You own a customer-facing application that currently runs as a single deployable service behind an API gateway and talks to one primary database. The team wants to split it into microservices to speed up delivery, but the system handles sensitive customer and payment-adjacent data, and your current controls are mostly designed around a single trust boundary. Recent incidents have included hard-to-trace authorization bugs and weak service credentials shared across internal components. You need to decide whether to keep the monolith, decompose it, or take an intermediate path.
How would you evaluate the security and infrastructure trade-offs between staying with the monolith and moving to microservices, and what architecture would you recommend? Be explicit about the threats that change with each model, the controls you would add, and how you would verify the design is working in production.