First, what is a firewall? Put simply, a firewall is a device that inspects the information coming into and (in some cases) out of your office computers. The firewall examines the information, compares it to a set of pre-established rules, and either allows the information to continue flowing or stops any data that violate the rules. Firewalls can be either software based or hardware based.
A software firewall is a program that runs on your computer similar to an antivirus or anti-malware program. The firewall software looks at the data being sent and received by the computer on which it’s installed and makes the “good / bad” determination right there at the computer level.
The benefit of a software firewall is that it can adapt to your specific computer, your specific usage patterns, and the specific program that’s running on your computer at this moment. For example, you may need different firewall rules when you’re playing a computer game versus when you’re doing research on some shady internet topic.
The downside of software firewalls are that they have to run on each and every computer on a network—they each have to be individually purchased, configured, and maintained. Also, a user could disable the software firewall if he or she knew what they were doing. Additionally, software firewalls cannot be installed on network attached devices such as printers, security cameras, and other potentially vulnerable devices.
A hardware firewall is a physical computer-like device that is plugged in and sits between your internal office network and the outside internet. In your home, you might have a wireless router attached in this manner. In fact, many consumer grade wireless routers have a built-in firewall application. The consumer grade version is far less capable and robust than that needed for a business application, however.
The benefit of a hardware firewall is that there is only one device to buy and configure…and it protects everything on the network all at once. Also, a hardware firewall can examine much more data much more quickly because it is a dedicated unit and is not competing for computer resources like a software based solution would have to do.
The downside of a hardware firewall is the technical expertise required to install and maintain it. Hardware firewalls can be much more robust units and therefore require some level of I.T. skill to properly configure. Also, the firewall will require regular updates to the firmware (the software running inside the firewall) to patch security holes and take advantage of the latest technologies. Unlike your computer, a hardware firewall will not notify you when it requires an upgrade. Fortunately, there are many companies that specialize in managed network security that will gladly assist with this part.
Do We Need a Firewall?
If your company processes credit cards or in any other way collects customer information then yes, absolutely, without a doubt you need a robust firewall solution—it’s the #1 rule in the PCI compliance requirements. If your company has proprietary internal data that you do not want getting out in the open then, yes, you need a firewall. In fact, the only company I can think of that doesn’t need a firewall is one which has no secrets, no confidential or proprietary information, and stores absolutely no client data…and I can’t think of a single company that fits into that category.