04 Jul The importance of high availability in firewalls for organizations
As digital transformation increasingly come guiding companies to the electronic scenario, dependence on availability is not only a reality of large companies. There are small businesses that are totally internet-oriented and therefore the need for high availability is evident.
It is common for the availability pillar to be ignored within the information security universe. Its meaning is to allow the information to be available to users, devices, authorized entities, whenever necessary, or permitted.
Availability is an important premise for an increasingly digital universe. The stagnant minute is precious for many organizations, and they have the necessary awareness, in most cases, of building highly available environments.
As digital transformation has increasingly been guiding companies to the electronic scenario, dependence on availability is not only a reality of large companies. There are small businesses totally internet-oriented and therefore the need for high availability is evident.
Companies with medium to high complexity infrastructure need to think about high availability in a more granular scenario; smaller companies have a smaller set of assets that need high availability to ensure access to their services, and this is a point of ease, much of which part, or the whole, of the infrastructure is in the cloud.
Given the availability scenario, firewalls are presented in security architectures as a bottleneck in communication, where all the traffic that comes in and out of the Internet is evaluated, released or not. This means that if the firewall solution becomes unavailable, internet access will automatically be cut off.
Many companies invest in alternative communication links so, in case of failure of one of them, it continue to have access to the internet through other service provider. This is a valid strategy, but it is not useful in case of a stoppage of the security device connecting these links. If it stops, all links will automatically stop. Alternatives to bypassing the device endanger the safety of the environment and should not be an option for the company.
The good news is that the cost with high availability of firewallshas been reduced over time, both in terms of hardware investments and in licensing formats, which make the asset-liability model especially flexible. Therefore, the calculation is simple, and usually the investment is quickly returned on the first unavailability.
There are two ways to operate a redundant firewall, or a cluster of high availability of firewalls. The first active/passive model means that at one point only one device responds to all requests.
Other devices are activated, either automatically or manually, only in case of main fall. It is an interesting model and saves some features, especially licensing; but for many cases, where there is a lot of processing, it is not enough.
In this model, all the nodes that comprise the high-availability cluster respond to the requests, and in addition to guaranteeing the continuity of the environment, in the event of any device dropping, they distribute the processing load.
From the investment perspective, they are more expensive scenarios, since it is interesting that the equipment capacity is the same, and in addition, licensing in most suppliers is duplicated.
A hybrid cluster, usually operating in an active/passive format, is the one that uses different platforms of the firewall solution. For example, the active node is a search appliance (physical device) while the backup node is a virtual appliance, running inside some hypervisor.
The model is interesting because it saves resources or allows reuse of equipment that would be discarded to an out of production position, being used only in emergency moments. Many companies are not adherent to this type of practice, but it is an alternative of feasibility in many cases.
Regardless of the model used, it is interesting that companies are properly prepared for the continuity of connectivity, and this should be a relevant item to be addressed in a Business Continuity Plan.
The size of the company is no longer justification for approving budgets to operate on firewalls redundancy models, the more dependent companies become on the availability, the easier to justify the investments associated with this type of project. Still having doubts about high availability of firewalls? Schedule a conversation with our expert!