[samus]

> Every application on its own micro-segment with access control up to the application layer to restrict all forms of access beyond the bare minimum of what is required.

I hope for the operator team that they have good tool support to help administer all the access controls. Over time and across large organisations there are going to be a lot.

The even larger challenge must be auditing all these access controls. Services change, and if a connection is not required anymore, it should be painless for its operators to get rid of the corresponding access control.