If your systems have a local firewall, services are jailed, OS is patched, etc. then direct access to it is not dangerous.
Somewhere we decided to accept crap system and device security as normal because oh we'll just firewall it. That was never a good idea but the more cloud connected things we deploy it becomes completely untenable.
Large corporate networks are already hostile territory due to BYOD. The only way to maintain the firewall as anything other than security theater is to lock everything down so much that nobody can get anything done.
The whole approach is braindead. We don't see how stupid it is because it's grandfathered in.
Somewhere we decided to accept crap system and device security as normal because oh we'll just firewall it. That was never a good idea but the more cloud connected things we deploy it becomes completely untenable.
Large corporate networks are already hostile territory due to BYOD. The only way to maintain the firewall as anything other than security theater is to lock everything down so much that nobody can get anything done.
The whole approach is braindead. We don't see how stupid it is because it's grandfathered in.