I blogged here about what since 2003 Gartner has been calling the Next Generation Firewall, and then Greg Young and I published a Gartner research note “Defining the Next Generation Firewall.” Simplifying a bit, the winners in the firewall market will be those who have added application identification and policy enforcement and deep packet inspection intrusion prevention capabilities to their firewall products – as integral features, not separately priced options or bolt-on capabilities. It is all about firewalls evolving to deal with the next generation of threat as a platform.
Then, last month Greg and I published the 2010 “Enterprise Firewall Magic Quadrant” and currently Bob Walder and I are in the process of updating the “Magic Quadrant for SMB Multifunction Firewalls” while Greg Young and I kick off the update for the “Magic Quadrant for Network Intrusion Prevention System Appliances.”
OK, I think I fulfilled my quota of quoting links to Gartner research notes, but my real point was we are spending a lot of time and energy on perimeter network security products (I won’t even mention the “Magic Quadrant for Web Security Gateway” recently published by Peter Firstbrook and Lawrence Orans – hey, I just exceeded my quota!
Why are we spending all this time if there is no more perimeter? Mainly because there is still a perimeter and there will always be a perimeter. Back in the late 1990s when laptop use and remote access VPNs started the perimeter was declared dead. When SSL VPNs opened it up to non-corporate PCs in the early 2000s, more declarations of death. When smartphones came along, ditto. And now cloud computing, death knells for perimeters. Oh, yeah – back when we called cloud “Application Service Providers” and before that when we call ASPs “Outsourcers”, same death knells.
Of course, it turns out that for some odd reason most businesses still have data centers and some tower PCs and they still don’t send paychecks to customers or deliver products to their employees – there is still an inside and still an outside. Even with the most overhyped predictions of cloud adoption, there still will be an inside and an outside.
The real issue is that as IT changes delivery mechanisms, it always augments vs. completely replaces the previous model (still a few mainframes out there, no?) and security needs to do the same thing. That’s why email security is often delivered as a service, injecting email security policy between the users and their email, regardless of where it is physically performed. Web security is going the same way – web security enforcement at the HQ Internet connection on a server, but web security as a service enforcing the same policy between mobile employees and Internet access.
The Next Generation Firewall will follow the same pattern – extending to NGFW as a service (or what we used to call “In the Cloud Firewalling” before the cloud term got ripped away from the Internet carriers) to inject the same firewall policy between the users and the Internet and in between the cloud-based services we consume that used to be inside the data center.
It is really just border control – we don’t declare countries “deperimeterized” because airplanes were invented, we extend border control into the airport terminals.
Read Complimentary Relevant Research
Top Strategic Predictions for 2019 and Beyond: Practicality Exists Within Instability
Technology-based change is happening continuously, and most organizations struggle to see the change in advance. Continuous change can...
View Relevant Webinars
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.