Migrating to the Cloud? Don’t Forget Your Firewalls


When we start using the cloud, it’s up to us to address these risks:

  • Direct attacks from the Internet on resources in the cloud
  • Infiltration of on-prem network from compromised resources in the cloud
  • Attacks on cloud-based workloads from compromised endpoints in the on-prem network


Cloud and firewall providers have been quick to identify this as a market and there is a plethora of virtual network security gear you can deploy including:

  • Built-in network security controls (e.g. Network Security Groups in Azure virtual networks)
  • Cloud firewalls (e.g. Azure Firewall)
  • Network virtual appliances from well-known Next-Gen Firewall vendors offered in cloud marketplaces. This lets you quickly spin-up a traditional NGFW product on a pre-configured VM and you can potentially use the same firewall vendor in the cloud and on-prem.
  • Firewall Infrastructure-as-a-Service offerings like CheckPoint CloudGuard which are delivered and run as part of the cloud infrastructure rather than as a VM


In this webinar, we explore the expanding requirements for network controls (i.e. firewalls) as more workloads are spun up in the cloud and your network infrastructure becomes more dispersed. Here’s a few questions answer:

  • Is cloud network security just a matter of more firewalls or are there nuances specific to cloud workloads?
  • How to spot potential and unintended - Pathways to vulnerable cloud resources, Cross-premise pathways, “worm-holes” into highly secure on-prem resources, Ways to by-pass perimeter boundaries
  • When should you implement multiple tiers to security cloud workloads?
  • When are built-in security features (like Azure Network Security Groups) enough and when do you need more?


We will also discuss the need to keep all this straight, understood, consistent and the configuration accurately reflecting your security intent. Managing all your on-prem firewalls is challenging enough, let alone the cloud.