Information on multi-cloud networking, cloud network platform, cloud networking, cloud network security, cloud network operations
Issue link: https://aviatrix.com/resources/i/1422671
AVIATRIX VALIDATED DESIGN Operationalizing Trusted Internet Connection (TIC) 3.0 in Public Cloud Overview All US federal agencies mandate strict cybersecurity policies to protect IT (Information Technology) infrastructure and data across federal office environments. Trusted Internet Connection (TIC) 3.0 has been developed to remove the requirement of ingress/egress traffic to hairpin on‐prem and instead operate in the cloud. This provides secure Internet connectivity to federal agency workloads that include any environment used for web browsing (Web), DMZ use‐cases, or data exchange between on‐ premises and any cloud‐related footprint. The Aviatrix cloud networking platform is authorized to operate as a cloud‐based TIC 3.0 Policy Enforcement Point (PEP) and delivers the need for secure ingress/egress Internet access. Federal agencies and enterprises partner with Aviatrix, which provides enterprise‐class networking, security, and multi‐cloud optionality. This document summarizes the current TIC design challenges and the Aviatrix‐validated design that meets TIC 3.0 requirements by providing an optimal and secure path to the Internet with visibility and troubleshooting tools. Native Cloud Networking Design and Challenges for TIC 3.0 TIC 3.0 presents several challenges for federal cloud deployments because of the following high‐level requirements: Manage authorized users' access to privileged functions and information with auditability of all activities Block ingress/egress traffic from unidentified sources Allow traffic only from known proxy servers Ability to isolate departments within an organization and configure specific security policies for each department Control and visibility of traffic flows and security policy rules End‐to‐end encryption to protect the confidentiality and integrity of transmitted information Alert and notification systems to immediately detect, identify, and report any threat Native constructs of major cloud service providers (CSPs) fall short of providing enterprise‐grade features required to address the above requirements for reasons that include the following: Government cloud (Gov Cloud) environments protect intra‐cloud communication between applications, hosts, and workloads to fulfill TIC 3.0 requirements. Since Internet connectivity is blocked in Gov Cloud, for any ingress/egress communication, traffic must backhaul to on‐prem firewalls via a private circuit (direct connect/express route/fabric interconnect) for Internet access Government agencies and enterprises are required to provide full segregation of the resources between the environments or departments, but there is no native solution that provides end‐to‐end multi‐cloud segmentation