I'm looking at using an ASA 5520 for the database of an ecommerce site. According to End-of-Sale and End-of-Life Announcement for the Cisco ASA 5520 Adaptive Security Appliance, this product is currently in the middle of a series of end of life dates (spanning 3/2013 to 9/2018). How long can I safely use this firewall and what risks am I taking if I choose this product? It may be worth noting that the firewall is managed by one of the major cloud server companies, (so, presumably, they have already acquired the soon-to-be expiring service contracts).
The risks you're taking should covered by the service level agreement you have with that major cloud server company.
Are you getting "a managed firewall" with certain capabilities, where a model is an indication of those capabilities and depending on the SLA the service provider is responsible for the configuration, maintenance and life cycle management? Or are you just renting a piece of kit where nearly all operational responsibility is yours?
After your comment that you're getting a managed firewall service:
At this stage of the product life cycle new units are no longer sold, but the product is still supported by Cisco for existing users. You maybe a new user of the service, but the service provider probably is an existing user of the product and fully covered. I can appreciate their business case to have standardised on a single or very limited number of products.
Again your SLA should have some indication on life-cycle management and otherwise simply ask the provider. As long as they pay for the service Cisco will provide support until 2018, so not much to worry about yet.
In theory your only concern should be if the specifications of the service meet your needs and possibly the upgrade scenario if/when your needs change significantly.