September 30, 2010

Are Corporate Firewalls Castle Moats or User Prisons?

Firewalls are essential for security at any business. They are used on all external Internet connections at the Business. Vendors such as Cisco, Juniper, Checkpoint, Fortinet, Sonicwall, Palo Alto networks, etc, today sell hardware firewalls.

Corporate firewalls act as Castle moats keeping the bad guys out but have a side effect in that they also become User Prisons, keeping the good guys locked inside.

From web content to web services, more and more user activity is moving to the Internet. New, useful web services are coming up on a daily basis. Firewalls controlled by the IT staff at the business act as a huge choke point to this activity and create a bureaucratic hurdle in the organization.

The IT staff, not knowing better, blocks access to all new services with the firewall. ‘Protecting’ the users effectively becomes ‘blocking’ them from doing useful work over the Internet. For each new web service, the user has to get approval from the CIO or IT staff, the firewall has to be reprogrammed and only then the user gets access. Depending on the organization, the whole process could take days or weeks. Imagine that!!

Firewall vendors continue to encourage this state of affairs by giving the IT staff even more ‘rules’ to administer.

An alternative often suggested by corporate IT is to move the web services inside the organization behind the firewall. Not only does this create an enormous duplication and waste of resources, it is impractical to do so across the large numbers of new web services that are coming up constantly.

Obviously these kinds of firewalls cannot last in the long run. The firewalls have to not only protect the corporate network but also give freedom to its users to use web services extensively without hurdles.