Every few years someone declares the firewall dead. The logic sounds reasonable: your data lives in the cloud, your staff work from cafes and kitchens, and the office network is half-empty, so why guard a perimeter that barely exists any more? It is a fair question and it deserves an honest answer rather than a sales pitch. The short version: the office firewall as the single wall around everything is genuinely fading, but firewalling as a function is more important than ever. Here is the longer, more useful version.
Why people think the firewall is obsolete
The argument has real merit, so let us state it fairly. The traditional model assumed a clear inside and outside: trusted staff and servers within the office walls, untrusted internet beyond, and a firewall as the guarded gate between them. That model fit a world where work happened in a building and data sat on servers in a cupboard down the corridor.
Almost none of that holds now. Your email, files and business applications are likely in Microsoft 365, Google or other cloud services that your office firewall never sees. Your staff connect to those services directly from home and mobile networks, completely bypassing the office. If the valuables are no longer in the building, guarding the building's front door does start to look like the wrong place to stand.
Why the function never went away
Here is the catch the obituaries skip. "Firewall" describes a job, not a box: inspecting traffic and deciding what is allowed through. That job has not disappeared just because the traffic moved; it has multiplied across more places. You still have offices with networks and connected devices that need protecting. You still have cloud services whose access needs controlling. You still have remote workers whose traffic needs filtering. Every one of those is a place that needs firewalling.
Modern firewalls also do far more than the old port-blocking gatekeepers. They inspect encrypted traffic, identify which application a connection actually belongs to, filter web content, block known-malicious destinations and feed a wider security picture. Calling that obsolete because the office shrank is like calling locks obsolete because you bought a second home. You did not need fewer locks; you need them in more places.
- •'Firewall' is a function, inspecting and controlling traffic, not just a box in the office
- •Offices, cloud services and remote workers each still need that function applied
- •Modern firewalls inspect encrypted traffic and identify applications, not just ports
- •The need did not shrink with the office; it spread to more locations
What replaced the single perimeter
What is genuinely changing is the shape, not the existence, of the wall. Two ideas have taken over. The first is zero trust: instead of trusting anything inside the network by default, you verify every user and device for every request, on the sensible assumption that 'inside' no longer means 'safe'. The second is SASE, which is essentially firewalling and secure access delivered from the cloud, close to wherever your users and applications actually are, rather than hauling all traffic back to one box in head office.
Both are firewalling reimagined for a distributed world, not its abolition. The perimeter did not vanish; it dissolved and reformed around identities and data instead of around a building. We unpack the access side of this in our zero trust service and the move away from old remote-access VPNs in migrating from VPN to ZTNA.
My honest opinion: the question is wrong
After years of watching this debate, I think "do I still need a firewall?" is the wrong question, and asking it leads businesses to dangerous conclusions. The right question is "where does my traffic flow now, and is each path inspected and controlled?" Ask it that way and the answer falls out naturally: yes you still need a firewall at any office, yes you need secure controlled access to your cloud, and yes you need remote users' traffic protected wherever they are.
The businesses that get burned are the ones who hear "the firewall is dead", quietly stop investing in it, and end up with neither a strong perimeter nor a modern distributed model, just gaps. Doing nothing because the old model felt outdated is the genuinely risky move. The firewall did not die; it grew up and moved house.
What this means for your business
Practically, most UK businesses still want a capable firewall at every physical site, because offices remain full of devices, guest networks, printers and the kind of equipment you do not want exposed. On top of that, you want the distributed layer: secure access to cloud applications, protection for remote workers, and ideally a zero-trust approach to who can reach what.
If you are weighing up actual products and where they sit, our deeper best firewall for UK businesses guide compares the options, and our network security service designs the right blend for how your business genuinely works rather than how it worked a decade ago. The goal is coverage of every path, not loyalty to one box.