We're in a 24x7 PCI business. It evolved from a small 10 user organisation with a small customer base to over 100k customers and 100 staff. Currently we use the same Domain for out business facing servers and our office servers. W We're trying to figure out what security issues there are with this and decide if we should split Domain's into two.. one for staff 'mail & file server etc' and one for production 'web, Api, DB' etc. Below is the rough setup.
Public web server -Non Domain - Public facing - non restricted.
API server - Non Domain - Public facing - restricted
MS SQL DB servers - Outbound only
Mail - Public facing
Files servers - Non-Public facing
PCs and other internal servers live DCs and vCenter servers - Non-Public facing
The CTO would like the production servers (web, api, mobile app, DBs) to be on their own domain and the office (mail, file, vCentre) to be on a new Domain. I'd like to know if there is a real security risk with them being on the same domain that would be mitigate by being on a different one?
The office and server room are fairly secure. All our servers are currently here.
The production servers are currently here but are moving to a data centre very soon. It's highly secure
Please let me know if you need any more info.