For quite a few years I have been using a very robust and detailed framework in support of infrastructure security and inter-communication, especially in the space of networking, following the model:<p>- network trust classification (e.g. untrusted, semi-trusted, trusted, secure, mgmt, etc.)<p>- logical network security models<p>- network security zone matrix definitions ( ("who and how is allowed to talk to whom")<p>- subnetworks/detailed security segregation (of the above),<p>which I then translated in security architectures, solutions, product choices and placement, security controls definitions and rules for such, but I am wondering how relevant and useful (effort to security posture increase worthiness) this structured and fairly complicated approach still is, in the world of "all in the cloud", IaaS, PaaS, w/containers & VMs w/policy based InfraAsCode.