Firewalls, for the most part, are thought of for keeping the bad guys out of your network. They can also be used to keep your data inside your network.
As networks have evolved from isolated connections of few computers to networks with multiple computers sharing resources and utilizing the Internet, firewalls have been there to help block access from outside the network. While that is one important aspect of what they do, there is another purpose. In today’s world of easy network access combined with high speeds it does not take long for your data to be shipped right out the door. Far too often firewalls are left in their default configuration to allow all connections to the Internet regardless of the protocol. While protocols like HTTP and HTTPS that are used for web browsing are common to let out, others such as those for transferring files such as SSH, SFTP, and Telnet should be blocked entirely or at a minimum configured to only let out specific IP addresses. Furthermore, if specific IP addresses are allowed out on those protocols, the rules in the firewall should be configured to only allow them to connect to specific addresses on the Internet.
In addition, if the network is configured in a manner where the internal data traverses the firewall, access to data within the network from other internal resources can also be limited.
At this point you might be thinking why go to all this trouble to limit connections to outside of the network? The main reason is to keep your data inside where it belongs. For many businesses, the proprietary data that is generated from day-to-day operations is their lifeblood. This data could vary widely based on your business but may include contracts, software, information about internal business operations. The list could go on but losing this data could affect your bottom line if this data were to fall into the wrong hands.
These are just a few examples of how a firewall can be used to provide extra security for your network and help, not only keep the bad guys out, but the good data in.