I wouldn't frame it as decentralization, more like compartmentalization. You harden your systems to prevent horizontal movement between services.
For example, you could try to put payment credentials in a separate subnet where they are never read out of that enclave. Access to that subnet might require separate authentication credentials that most employees don't have, and API calls might require the calling server to possess a separate type of short-lived certificate. So when the main DB is compromised through an employee, it's still hard to laterally access more sensitive data.
> The compromised photos were taken of travelers in vehicles coming in and out of the US through specific lanes at a single Port of Entry over a one and a half months period.
What wasn't stolen:
>No other identifying information was included with the photos and no passport or other travel document photos were compromised, the official said. Images of airline passengers from the air entry and exit process were also not involved.
> On May 31, 2019, CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network
Sounds like CBP's issue was less about compartmentalizing, more about controlling for how the subcontractor accessed the data.
Honestly the problem sounds more like something borne from ignorance than malice. It's a headache having to download every image you have to analyze, so why not copy the whole thing to a local network drive and work with it here? And then some hacker lifted it from the local network drive.
Anyway I wasn't talking about the CBP specifically. I was responding to the question about why decentralization saves you from compromise. My response was that compartmentalization is useful for damage control.
For example, you could try to put payment credentials in a separate subnet where they are never read out of that enclave. Access to that subnet might require separate authentication credentials that most employees don't have, and API calls might require the calling server to possess a separate type of short-lived certificate. So when the main DB is compromised through an employee, it's still hard to laterally access more sensitive data.