You are responsible for a public web application that serves authenticated users and handles sensitive healthcare-related data. Traffic has grown enough that a single application tier is no longer sufficient, and you need to introduce load balancing without weakening security or availability. The application runs across multiple instances, depends on backend APIs, and must preserve auditability and session integrity during normal traffic and partial failures.
Explain how you would implement load balancing for this application in a way that improves availability while maintaining strong security controls. Be explicit about the network design, identity and encryption boundaries, the threats you are addressing, and how you would verify the system behaves safely during failures or attacks.