Under the auspices of the Open Group, the Jericho Forum began issuing position papers, notably the Jericho Forum's "Commandments" for good security to "deliver a de-perimeterized vision." It fired more than a few shots at the firewall. "Whereas boundary firewalls may continue to provide basic network protection, individual systems and data will need to be capable of protecting themselves," the group stated. Other guidelines were, "In general, it is easier to protect an asset the closer protection is provided."
In the ongoing debate, which enlivened many tech conferences, Gartner, among others, tended to push back on the notion the perimeter firewall should go away. Companies kept buying more firewalls. But the Jericho Forum's basic concepts about how use of cloud services and mobile devices, especially employee-owned "Bring Your Own Device" situations, were causing difficulties for perimeter firewalls, hit home for many companies. And the rise of virtualized networks and the looming terrain of future Software-Defined Networks for switching, is challenging firewall vendors to adapt.
Some vendors, including Check Point, have designed software-based firewalls to work in the Amazon Web Services EC2 cloud service, for example, though Amazon itself offers a firewall service. Cisco doesn't yet, but Harrell says that's in the works along with other cloud services. He acknowledges one issue is that each one represents a platform needing a specific firewall build and a way to charge for a firewall in the "pay as you go" model of cloud services. He adds Cisco also has firewall hosting services for the enterprise that are going to be expanded in the future.
Adoption of virtual firewalls has been fairly slow, Gartner believes, predicting that fewer than 5% of enterprises will deploy all-virtualized firewalls in their data centers by 2016. Check Point's Shwed acknowledges that from what he sees, adoption of virtual firewalls hasn't seemed to take off.
But firewalls are hardly dead as Gartner analyst Greg Young pointed out in his recent presentation at the Gartner Security and Risk Management Summit. He noted that the enterprise firewall market at $8.7 billion remains the single largest segment of the overall IT security market. And that's expected to rise to $9.4 billion by year-end. But there are discontents around specific things.
Web A/V filtering, in particular, causes a significant performance hit on a firewall, he pointed out, and this functionality is likely better deployed on a secure gateway. The firewall contenders out there have yet to leave their marks in virtualization, the data center and SDN, "the next battle to be fought," Young said.
Cisco's Harrell contends Cisco is positioning itself to engage in that battle effectively with its application-centric infrastructure and controller with a way to configure firewalls and load balancers in simple English-language rules. However, it all remains very new.
Sign up for Computerworld eNewsletters.