The topic of information security has gained more and more space in discussions promoted by the technology teams of companies, especially after the recent attacks, which have generated impacts with worldwide proportions. Regardless of the negative side of the attacks, the coverage by the media without technical criteria plays an important role generating visibility for the issue.
Soon after these attacks, it is common for managers or owners of smaller companies, or with little maturity on the subject, to question their technology departments about the topic of information security, including the existence of tools to prevent or minimize attacks.
The move generated by the last incident, named Wanna Cry, helped companies rethink their structures and evaluate investments in security. Unfortunately, however, investment priorities suddenly change as incidents are forgotten.
With the reduction of security investment priority, many companies and/or professionals seek alternative solutions that allow the application of a layer of protection over corporate data. Under these circumstances, the search for free alternatives to the security of their environments is common, regardless of the limitations these solutions may offer.
There are several free firewallsavailable in the market, including some with relative quality. Using a free firewallis always more appropriate than having no other type of protection in the environment. Even so, there are some points to be considered before defining these products as a security asset in companies. Continue reading the post and check the main aspects associated with using a free firewallin an enterprise environment.
Free solutions can be offered by specialized partners or managed entirely by the company’s technology team, without intervention of a third party. In both cases, there is still reliance on support offered by the product developer community, usually through forums, email lists and the like. In this sense, it is worth noting that there are no guarantees associated with problem solving (bugs).
Therefore, it is important to understand the criticality of the business and to evaluate the capacity/experience of the professionals involved in the solution operation, avoiding that the “free” part end up causing serious inconvenience to the company.
As much as manufacturers of free solutions offer professional support and upgrade packages, usually the teams involved are based out of the country and this usually leads to a difficulty in the process of communication and maintenance of the service.
Local suppliers, qualified to offer professional support to these solutions, can be a good choice for companies that decide to invest in this product line. However thorough the level of support is, the competence for bug fixes is associated with the community responsible for maintaining the project.
When it comes to security, updating products is a fundamental point. Not only for corrections, but also especially for the insertion of improvements. Because there is no formal relationship between the user and the manufacturer, the frequency of updates may not satisfy the customer.
People, or small group of people, who give continuity to the project sporadically, maintains many free solutions. Others, differently, maintain this model as the main activity and are remunerated through contracts and professional services.
In most gratuitous uses, there is no contract that establishes rights and duties between the parties. This may not make a difference as long as everything works fine, but it can be a problem in cases where security incidents occur, generating significant business damage.
The free firewallmodality can pose a great risk to many businesses because there is no technological dominance of the solution, nor a formal relationship between the parties.
Because the firewall positions itself strategically in a security architecture, where all or a large part of the traffic is tapered, this can pose an unnecessary risk to the organization.
Although it is not common to record events of this type, it is a valid care, depending on the type of business and information carried through the corporate network. So, before you decide on a free firewall, be aware that value is not price. Information security cannot be treated as a closed package, responsible for solving organizational problems associated with security, productivity and availability.
Security can be a highly complex process depending on the type of organization and therefore it must be handled by companies and trained professionals.
Regardless of product, free or not, knowledge of information security is a fundamental step for the success of the organization, so, make the best decision by analyzing the business context and the possible impacts and in case of doubts, seek help from companies and qualified professionals.