Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Maximize your cloud security with isolation zones | #cloudsecurity | #hacking | #aihp

Keeping your application safe and secure is critical to a successful enterprise. Whether you use cloud-native application architectures or on-premises systems—or anything in between—it’s generally considered that splitting your infrastructure into security zones is a best practice. These zones provide security isolation that keeps your applications and their data safe from outside bad actors. A security breach in one area can be limited to impact only the resources within that one area.

Done correctly, this zone-based isolation process can take a security breach that might otherwise be a massive impact to your application integrity, and turn it into a much smaller problem, perhaps an insignificant breach with minimal impact.

Understanding security zones

While there are many different ways to architect your security zones, one common model is to use three zones. The three zones provide separation between the public internet (public zone) and your internal services and data stores (private zone), inserting an isolation layer (DMZ) between the two. Figure 1 shows how they work together.

cloud isolation zonesIDG

Figure 1. Services in isolation zones.

Users interact with your application from the public internet by accessing services in the public zone. The public zone is exposed and connected to the internet. Services in this zone are exposed directly to the internet and accessible directly from the internet. The services run on servers that are protected via various firewalls, but otherwise receive traffic directly from users out on the external internet.

These public-facing services do as little work as possible, but one of their more important tasks is to regulate and inspect the data received from the external internet to make sure it’s valid and appropriate. These services should filter denial of service (DoS) attacks, bad actor infiltration, and invalid end-user input.

The bulk of the application exists in the private zone. This zone is where the application data is stored as well as the services that access and manipulate the data, and it’s where the bulk of the back end of your application exists. In fact, as much of the application as possible should be in this zone. This zone is the furthest away from the public internet. There are no public-facing servers in this zone. The zone is as isolated from the public internet as much as possible.

Copyright © 2022 IDG Communications, Inc.

Click Here For The Original Source.