Quiz Entry - updated: 2026.07.14
Compare monolithic and microservice architectures from a security perspective.
Monoliths are simpler to secure (one auth, one DB) but a breach takes the whole app; microservices isolate the blast radius but add many APIs to harden.
* Monolith simplicity (one breach takes everything) versus microservice isolation (contained blast radius, more APIs to harden). *
The core trade-off is simplicity vs. isolation.
| Aspect | Monolithic | Microservices |
|---|---|---|
| Security model | Simpler — one auth system, one DB | Complex — each service needs controls |
| Attack surface | Smaller | Larger — more APIs, more network traffic |
| Blast radius | Full app compromised | Contained to one service (if properly segmented) |
| Auth | Single system | Service-to-service auth needed (mTLS, service mesh) |
| Secrets | One config | Distributed secrets management |
Key insight: Microservices can be more secure through isolation, but only if each service is properly hardened. Otherwise you just have more attack vectors.
Zero Trust fits naturally with microservices — never assume internal network traffic is safe.
Go deeper:
OWASP Microservices Security Cheat Sheet — service-to-service auth via mTLS and tokens.
Wikipedia — Microservices — the loosely-coupled-services model and its trade-offs versus a monolith.