Security in the Public Cloud — Roll your own DMZ on AWS, Azure or Google Cloud
Published in
8 min readNov 21, 2018
(Also see — A Poor Man’s DMZ in Azure , A 2 Minute Security Solution on GCP and A Reusable Hub Spoke Design on GCP and Security in the Public Cloud, An Overview)
It’s no secret. Everyone’s moving everything to the cloud.
As they lay the networking infrastructure for their upcoming cloud migration, two areas where companies are most likely to slip up include:
- a) Addressing App Performance Issues BEFORE migrating the app
- b) Creating a security architecture which encompasses inbound and outbound traffic patterns for their myriad apps.
The solution to these two pain points is fairly straightforward, if done up-front.
- Answer a set of questions for each app that you intend to move to the cloud. The output of those set of answers may require remediation of certain apps prior to attempting migration. Failure to fix existing apps prior to migrating them is the number one reason cloud migrations fail.
- Place appropriate security appliances — for both network layer traffic as well as application layer traffic — in an external facing subnet. Then add the specific inbound/outbound rules around your cloud hosted app. One common pattern to emerge will be the Cloud DMZ Pattern.