A company has a multi-tier web application hosted in an Amazon VPC. They want to implement network segmentation to isolate the web tier from the application tier and the database tier for security purposes. What is the recommended strategy for network segmentation in this scenario?