You are responsible for a platform that is being split from a single application into multiple services running in Kubernetes. The new design includes public APIs, internal service-to-service calls, asynchronous jobs, and shared data stores for model metadata and customer-facing workloads. As the number of services grows, teams want faster independent deployments, but you are concerned about identity sprawl, secret distribution, lateral movement, and weak observability across service boundaries.
How would you design the microservices architecture so it is secure by default while still supporting team autonomy and operational reliability? Explain the trust boundaries, the controls you would put in place, and how you would detect and respond when one service is compromised.