In microservices, one has the leverage of having a heterogeneous stack of technology. Now, if there is diverse technology used in the microservice, then it would require the effort of using any generic security layer. Perhaps implementation in different languages has its own complexity. The complexity increases if it has some legacy part also. Then, the developer has to match the consistency with old code. Legacy code might have some limitations, which sadly leads to some compromises in the new security layer.