Security experts say it is painful and expensive to engineer security into an enterprise infrastructure after it has been launched. The most significant challenges include applying proper internal segmentation and proper security monitoring and logging. The biggest hurdle is inspecting both north-south traffic from the Internet and east-west traffic between servers. In a traditional network, fixing this problem is difficult because it could mean making configuration changes to hundreds of networks and switching devices, and potentially verifying patch cords in the data center. DevOps automation tools such as Chef or Puppet can make adjustments to their “recipes””]
Source: https://www.darkreading.com/cloud/recovering-from-bad-decisions-in-the-cloud