud native than native cloud firewalls. It's a game changer for us." - Jason Simpson, VP of Engineering at Choice Hotels