The system I am working on primarily use Google App Engine for my main web app and Amazon Cloudfront/S3 for hosting static data.
Now as an audit exercise this question is out to me:
Are the internet facing components of the service hosted in a separate network zone (DMZ) protected by firewalls?
I am not sure what is the best way to answer this question because Google and Amazon may or may not have deployed a DMZ.
My questions:
Where can I find out the DMZ information form the vendors to answer this question?
Is it applicable for me to answer this kind of questions? I don't think as a platform user I am able to answer questions regarding the network partition/topology on behalf of these organisations. If not, how would you formulate an answer?