Source Aviatrix

In the traditional on-premise era, enterprises owned the underlying infrastructure and had layers of security built into their network architecture. Because of this layered security model, they could centrally define security mechanisms to control the internet egress traffic effectively. However, in public cloud environments, things work differently. The networks and the workloads in public clouds are either directly exposed to the internet, or they are just one hop away from the internet. Hence, it becomes extremely important to look in-depth into how we can effectively secure our workloads and control internet egress traffic.

Typical enterprise cloud deployments often have workloads spread across multiple networks (e.g., VPC/VNET/VCN). Depending upon the cloud platform that you are using, your workloads may have access to the internet by default, or they may be one hop away from the internet. So, if you do not have a robust mechanism to effectively control internet egress traffic, it can have serious repercussions. For example, without an effective egress traffic control mechanism, it may get difficult to keep track of destinations that workloads access on the internet. This information is important and is required to log and document for multiple reasons. One of the most common cases is cloud workloads that are subject to corporate or regulatory compliance, such as PCI or HIPAA. The solution is to secure the applications by controlling what they can access on the internet to prevent unauthorised access or attacks on these applications.

To learn more about the importance of egress security, read the full article here.