Mar 26 2024

Higher Education Institutions Are Using Firewall as a Service to Enhance Security

With greater remote access needs, some schools have turned to a cloud-based model for protection.

Cybercriminals are increasingly targeting higher education institutions. Ransomware attacks in the sector, for instance, were up 70 percent in 2023, according to a report from Malwarebytes. And a Sophos survey suggests that the average recovery cost can top $1 million per incident.

In recent years, as cyberattacks have become more nuanced, the firewall technology that colleges and universities use to prevent them has also evolved.

While schools may have once relied primarily on hardware servers that inspected incoming and outgoing network traffic, subsequent next-generation firewalls introduced intrusion prevention, sandboxing and other capabilities.

Today’s Firewall as a Service solutions offer similarly advanced security features via the cloud.

The multilayered defenses offered by FWaaS solutions can help protect colleges and universities against various intrusions, says Michael Goldgof, vice president of product marketing at Barracuda Networks. His company offers a cloud-based firewall product designed to thwart Structured Query Language injections, spyware and other threats.

“Ransomware is huge in the education sector,” Goldgof says. “Generative AI is starting to be used by the threat actors to improve their effectiveness, so we really have to provide the right level of security — which is something you can do with Firewall as a Service.”

Click the banner to learn more about the benefits of a zero-trust security solutions and strategies.


Cloud-Based Configuration Presents Advantages

The structure of FWaaS allows schools to grant contextual access to their networks, Goldgof says, potentially reducing hardware and management costs and the risk of misconfigurations that lead to security breaches.

“It is key to deploy a solution that has central management, setting up policies only once and not for every device,” he says. “You have the ability to know what device the person is using. If someone is connecting from an iPhone, maybe you don’t provide access to as many applications as if they’re connecting from their laptop, setting that security policy to zero-trust access.”

RELATED: Should higher education consider cloud-based VPNs?

In addition to facilitating access provisioning, with a cloud-based framework, Firewall as a Service can allow schools to make adjustments as needed for growth, says Aaron Rose, security architect manager and cybersecurity evangelist in the Office of the CTO at Check Point Software Technologies, whose artificial intelligence–powered security gateway solutions include a cloud-based option.

“We’ve seen universities expanding. They might have outreach programs or satellite locations,” Rose says. “Using Firewall as a Service is going to be much easier if you have multiple campuses. It’s typically a VPN tunnel back into the provider’s cloud — maybe hosted by Amazon Web Services, Microsoft Azure or in their own private cloud — and it can scale based on the organization’s needs.”

Working with an external FWaaS provider may help relieve some operational constraints that higher ed IT teams can experience, says Matthew Leger, research manager for worldwide education digital transformation strategies at IDC Government Insights.

“FWaaS providers focus on the firewall management — updates, patching — so security staff can focus on more pressing security issues,” he says. “It is a tool that frees security staff up to do more high-value work.”

Complementing On-Premises Systems with Firewall as a Service

FWaaS hasn’t eliminated the use of hardware-based traditional and next-generation firewall solutions. In some instances, these might be the best fit for a college or university, says Nirav Shah, vice president of products and solutions at Fortinet, whose cloud-based firewall offering provides threat intelligence and protection.

“Hardware firewalls are a capital expense — a long-term investment. FWaaS is an operational expense because it’s purchased via subscription,” Shah says. “Choosing between FWaaS and a next-generation firewall can come down to an organization’s network infrastructure. If an organization relies on the cloud, it will need a FWaaS offering.”

Source:, “A Shadowed Menace: The Escalation of Web API Cyber Attacks in 2024,” Feb. 28, 2024

Some schools use both physical NGFWs and FWaaS to protect different aspects of their networks, he says.

Barracuda Networks, for instance, can connect cloud-based firewall services to a pre-existing firewall, Goldgof notes.

“There could be hardware sitting in the campus environment in a data center; virtual machines deployed in Microsoft Azure or AWS; or the true FWaaS, which is a Software as a Service implementation,” he says. “We support all of these together. We don’t have to rip and replace what they’ve got.”

Firewall as a Service enables users to securely log in to a school’s network from virtually any location, which proved particularly helpful when remote learning became the norm, notes Rose. Its adaptability and other benefits — coupled with the general move toward as-a-service offerings — could help fuel further FWaaS use in higher education, he says.

“We’ve seen an increase in demand,” Rose says. “With remote education and everyone’s mentality now that they should be able to work or learn from anywhere, we’ll see a lot more of that. After opening that up in 2020, I don’t think we’re going to be able to put the genie back in the lamp.”

insta_photos/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.