Ask HN: Should DEV and PROD environments be segmented?
I am experiencing dissonance between developers, security, and infrastructure teams on the topic of whether to do network layer segmentation for DEV and PROD environments.
Security and Infra folks say yes and want firewalls between the environments with different levels of change control.
Developers say no and argue that different VMs/containers are sufficient and don't see value in having firewalls between DEV and PROD.
I see value on both sides of this argument but would love to know what others are doing here.
3 comments
[ 3.0 ms ] story [ 25.1 ms ] threadPattern 1: * DEV VLANs + DEV Subnets * PROD VLANSs + PROD Subnets * Firewalls between DEV and PROD subnets at network layer - firewall rules implemented by separate net/sec team
Pattern 2: * DEV VLANs + DEV Subnets * PROD VLANSs + PROD Subnets * Firewalls implemented through Security Groups (cloud based platforms) - firewall rules delegated to product teams
I would be interested to see what other patterns teams are using and how security and operations protections are achieved.
Same rules don't apply in dev and are counter productive there.