An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements.
The organization has three environments: development, testing, and production.
These environments have interdependencies but must remain relatively segmented.
Which of the following methods would BEST secure the company's infrastructure and be the simplest to manage and maintain?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The organization is moving its infrastructure to the cloud in order to meet budgetary constraints and reduce staffing requirements. The organization has three different environments - development, testing, and production - which have interdependencies but must remain relatively segmented. The goal is to find the method that will best secure the company's infrastructure while also being the simplest to manage and maintain.
Option A suggests creating three separate cloud accounts for each environment, and then configuring account peering and security rules to allow access to and from each environment. This approach could potentially work, but it may be overly complicated and difficult to manage. Additionally, configuring account peering between different cloud accounts can be complex and require additional time and resources.
Option B suggests creating one cloud account with one Virtual Private Cloud (VPC) for all environments, and then purchasing a virtual firewall to create granular security rules. This approach has the potential to be simpler and easier to manage than Option A, but it still requires significant resources and expertise to manage the virtual firewall and ensure that the security rules are correctly implemented.
Option C suggests creating one cloud account and three separate VPCs for each environment, and then creating security rules to allow access to and from each environment. This approach may be the best option, as it allows for segmentation of the different environments while still allowing for easy management and maintenance. Additionally, creating security rules within a single cloud account is typically easier than configuring account peering between multiple cloud accounts.
Option D suggests creating three separate cloud accounts for each environment and a single core account for network services, and then routing all traffic through the core account. This approach may be overly complex and could potentially create additional points of failure in the network. Additionally, routing all traffic through a single account may result in performance issues or other complications.
In summary, option C - creating one cloud account and three separate VPCs for each environment and creating security rules to allow access to and from each environment - is likely the best option. This approach allows for easy management and maintenance while also providing the necessary segmentation to ensure security and compliance.