A financial services company is migrating its on-premises data center to a public cloud IaaS environment. During the transition, the security team must ensure that the same network segmentation and firewall rules are maintained. Which of the following is the BEST approach to replicate the on-premises network security controls in the cloud?
Trap 1: Configure a site-to-site VPN between on-premises and cloud to…
A VPN provides encrypted connectivity but does not enforce internal segmentation.
Trap 2: Implement an intrusion detection and prevention system (IDPS) to…
An IDPS detects/mitigates threats but does not provide network segmentation.
Trap 3: Deploy a software-defined WAN (SD-WAN) to manage network traffic…
SD-WAN optimizes WAN connectivity, not internal network segmentation.
- A
Configure a site-to-site VPN between on-premises and cloud to extend the existing network.
Why wrong: A VPN provides encrypted connectivity but does not enforce internal segmentation.
- B
Use virtual private clouds (VPCs) with subnets and security groups to enforce segmentation and firewall rules.
VPCs and security groups directly replicate network segmentation and firewall controls.
- C
Implement an intrusion detection and prevention system (IDPS) to monitor traffic.
Why wrong: An IDPS detects/mitigates threats but does not provide network segmentation.
- D
Deploy a software-defined WAN (SD-WAN) to manage network traffic between cloud resources.
Why wrong: SD-WAN optimizes WAN connectivity, not internal network segmentation.