Speaking to SC Magazine recently, Owen Cole, technical director at F5 for UK, Ireland and Sub-Saharan Africa, said that companies are challenged by the problem of being compliant while using the cloud and are looking to work with a cloud-based firewall.

He said: “You need to understand how the application works and with application delivery control, you understand what is going on and how the parts are used. If you are going to redirect requests to the cloud, users will get a firewall in the cloud and optimise that so that they have control.

“If you see traffic starting to swell and want to send more traffic to the cloud to offload the demand on your network, you want to push that traffic out but have to protect yourself. With an application firewall it gives you the ability to stretch to the cloud with the firewall there.”

Commenting, Amichai Shulman, CTO of Imperva, told SC Magazine that the argument comes down to handling of data and the security of the provider.

He said: “With the hosting of applications, you either get them to provide a service with a web application firewall and then you cover yourself, or you can give the responsibility to the hosting company. It is about requirements like managing the environment and using a set of capabilities that need to go in.

“Another option is if you are hosting with someone too small who does not want to do security. Solutions are emerging in that area. Alternatively with the public cloud, you move the firewall on top of the platform. We have a virtual application and with the public cloud we are going there. We have not seen too much demand for it yet and the belief is that it will have to be coupled with a system but with management services around it.

“With application security in the cloud, solutions are there and organisations can accelerate their adoption of technology without giving up on security. You need to make sure the host only accepts traffic from firewall and need to make sure traffic comes from web application. It is technical but companies are doing Security-as-a-Service. The problem is in the architecture, but I know of three companies who offer a better solution for the web application firewall.”