You are responsible for a backend that handles customer orders, payments, and internal admin actions. The team is deciding whether to keep a single monolith or split the system into microservices, and the security review has become a blocker because the current design mixes sensitive payment logic with less trusted admin workflows. You need to recommend an architecture that reduces blast radius without creating new identity, network, and secrets-management risks.