Modern Network Boundary Protection for Public Cloud Infrastructure
10:00 AM - 10:45 AM

This talk proposes a high-level design and a set of access patterns attempting to cover the use cases where network traffic crosses trust boundaries and access domains and the security controls applied for each use case. The goal of the design is to optimize control effectiveness combined with efficient use of resources and maximum reuse of existing controls based on threat modeling and exposure unique to the organization. This design does not include the complete network and security architecture or the controls within the environment such as VPC Service Controls, VPC firewall rules, network tags, etc. However, it relies on the existence of cloud native controls to minimize exposure and reduce the risk of unauthorized access to resources. It also relies on reuse of common security infrastructure such as ZTA, SASE, EDR. The access patterns we discuss can generally be grouped into four categories - connections initiated internally vs externally into the enterprise public cloud environment, connections initiated by enterprise applications towards external destinations, and connections between applications or services within the public cloud environment.