Gartner Blog Network

It’s Time to Retire the Term Firewalls

by Neil MacDonald  |  May 18, 2010  |  1 Comment

In my research on Adaptive Security Infrastructure and Context Aware Security, I have concluded that future information security policy enforcement points must move security policy enforcement “up the stack”. As we move to virtualize our data centers and adopt cloud-based computing platforms, security policy can no longer be bound solely to physical attributes such as IP address or device.

Firewalls are evolving to become adaptive and adding context awareness beyond their traditional dependency on physical attributes (whitelisting of IP addresses, and port/protocol combinations) and adding application, identity and, in some cases, content awareness. This requires deeper inspection of the incoming network traffic stream to map these to logical identities, applications and understand the content they carry.

So far so good.

At some point, shouldn’t we stop calling them “firewalls”? The term “next-generation firewall” is better, but that’s kind of like calling an automobile a “ a next-generation (or horseless) carriage” – defining something new in terms rooted in the past. At some point, people understood that automobiles were something quite different and warranted a new word to describe them.

Lacking a better word, the term firewall is being applied to anything that implements security policy at any layer. For example, Web Application Firewalls, Application firewalls, XML firewalls, Database firewalls, SOA firewalls, Memory Firewalls (remember Determina?) and so on. I’m not sure that adds clarity either except the word firewall becomes shorthand for pretty much anything that implements a security policy.

At some point, aren’t the capabilities of emerging context-aware and adaptive security policy enforcement points different enough that we use another term that more accurately describes what they are?

Category: next-generation-security-infrastructure  virtualization-security  

Tags: adaptive-security-infrastucture  next-generation-data-center  next-generation-security-infrastructure  virtualization-security  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on It’s Time to Retire the Term Firewalls

  1. The term “firewall” was always a misnomer lifted from construction. In a real firewall, NOTHING is allowed to pass. You can’t even poke a hole in a firewall for a sensible thing such as a fire alarm wire or a sprinkler system pipe. The idea of using the term for something that is more like a customs check at the US/Canadian border has long annoyed me. It also makes it sound much more secure than it usually is configured to be– many so-called “firewalls” are more like traffic agents furiously waving vehicles past just to keep things moving. I am all for a new term.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.