The traditional firewall is dead or at the very least dying.
Cloud and hybrid environments, mobile access, and online applications have made it all but obsolete, experts say, and data center operators should be looking at replacing their firewalls with more granular security technologies.
Applications and data used to live in data centers and be delivered from there to employees who were themselves on a corporate network.
"Even when off-site, they were VPNing into the network," said Michael Beesley, CTO at Skyport Systems.
That's not true anymore. Today, applications can live in cloud and hybrid environments or be delivered via websites by external services providers. Employees and customers access them, often via the web, from wherever they happen to be.
That means the firewall can't see what's going on, where the connections are coming from, or where they're going, while the IP addresses change all the time or are obscured by content delivery networks like CloudFlare.
"The firewall becomes blind," he said.
Meanwhile, the traffic that used to be distributed among many different ports is now all concentrated on port 80 and 443.
"I think we're approaching a tipping point where out of necessity enterprises are going to adopt a different approach with regard to how they secure themselves," Beesley said. "The empirical data is that in a hybrid environment the firewalls are not doing their job. Infrastructure needs to evolve to a zero-trust environment rather than trying to secure it from a networking point of view."
Then there's the encryption issue.
According to Google, 79 percent of traffic in the Chrome browser is currently encrypted.
"The browser is what killed the firewall," said Ryan Spanier, director of research at Kudelski Security. "Because you had clients asking for things on the internet, and the firewall wouldn't stop a thing."
With encrypted traffic, all the firewall knows is the source and the destination of the traffic, and now that everything is in the cloud, even that doesn't tell you much. "There's not a lot of room for the firewall anymore," he said.
According to a survey released this month by network security vendor Ixia, 88 percent of respondents said they experienced a business-related issue from a lack of visibility into public cloud data traffic.
Finally, there’s the transformation of application development. Enterprises have moved from running applications on dedicated servers to virtual machines to containers, each time dramatically increasing the number of endpoints that need to be protected while simultaneously accelerating the rate at which new ones are spun up and shut down.