Executive summary Enterprise cloud deployments often deploy expensive next-generation firewalls for all network security, including internal virtual private cloud (VPC) traffic, without considering the significant cost overhead this creates.  For most intra-VPC communication scenarios, native security groups deliver equivalent Layer 4 protection at 70% to 80% lower cost, while providing better performance and simpler operations.  This blog post shows why firewalls should be reserved for specific deep packet inspection needs, while more granular internal network segmentation can be achieved far more efficiently through cloud native controls. The problem of overengineered internal security Why internal traffic control matters Today's applications are a web of microservices and containers, constantly communicating with shared databases and serverless functions inside the cloud. This intense east-west traffic is the lifeblood of modern IT architectures.…