Moving up the stack, our security posture changes. The concepts stay the same, but the posture changes. The concepts of least privilege, limited access, etc. all apply. How we implement those controls changes. In the past, we could rely on a firewall at the edge. Yet, as we move up the stack, the edge has disappeared. When we move into microservices and containers, the edge gets blurred. So, where do we put our security controls? Do we rely on distributed firewalls or microsegmentation, or do we need something new?