Stop Trying to Make Firewalls Happen: What IT Can Learn from Tesla

When is it necessary to abandon the status quo and create a new one? In cybersecurity, the answer is: right now.

Serial innovator Elon Musk was willing to reject the status quo and build something entirely new. Traditional manufacturers of gas-powered cars have sought to optimise the combustion engine — something they've been doing for more than a century. With Tesla, Musk took a fundamentally different approach. Tesla wouldn't continue to tweak the combustion engine for small performance gains. It wouldn't even have a combustion engine. Something better — an electric motor — would replace it entirely.

Consider this: combustion engines have around 2,000 moving parts. Electric motors have twenty. That's two orders of magnitude fewer parts to install, configure, and maintain — far fewer parts to wear down or require replacement. The electric motor paradigm is elegant in its simplicity.

The same contrast applies to network security

There is a striking parallel between the complexity of legacy security infrastructure and the elegant simplicity of the Zero Trust security model. Castle-and-moat security architectures were designed to protect work performed within the castle walls of a conventional network perimeter. Legacy solutions like firewalls and intrusion prevention systems aimed to keep out the bad guys.

Only now, work is performed outside that network boundary — in the cloud, on the internet, from anywhere. "Simplicity" and "efficiency" no longer apply to traditional security infrastructure technologies, which have become increasingly complex, unwieldy, costly, and difficult to manage. The perimeter that firewalls were designed to protect no longer exists in any meaningful sense.

Yet most organisations continue to invest in patching and extending their legacy security infrastructure, adding more tools, more vendors, more complexity — seeking small gains from a fundamentally broken paradigm. This is the combustion engine approach to security.

Zero Trust is the electric motor

The Zero Trust security model rejects the castle-and-moat status quo. It operates on a simple, powerful principle: never trust, always verify. No user, no device, no connection is implicitly trusted, regardless of whether it originates inside or outside the corporate network. Every request for access is verified. Every connection is authorised contextually. Users have access only to the specific resources they need — nothing more.

This is an elegantly simple path forward. It eliminates the attack surface that legacy perimeter security tried and failed to defend. It removes the implicit trust that attackers exploit when they gain a foothold inside the network. It makes lateral movement impossible by default.

Change is hard, especially radical change. Most organisations choose the easier, safer route: prioritising small enhancements to existing architectures, adding features to augment old products. But just as the combustion engine has a fundamental ceiling on what can be achieved through incremental optimisation, so does legacy perimeter security.

The firewall was designed for a world that no longer exists. It's time to stop trying to make firewalls happen, and start building the security infrastructure that the modern enterprise actually needs.