* [Blog](https://www2.paloaltonetworks.com/blog)
* [Network Security](https://www2.paloaltonetworks.com/blog/network-security/)
* [Cloud NGFW](https://www2.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/)
* The New Security Operatin...

# The New Security Operating Model for Cloud and AI Workloads

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fthe-new-security-operating-model-for-cloud-and-ai-workloads%2F)  
[](https://twitter.com/share?text=The+New+Security+Operating+Model+for+Cloud+and+AI+Workloads&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fthe-new-security-operating-model-for-cloud-and-ai-workloads%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fthe-new-security-operating-model-for-cloud-and-ai-workloads%2F&title=The+New+Security+Operating+Model+for+Cloud+and+AI+Workloads&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/network-security/the-new-security-operating-model-for-cloud-and-ai-workloads/&ts=markdown)  
\[\](mailto:?subject=The New Security Operating Model for Cloud and AI Workloads)  
Link copied  
By [Ashley Delfonso](https://www.paloaltonetworks.com/blog/author/ashley-hood/?ts=markdown "Posts by Ashley Delfonso")  
Jan 09, 2026  
5 minutes  
[Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown)  
[Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown)  
[CLARA](https://www.paloaltonetworks.com/blog/tag/clara/?ts=markdown)  
[Cloud NGFW for AWS](https://www.paloaltonetworks.com/blog/tag/cloud-ngfw-for-aws/?ts=markdown)  
[Cloud NGFW for Azure](https://www.paloaltonetworks.com/blog/tag/cloud-ngfw-for-azure/?ts=markdown)

In the last blog post in this series on the [breaking points of cloud security](https://www.paloaltonetworks.com/blog/network-security/cloud-security-breaking-point-is-your-operating-model-failing/), we explored how fragmented visibility and the limits of native cloud controls have fractured traditional security operations across AWS and Azure environments.

What many organizations are experiencing today is not simply a tooling gap. It is an operating model that can no longer keep pace with how cloud infrastructure actually works.

Modern cloud architectures are distributed by default and workloads scale dynamically across regions. East-west traffic now dominates north-south flows, encryption is pervasive and AI workloads introduce new communication patterns and dependencies that evolve faster than static security controls can adapt.

Security teams are expected to protect environments that were never designed for infrastructure-heavy, manually operated controls. This results in a persistent tension between developer velocity and risk management, where teams feel forced to choose between shipping fast and staying secure.

That trade-off between speed and security isn't inevitable. It is a signal that the operating model itself must evolve.

# From Infrastructure Management to Security Intent

Traditional cloud security models follow a familiar path: Native controls provide baseline protection, and third-party firewalls are added to close visibility and enforcement gaps across AWS and Azure. Over time, this approach introduces more infrastructure to deploy, more policies to manage and more operational overhead to absorb.

As environments scale, the model breaks under its own weight.

A managed [firewall as a service (FWaaS)](https://www.paloaltonetworks.com/cyberpedia/what-is-firewall-as-a-service) approach represents a fundamental shift away from infrastructure management and toward security intent. Instead of building, patching, scaling and operating firewall infrastructure, security teams focus on defining what must be protected and how to protect it.

Cloud NGFW from Palo Alto Networks is built natively in partnership with [AWS](https://www.paloaltonetworks.com/network-security/cloud-ngfw) and [Azure](https://www.paloaltonetworks.com/network-security/cloud-ngfw-for-azure) and delivered as a fully managed service. This is not a virtual appliance repackaged for the cloud. It is designed from the ground up for environments where scale, availability and continuous change are constants.

The outcome is a centralized control plane across AWS and Azure that enables consistent security enforcement without introducing additional operational burden.

# Secure: AI-Powered Protection for AWS and Azure Workloads

In modern cloud environments, attackers are no longer waiting outside a single perimeter. They move laterally across [virtual private clouds (VPCs)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-transit-virtual-private-cloud) and VNets, blend into encrypted traffic, and exploit gaps between basic network controls and application-layer visibility.

Native cloud firewalls typically focus on Layer 3 and Layer 4 inspection. While effective for segmentation and routing-level enforcement, they lack the context required to detect sophisticated threats hidden within application traffic and east-west flows across AWS and Azure workloads. To compensate, organizations deploy additional tools, increasing complexity without achieving proportional security gains.

Cloud NGFW delivers inline, AI-powered threat prevention designed for these modern traffic patterns. It continuously learns from real-time signals across Palo Alto Networks' threat intelligence ecosystem to detect and block emerging threats, stopping billions of attacks every day.

