Enterprise networks build DMZ zones on the perimeter of their networks because of history. Firewalls had to be physical devices, and the “best and only path” basis of IP routing means that DMZ have limited flexibility (actually, none).
Over time, DMZs became a security blanket. Just put everything behind the DMZ and it will be safe. And the technology used in the DZM become increasingly complex, expensive and difficult to operate as it attempts to add security to insecure applications.
Adrian Cockcroft coined the term “security blanket failure” as “Insecure applications hidden behind firewalls make you feel safe until the breach happens…”
Which is perfectly correct. The Enterprise DMZ provides little real security today and it is an obsolete design concept. Its like a security blanket that you give to your kids to make them feel secure.