Question

How to connect components of a cloud application architecture without unnecessarily exposing them to the internet?

Context

Cloud applications often consist of public endpoints (APIs or web front ends) and a back-end infrastructure. The back-end infrastructure needs to be made unavailable from the outside world in order to reduce the attack surface.

Solution

The SaaS application and the end-point should be running in the virtual network, which protected the communication between application and end-point from exposing to the Internet.

References

What Is a Virtual Network? - www.sdxcentral.com

Secure Architecture Navigation