Amazon Web Services (AWS) just announced a new Web App Firewall (WAF) service. As a technical security control, this appears to be a great step forward. Enterprises are still struggling to effectively migrate (at scale) network security controls (like WAF) to the cloud. There are numerous approaches but few are elegant or simple. AWS WAF offers a simple and cheap mechanism to deploy a necessary security control to protect web servers. As a technical control, this new service allows elastic/devops cloud environments to better secure their web services and to do so without the investment in a WAF appliance or integration/scale/analysis problems that can arise with some free technologies (like mod_security). According to the FAQs AWS WAF can even protect non-AWS web servers.
The real question is what this move will do to Amazon’s partnerships with other network security vendors. Nextgen Firewall (NGFW) and Intrusion Prevention System (IPS) vendors. Notably NGFW MQ vendors have technology partnerships with Amazon. It’s efficient for cloud firewalls to integrate with native cloud services. By leveraging cloud provided services to perform some network security functionality (like basic port or IP blocking), traffic to the virtual NGFW appliance is reduced and administrators can manage rules in one portal. Today’s announcement of AWS WAF, has to give netsec vendors pause; partnerships between potential future competitors are hard. I’m curious what Amazon’s move into WAF will mean for these netsec partnerships.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.