Local Area Network (LAN) is a basic information technology (IT) infrastructure that has been widely deployed on campuses by all sizes of companies, from as tiny as home offices to as large as blue-chip corporation giants. With many companies distributing their workforces in different locations, the capability of securely connecting LANs among offices in these locations has been a luxury for middle-size or larger enterprises due to the complexity and cost of deploying infrastructures achieving such functionalities. Some companies use Virtual Private Network (VPN) technology to securely connect an enterprise's headquarter (HQ) with its branch offices.
In addition, companies start to move enterprise-level services to cloud computing platforms that are outside of the internal networks of the companies. Although companies still use technologies such as virtual private network (VPN) to benefit from the security of a private network, the role of the networking devices (e.g., firewall devices) starts to shift in consideration of the outside cloud services.
Furthermore, there is a trend for companies to allow employees to use their own devices to work. Such a policy is called bring-your-own-device (BYOD). The company allows the employees to use the BYOD devices to connect to the company network and access privileged corporation information, applications and services.
The BYOD devices and external servers bring new challenges to the firewall system. First, although it is common that each of the corporation devices is registered and therefore identifiable to the firewall system, BYOD devices are rarely registered. It is a challenge for the firewall system to identify the user who uses a BYOD device to access an external service. Second, with increasing popularity of cloud-based online services, it is common that a cloud-based online service has both corporation users and personal users. As a result, it is a challenge for the firewall system to determine whether an access request from a device inside of the company network to access an external server is for a personal purpose or for business purpose benefiting the corporation.