Tech
June 8

Key considerations for designing cloud DMZ

This session will delve into the design considerations for DMZ on AWS. We’ll identify some of the capabilities that cloud provides (compared to its traditional on-prem counterpart) allowing architecture to be both self healing and resilient.
Talk abstract

When companies embark on their cloud Journey, they may have a Cloud Center for Enablement that has a Cloud Platform team to provide a secure platform. In AWS, this is inclusive of accounts vended with hardened services along with networking, logging, and a traffic inspection framework in place for consumption by Application teams. 

Consequently, before Application teams can roll out internet facing apps, the underlying requirement of a DMZ pattern delivered has to be met.

While DMZ Architecture has been around in the on-prem space, designing in cloud offers the additional benefit of cloud managed services. This enables every key layer of tech stack to not only have security controls, but also to reduce operational toil and complexity by utilizing Cloud Managed Services such as Gateway Load balancer (GWLB), Web Application Firewall (WAF), and Shield (DDoS protection).

 The three main takeaways from this talk will be:

  1. Understanding traditional DMZ architecture
  2. Design considerations and key AWS services 
  3. DMZ Architecture laid out with highlighted security controls