You own a Salesforce application built with Lightning Web Components and Apex that exchanges customer data with external platforms over REST and event-driven integrations. A recent review found inconsistent authorization checks in Apex, secrets embedded in integration code paths, and limited visibility into failed or suspicious API activity. The application handles customer profile and case data, and changes are released frequently by multiple developers.
How would you secure this environment end to end, including the LWC-to-Apex path, outbound and inbound integrations, and operational detection? Explain the architecture, the threats you are prioritizing, and how you would verify that the controls actually work in production.