The proliferation of mobile devices and cloud services is increasing the frequency of corporate communications that bypass traditional firewalls yet still must be protected.

In a traditional office setting where workers access the Internet via hardwired connections to their workstations, traditional perimeter security solutions may do a good job detecting and quarantining malicious traffic. The problem, however, is that we’ve moved away from the traditional computing environment, and many workers are now using mobile devices. Compounding the problem further, cloud-based apps create a direct data flow between the computer and the cloud, which bypasses the local area network and the firewall in the process.

Some organizations try to rectify the problem by implementing virtual private networks (VPNs), which can route traffic directly to perimeter security systems for inspection. The problem is that VPNs often slow down productivity, and an IDG study found that 82 percent of mobile workers don’t always use the VPN.

The bottom line is that a growing security gap is occurring within many companies. For instance, Gartner posits that 25 percent of all corporate data traffic now bypasses perimeter security. Gartner’s research corroborates a more recent study from Dimensional Research, which surveyed more than 600 IT decision makers. A full 83 percent of respondents reported concerns about next-generation firewalls in the cloud.

Why a Cloud-Generation Firewall Is a Must

In response to the mobile and cloud trends, some network security providers have cloud-enabled their firewalls, allowing them to protect traffic moving to, from, and within public cloud services with the same functionality as a physical next-generation firewall and virtual firewall. The firewall can encrypt data so that in the event a hacker steals the data transmission on the way to or from the cloud, it’s unreadable.

The challenge with most cloud-generation firewalls, however, is that their features and functionality vary greatly. For MSPs looking into these solutions, be sure to look for the following capabilities:

Cloud environments are highly dynamic, and a cloud firewall must mirror this reality with elastic security. Additionally, the firewall must work in orchestration with infrastructure-oriented software and tools such as Ansible, Docker, Puppet, SaltStack and Windows PowerShell. A cloud-generation firewall also should provide secure, optimized connectivity with branch-to-cloud SD-WANs (software-defined wide-area networks), which have become the preferred technology choice for connecting branch offices and data centers over vast geographic distances.

A cloud-generation firewall should have tight integration with the leading public cloud management platforms, such as AWS CloudWatch, Azure Security Center, Google Cloud Platform and Microsoft OMS (Operations Management Suite). The firewall also must provide optimized connectivity to the cloud by leveraging platform-specific connectivity such as Azure Express Routes and AWS Direct Connect, while also delivering transport-independent VPN connectivity between locations and clouds. A cloud-generation firewall should also enable cloud deployment models that are loosely coupled and designed to scale elastically. Additionally, it should allow automation and orchestration by integrating with workflow tools through APIs to enable DevSecOps teams.

Unlike traditional next-generation firewalls’ inability to protect cloud environments, cloud-generation firewalls are specifically designed for this task. Even if you have a customer that hasn’t yet made a move to the cloud, it’s wise to invest in solutions that are cloud-ready now and will help them make the transition more smoothly — and safely — when the time comes.

Brian Babineau is Senior Vice President and General Manager for Barracuda MSP. In this role, he is responsible for the company’s managed services business, a dedicated team focused on enabling partners to easily deliver affordable IT solutions to customers.

This guest blog is part of a Channel Futures sponsorship.