Question
How to connect components of a cloud application architecture without unnecessarily exposing them to the internet?
Context
Cloud applications often consist of public endpoints (APIs or web front ends) and a back-end infrastructure. The back-end infrastructure needs to be made unavailable from the outside world in order to reduce the attack surface.
Solution
The SaaS application and the end-point should be running in the virtual network, which protected the communication between application and end-point from exposing to the Internet.
References
What Is a Virtual Network? - www.sdxcentral.com