Issue link: https://insights.oneneck.com/i/1458399
40 Data Center & Hybrid Cloud Security For Dummies, Palo Alto Networks Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. risk. Segmentation also makes compliance and compliance audits easier because you can prevent all but the necessary access to per- sonal information, which protects the data and reduces the scope of audits. In a hybrid cloud environment, there are two different types of traffic, each of which is secured in a different manner (see Figure 3-2): » North–south refers to data packets that move in and out of, as well as between data center, cloud, and WAN environments. North–south traffic is secured by one or more perimeter edge firewalls that control all the traffic into and out of the data center. In on-premises data centers, this is typically a physical firewall, whereas in public cloud environments, a virtual firewall is used. » East–west refers to data packets moving between virtual machines, containers, and application workloads entirely within the data center or cloud environment. East–west traffic is protected by virtualized firewalls instantiated on hypervisors or within container clusters. East–west firewalls are inserted transparently into the application infrastructure, often positioned closest to the actual virtualized workload, and do not necessitate a redesign of the logical topology. FIGURE 3-2: Multi-layered segmentation restricts lateral movement across hybrid cloud environments by attackers.