Hook
Assume breach.
Problem
Implicit trust between services and teams creates broad access. When one component is compromised, the blast radius can be large.
Why it matters
Explicit trust reduces exposure and limits damage. It also creates clearer ownership and better auditability.
Signals you are here
- Shared credentials across services
- Flat networks with broad access
- Limited audit logs for access changes
- Services can call each other without authentication
Anti-patterns
- Shared admin accounts
- No rotation or review of permissions
- Implicit trust inside the perimeter
- Unrestricted service-to-service calls
Try this
- Apply least privilege to all access
- Use mutual TLS or signed tokens for service calls
- Audit and review permissions regularly
- Segment networks by trust level
- Enforce default-deny service-to-service policy at the mesh or firewall layer
- Log and alert on access changes
Example
A team introduced service identities with scoped permissions. When one service was compromised, the attacker could not access unrelated systems.
Reflection prompt
Which service has broader access than it needs? Reduce it this week.
More like this
Heuristic
Fail Closed, Log Everything, Recover Gracefully
Safe failure beats quiet failure.
ReliabilitySecuritySecurity
Heuristic
Know What You Have
Inventory before security.
SecuritySecurity
Heuristic
Secrets Decay Faster Than Code
Secrets should expire.
SecuritySecurity
Heuristic
Shift Security Left
Secure by default, not by exception.
SecurityReliabilitySecurity
