Dissect a new service proposed for the environment. Provide recommendations with associated risks to each recommendation.
The new service is a human resources platform. The platform includes a web interface (HTTP) with a backend database. The information maintained includes not only personally identifiable information, but also HR sensitive discussions with employees. Access to this system is highly restricted as it is very important to protect the data appropriately. The specific HR representative for an employee and their management has access to specific records for that employee to assist them with any concerns. The network is segmented to enable system isolation. The architecture proposed may make use of physical segmentation as well as features provided through virtualization, micro-segmentation, access controls, and encryption. Include a detailed diagram and description of the security protection. As the interface description is simple, this should be completed on a single page