alt Hacker News> East-west security -- traffic between devices within a network -- is enforced by ACL8 zone isolation. Devices communicate only with their designated service gateway. The service gateway communicates only with the designated cloud service. Lateral movement between devices or zones is architecturally prevented by the absence of any permitted route to any other destination.
I must be missing something or misinterpreting that section because if there is no "lateral movement" how do people in an office print a file, access a network drive, connect to the Exchange server? And those are only the most naive scenarios.
Replies
Presumably they pay cloud vendors for cloud printing, cloud storage and cloud groupware, so to send something on the local network they simply send it to the cloud vendor and then download it again. That's what people in our office do. Very helpful for the cloud vendor's profitability.
By using a cloud provider, obviously.
Local networks are too dangerous to be trusted.
If its not going through Azure you shouldn’t be allowed to connect to your peer devices.
(/s. if that is needed).