Move the perimeter to the workload
The corporate VPN is an artifact of an architecture that assumed trust based on IP subnets. Real zero trust models demand that the identity of the user, the health of the device, and the authorization of the process itself are evaluated on every single request.
When deploying microservices, implementing mutual TLS (mTLS) isn't optional; it's the foundation of secure service-to-service dialog.
Fail closed securely
If a policy engine goes down, the default behavior should be a hard deny. Engineers hate this because it breaks uptime metrics, but failing open creates catastrophic lateral movement paths.
- Implement localized policy caching to survive intermittent control-plane failures
- Ensure fail-closed states throw highly visible alerts
- Treat identity revocation as immediately consistent, even globally