During a security assessment of a customer's architecture, you find that several VMs have public IP addresses. Although you recommend removing the public IP addresses, you are informed that these VMs must connect to external sites as part of normal operations. What should you suggest to minimize the need for public IP addresses on your customer's VMs?