You are redesigning a backend from a small set of services into a larger microservices architecture that serves web application traffic, background jobs, and internal APIs. The platform will run on Kubernetes, use asynchronous messaging between services, and store user account data, OAuth tokens, and analytics metadata. The main concern is that service sprawl will increase the attack surface, make authorization inconsistent, and create weak points around secrets, east-west traffic, and third-party dependencies. You need an architecture that can scale without treating the cluster network as a trusted boundary.
Describe how you would design the microservices architecture so that service-to-service communication, secrets handling, authorization, and operational controls remain secure as the system grows. Explain the trade-offs you would make, the threats you are prioritizing, and how you would verify the controls actually work in production.
Zero-trust service-to-service architectureRisk assessment across trust boundaries and dependenciesSecurity trade-offs in platform choicesOperational verification, monitoring, and failure handling