Cloud Firewall offers enhanced cloud security 

In this article you will read about,

• what is behind the new cloud security service,
• what the cloud firewall can be used for
• and how it helps to meet compliance requirements.

Is the cloud secure or insecure? Opinions differ widely on this. The fact is that the cloud – just like traditional on-premises systems - needs suitable security mechanisms to offer an appropriate level of security. With the Cloud Firewall, the Open Telekom Cloud offers a new top security package. With the combination of Cloud Firewall, Host Security Service and Database Security Service, cloud users receive a security package that no other cloud provider in Europe offers. 

A good level of security is particularly important for cloud workloads that support business processes - hardly any company will want services to be unavailable due to cyber attacks. Keyword: resilience. However, resilience is not only a corporate concern, but is also increasingly required by (European and national) directives. One example of this is the new IT Security Act (“systems for attack detection”, Section 8a (1a)).

In case of doubt, cloud users must prove to supervisory authorities that they are taking sufficient care to ensure the security of the cloud systems they use. In addition to the right architecture, this requires security concepts and mechanisms that are mapped using suitable tools. This can be time-consuming.

The cloud provider is responsible for “basic security”. But in the “shared responsibility” concept, the user company must also make a significant contribution to security. Cloud providers such as the Open Telekom Cloud do not leave their users to fend for themselves. They provide a wide range of security tools that can be used natively and easily on the platform. In 2024, for example, we introduced the Host Security Service (HSS). Among other things, it provides intrusion detection features at host level via agents (Host Intrusion Detection System, HIDS), but also protects virtual machines and containers against malware and scans them for vulnerabilities and insecure configurations in the operating system. At the beginning of 2025, the Open Telekom Cloud supplemented the HSS with a Cloud Firewall (CFW) at network level (Network Intrusion Detection System, NIDS). This provides Open Telekom Cloud users with a perfect all-round carefree package for attack detection.

The Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects the Internet perimeter and the VPC perimeter in the cloud through real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit and tracing.

Essentially, the CFW covers three use cases:
 

1. It controls data traffic from the internet to the cloud (north-south traffic)
   As an intrusion prevention system (IPS), the CFW detects malicious data traffic and blocks it before it reaches cloud resources in a user's virtual private cloud.
2. It controls data traffic from the cloud
   With the functionality of the CFW, cloud administrators can prevent their own cloud resources from unauthorized access to external resources (e.g. those classified as dangerous or non-compliant).
3. It monitors data traffic within the cloud (east-west traffic)
   The so-called Inter-VPC access control acts as an internal traffic control system to prevent unauthorized access to other resources within the Open Telekom Cloud.

The CFW is offered cloud-native via the console or API exclusively in a full Professional Edition, which performs all the functions of an intrusion detection system (IDS) or an intrusion prevention system (IPS). There is no limited “basic version”. Specifically, the CFW covers five functionalities: Access control, attack prevention, data traffic analysis, log management and system management.

All functions can be used with default settings or configured individually. The cloud firewall therefore offers maximum flexibility.

The CFW helps users of the Open Telekom Cloud to efficiently control the larger attack surfaces through cloud use. It offers transparency and control and enables compliance requirements such as PCI DSS, HIPAA and GDPR to be met.

With the release of the Cloud Firewall, the Open Telekom Cloud as a European provider offers an exclusive and (in combination with HSS) comprehensive security services package. Thanks to its attack detection functions, the CFW is on a par with the Azure Firewall (Premium), the Google Cloud NGFW (Enterprise) or the AWS Network Firewall (Advanced Inspection Endpoint).