Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) are virtual firewalls in the cloud designed to protect your cloud infrastructure, but not specifically your remote users or network perimeter.
With IaaS/PaaS, your organization is “renting” the infrastructure from the service provider you have selected, where you create, provision, and manage your own virtual servers. You can use these servers for storage, applications, and more. In this environment, you need to protect these hosted offerings from malicious traffic or attacks, in addition to protecting them from other servers or insiders attempting to take control of a cloud–hosted server.
It is important to mention that virtual firewalls may also be used in your data center beyond just in the cloud. Just like we discussed with building your own servers, most vendors provide a product with a license option for IaaS/PaaS, and may or may not contain the same functions and features of the on-premise NGFW offering. This allows you to host that NGFW, either as a pre-provided virtual machine or run on an existing virtual machine. Do not be misled, the virtualized firewall has plenty of functions and features if you want to protect a grouping of servers or specific server with micro segmentation, but the configuration of these rules or policy relies on your team. Even if basic IaaS or PaaS offerings are allocated by the service provider you have selected, it is in your best interest to install and manage your own firewall to protect your hosted applications and the servers they reside on.