Organizations around the world have adopted Infrastructure-as-a-Service (IaaS). Some organizations replicate their on-premises environment and design with minor modifications. Others design the solution as cloud-native, using cloud services, platforms, and other unique concepts.

Regardless of how the solution is implemented, the main challenge organizations face is applying the same security measures in the cloud as those used in their existing corporate networks. Organization’s want to ensure their security measures are intact across all environments.

This security blueprint is a conceptual design based on real-world use-cases, deriving from major cloud vendors’ documentations. This best-practices approach allows an organization to use cloud, with its notable benefits (e.g. agility, elasticity, and efficiency), allowing the organization to maintain security controls and visibility and safeguarding the environment’s health.

The architectural concept is based on a “hub and spoke” model. The environment is set up as a system of connections arranged like a wire wheel, where all spokes are connected to a central broker (hub), and all traffic to and from the spokes traverses through a broker (the hub) – most commonly referred to as “transit VPC”. The blueprint recommends two hubs in the same environment to create systematic separation of traffic.