Attack Surface is defined as the total number of all possible entry points for unauthorized access into any system. By creating a private overlay network and using it to provide zero trust access to private and public trusted applications reduces attack surface than other strategies which promote exposing the apps to the internet and provide access though an identity proxy solution.
If you expose your application server to the internet you are exposing it to all threats, making it visible to everyone, any kind of device can try and access your service or resource and try to discover and exploit vulnerabilities which results in the points of exposures and attack vectors increase.
For more information visit: https://tinyurl.com/acukjan5