You are responsible for a new microservices platform that will expose customer-facing APIs and internal service-to-service calls. The services share sensitive operational data and a few workflows cross multiple trust boundaries, including external clients, internal services, and background workers. A recent design review raised concerns about lateral movement, unauthorized service calls, and weak observability during failures.
How would you design the microservices architecture so that identity, authorization, encryption, and logging are enforced across service boundaries? Explain the trade-offs you would make for availability versus fail-closed behavior when a dependency, policy engine, or identity system is unavailable.