Jun 13 2024

Firewall as a Service Fortifies State and Local Governments in the Cloud

Public sector agencies can access enhanced cybersecurity capabilities with FWaaS.

As state and local governments adopt cloud resources, they need to remain attuned to cyber resilience. To that end, Firewall as a Service can play an important role in defending against cyberattacks.

Within the broader category of Infrastructure as a Service, FWaaS works much like a hardware-based firewall, except that it’s based in the cloud. This approach offers the ability to scale quickly as a network expands and to maintain a solid layer of protection with less hands-on effort.

What Is FWaaS?

FWaaS is a firewall solution delivered as a cloud-based service. This approach provides hyperscale, next-generation firewall capabilities, “including web filtering, advanced threat protection, intrusion prevention system, and Domain Name System security,” says Alexandra Mehat, product marketing director for secure access service edge (SASE) at Fortinet.

“FWaaS is deployed between your network and the internet to inspect traffic entering the network for threats and can help simplify IT infrastructure,” Mehat says, noting that it is a foundational component of SASE, specifically cloud-delivered security services or security service edge (SSE). “FWaaS protects users and endpoints no matter their location.”

Click the banner below to learn ways cyber resilience helps agencies succeed.


FWaaS relocates the functions of a traditional firewall (also known as a security gateway appliance) to the cloud.

“As more organizations adopt cloud services and introduce hybrid cloud environments, the traditional network boundary has moved, and the security perimeter must now be extended into the cloud,” says Micki Boland, cybersecurity architect and evangelist in the Office of the CTO at Check Point Software Technologies.

LEARN MORE: Here is how network security supports remote work.

What Are the Advantages of FWaaS Versus a Traditional Firewall?

Given the architecture underlying the modern IT infrastructure, a cloud-based firewall has several advantages over the conventional gateway appliance.

“When employees of state and local governments access data today, a lot of it is in the cloud. It’s no longer on-premises,” says Mike Goldgof, vice president of product marketing at Barracuda. “FWaaS moves the protection to be closer to the data sources.”

Likewise, “hybrid work is the reality today. We connect from anywhere,” Goldgof says. “In that environment, FWaaS moves the firewall protection as close to the user as possible.”

FWaaS is also more flexible than conventional firewalls. It provides “unified enterprise-class security policy with maximum agility,” Boland says. “Unlike physical firewalls limited by geographic constraints, FWaaS can be deployed anywhere due to its cloud-based nature.”

It also offers simplified deployment and management. Shifting the budget from a capital expenditure to an operational expenditure by using a tool that is virtualized and managed in the cloud “eliminates the complex process of purchasing, deploying and configuring physical firewalls,” she says.

A cloud-based approach offers inherent flexibility in response to ever-changing cybersecurity needs.

“FWaaS allows for flexible scaling of firewall resources based on demand. Unlike traditional firewalls, which often have fixed capacity limitations, FWaaS can dynamically adjust to accommodate changes in network traffic and infrastructure size,” Mehat says.

Compared with conventional firewalls, FWaaS also eases the burden on IT teams, because its vendors “are responsible for ensuring the availability, performance, and security of the firewall infrastructure,” she says. “This includes performing regular updates, patches and maintenance activities to protect against emerging threats and vulnerabilities, relieving organizations of the burden of managing these tasks internally.”

READ MORE: New Jersey’s CTO discusses how hybrid cloud benefits government.

How Does FWaaS Benefit State and Local Government?

For government cybersecurity teams that are already are stretched thin, FWaaS offers a number of key benefits.

Managing conventional firewalls “is very complex. The firewall is there to set rules and policies to protect against certain traffic, and when you have traditional firewalls deployed on-premises, you have to make sure that all of those rules are set the right way for every location,” Goldgof says.

With FWaaS, “you are removing complexity that’s involved with managing firewalls,” he says. “FWaaS is easy to use, easy to manage, with one interface for all the applications. Central management capabilities are key. It’s much easier when everything is in the cloud and is managed once, not a hundred times.”

Alexandra Mehat
FWaaS protects users and endpoints no matter their location.”

Alexandra Mehat Product Marketing Director for Secure Access Service Edge, Fortinet

FWaaS helps address some unique security needs in state and local government, where agencies may span multiple locations, with remote and temporary users, and must remain compliant with data privacy regulations.

“Governments can leverage FWaaS as a part of SASE to protect connections no matter where a user or endpoint is located, and it plays a crucial role in helping organizations achieve and maintain compliance with regulatory requirements,” Mehat says.

“Specifically, FWaaS can help by providing robust security controls, logging and auditing capabilities, and continuous monitoring and reporting functionalities,” she says. “By leveraging FWaaS, organizations can enhance their security posture, mitigate compliance risks and demonstrate adherence to regulatory mandates effectively.”

How Can State and Local Agencies Improve with FWaaS?

FWaaS via SASE “can also help governments stay ahead of increasingly sophisticated cyberattacks and an increasing cybersecurity skills shortage,” Mehat says. “Combining FWaaS with all the SSE components into a single platform, with a single management console, helps alleviate the pressure to hire experts who are trained to use specialized and often disparate solutions that do not work well together.”

FWaaS also helps state and local organizations to meet their budgetary obligations. It “eliminates the need for expensive upfront hardware investments, reducing capital expenditures,” Boland says. “Agencies can instead opt for a subscription-based model, paying only for the services they use.”

With the goal of enhanced cybersecurity in mind, she adds, FWaaS ultimately can help state and local government achieve better outcomes.

“Cloud-based FWaaS solutions often come with advanced threat detection and prevention capabilities, providing state-of-the-art protection against cyberthreats,” she says. Additionally, “FWaaS allows for the enforcement of consistent security policies across the entire network, enhancing overall security posture.”

DISCOVER: Lodi, Calif., built ransomware defenses with multiple solutions.

What Are Best Practices for FWaaS?

For state and local agencies looking to implement FWaaS, experts point to a number of helpful strategies.

First, know what you’re trying to protect. “It’s really important to do some type of security assessment,” Goldgof says. “The firewall technology is there to protect you against cyberattacks, so you need to identify where you might be vulnerable in the first place.”

Agencies can take this even further as they tee up their next-gen firewall efforts. Before implementing FWaaS, “conduct a thorough assessment of your agency’s security requirements, budget constraints and existing infrastructure,” Boland says. “Determine which FWaaS features are essential for meeting your agency’s objectives.”

As you prepare to launch FWaaS, she adds, it makes sense to first ensure you have established rules to guide its operation. “Clearly define your agency’s security policies and requirements before deploying FWaaS,” she says. “Determine which applications, services and protocols should be allowed or blocked, and establish rules for user access and authentication.”

Finally, it’s worth noting that there are a number of FWaaS solutions on the market. Agencies, therefore, should be thoughtful in seeking out the partner that can best support their efforts.

“Select a reputable vendor known for best-in-class security solutions and customer support,” Mehat says. “Another thing to consider is if the vendor has a broad ecosystem of technology integrations with other vendors that might also exist in your IT stack. This will not only ensure seamless compatibility across technologies but also help quickly resolve any issues.”

Once FWaaS is in place, state and local governments can make use of the centralized tools “for unified policy enforcement and simplified administration across all networks and devices,” she says.

By doing so, they will be able to take advantage of this cloud-based approach to elevate their overall cybersecurity effort.

skynesher/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.