[k__]

Major is a bit harsh.

As far as I know this was only an issue for legacy architectures.

[scarface74]

No. Using an RDMS instead of DynamoDB is not a “legacy” architecture. You also shouldn’t expose your database publicly.

[k__]

RDMS is not legacy, but perimeter security certainly is.

[scarface74]

I’m one of the harshest critics of “lift and shifters” - old school net ops people who get one certificates by watching an ACloudGuru video, duplicate their on prem infrastructure and processes to the cloud and don’t go all in on the advantages of it and end up costing their clients more - but nowhere is it considered “legacy” to not use perimeter security.

[jimmychangas]

Honest question: what, in you opinion, is the state-of-the-art approach? Something like BeyondCorp?

[k__]

I think zero-trust goes into a good direction.

https://www.securityroundtable.org/zero-trust-approach-can-m...

[slovenlyrobot]

There is an entire ecosystem of tooling that will shit itself and wake up half the company if you assign a public IP address in the wrong VPC

Stuff like this is pain in the ass, it was a major problem

[k__]

https://www.securityroundtable.org/security-without-boundari...