During a security assessment, you identify that multiple VMs require public IP addresses to communicate with external sites as part of normal business operations. What should you recommend to minimize the reliance on public IP addresses for these VMs?