This continuous learning loop enables Cloud NGFW to identify unknown malware, command-and-control activity and evasive zero-day exploits that traditional controls miss. The result is a security foundation capable of protecting modern cloud and AI workloads running at scale across AWS and Azure.

And with a [99.99% uptime SLA](https://www.paloaltonetworks.com/resources/ebooks/cloud-ngfw-99-uptime-always-on-protection), organizations can rely on consistent, enterprise-grade protection without compromising availability or performance.

# Simplify: Eliminating Operational Overhead with Managed FWaaS

Cloud security should not require constant firefighting. Yet many security teams spend more time patching, scaling and maintaining firewall infrastructure than improving their actual security posture across AWS and Azure.

A managed FWaaS model changes this dynamic.

With Cloud NGFW, Palo Alto Networks handles the underlying infrastructure, software upgrades, patching, scaling and high availability configurations as part of the service. There are no connectors to deploy, no HA pairs to design, and no downtime windows to schedule.

Security teams define policy and intent. Cloud NGFW enforces it consistently.

Organizations adopting this model have seen measurable results. Global service providers have reduced firewall deployment times from days to minutes. Enterprises have eliminated significant portions of manual security tasks, freeing teams to focus on higher-value initiatives that support the business.

This is what a true managed FWaaS looks like. Operational simplicity is not an afterthought but built into the design.

# Scale: Infrastructure-Aware Security That Moves at Cloud Speed

Cloud environments are inherently dynamic. Applications scale automatically. Infrastructure is defined through automation, tags, identities and application context rather than static IP addresses. Security controls must adapt at the same pace.

Traditional firewall models struggle in this reality.

Cloud NGFW is infrastructure-aware by design. It understands and leverages the same native constructs cloud teams use every day across AWS and Azure. New workloads are automatically discovered as they are deployed. Security policies follow applications as they move across regions and environments, without manual updates or tickets.

By aligning security enforcement with DevOps workflows, protection scales without introducing friction. Security becomes part of how cloud environments operate, not a constraint placed on them.

# The Future of the Firewall: Cloud-Native, Intelligent and Managed by Choice

As cloud adoption accelerates and AI workloads reshape architectures, the traditional perimeter has dissolved. The need for control, however, remains.

This is where firewall strategy becomes critical.

A modern security fabric gives organizations flexibility in how they operate. Teams that want to eliminate operational overhead can adopt a fully managed FWaaS for AWS and Azure. Teams that require direct control can deploy self-managed software firewalls with the same AI-powered protection.

Cloud NGFW represents a foundational step in this evolution. It moves organizations beyond legacy operating assumptions and establishes security that aligns with the realities of cloud infrastructure today.

Not to slow innovation down, but to keep pace with it.

# Identify the Risks in Your AWS and Azure Environments

Ready to understand where your organization may be exposed?

[Start with our free, no-obligation Cloud and AI Risk Assessment (CLARA)](https://www.paloaltonetworks.com/network-security/cloud-and-ai-risk-assessment) to identify active gaps and exposures across your AWS and Azure environments. CLARA helps security leaders pinpoint blind spots and prioritize remediation before risk turns into impact.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown)

[#### When the Network Disappears, Security Becomes the Network](https://www2.paloaltonetworks.com/blog/network-security/when-the-network-disappears-security-becomes-the-network/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Cloud Security's Breaking Point: Is Your Operating Model Failing?](https://www2.paloaltonetworks.com/blog/network-security/cloud-security-breaking-point-is-your-operating-model-failing/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown)

[#### Cloud NGFW for Azure by Palo Alto Networks | Scalable FWaaS Security](https://www2.paloaltonetworks.com/blog/network-security/cloud-ngfw-for-azure-by-palo-alto-networks-scalable-fwaas-security/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Cloud NGFW is Essential for AWS \& Azure Cloud Traffic Protection](https://www2.paloaltonetworks.com/blog/network-security/cloud-ngfw-is-essential-for-aws-azure-cloud-traffic-protection/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### From Control to Command: The Future of Multicloud Security](https://www2.paloaltonetworks.com/blog/network-security/from-control-to-command-the-future-of-multicloud-security/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown)

[#### How Secure Are Your AI and Cloud Environments? Just Ask CLARA](https://www2.paloaltonetworks.com/blog/network-security/how-secure-are-your-ai-and-cloud-environments-just-ask-clara/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language