Zero-Trust Security Architectures for Cloud and Enterprise Systems
DOI:
https://doi.org/10.15662/IJARCST.2023.0606002Keywords:
Zero-Trust Architecture (ZTA), Cloud Security, Identity and Access Management (IAM), Micro Segmentation,, BeyondCorp, Least Privilege, Zero-Trust Networking Access (ZTNA), Continuous Diagnostics and Mitigation (CDM)Abstract
Zero-Trust Architecture (ZTA) represents a paradigm shift in cybersecurity, fundamentally abandoning implicit trust in perimeter defenses and adopting a "never trust, always verify" mindset. This paper examines the opportunities and challenges of implementing ZTA within cloud and enterprise environments, drawing on research and case studies preceding 2022. Key principles of ZTA—such as continuous authentication, least-privilege access, device and user identity verification, micro-segmentation, and dynamic policy enforcement—are explored. We analyze how ZTA strengthens security by limiting lateral movement, improving visibility, and reducing risk from compromised credentials or devices.
On the opportunity side, ZTA enhances defenses against advanced threats, simplifies migration to hybrid and multi-cloud architectures, and supports modern workforce models like zero-trust networking access (ZTNA) exemplified by Google's Beyond Corp. Implementation enablers include identity and access management (IAM), policy engines, service-mesh frameworks, and continuous diagnostics and mitigation (CDM) systems.
However, significant challenges hinder adoption. Legacy infrastructure often lacks necessary identity controls and segmentation, making retrofitting difficult. The complexity of managing dynamic access policies, the resource overhead of continuous verification, and user friction from frequent authentication are notable concerns. Integrating multi-vendor tools, maintaining identity hygiene, updating access controls amid personnel changes, and ensuring performance at scale further complicate deployment.
Our analysis synthesizes findings from literature, including architecture frameworks and performance evaluations, with real-world examples to craft a holistic perspective. A research methodology involving literature synthesis and case study review informs key findings. The proposed workflow outlines a phased approach: asset identification, policy definition, pilot deployment, scaling, continuous monitoring, and governance. The paper concludes by highlighting the strategic benefits of ZTA, cautioning that overcoming cultural, technical, and operational barriers is essential. Future work should address automated policy orchestration, endpoint trust evaluation enhancements, and unified zero-trust frameworks spanning cloud and on-prem systems.
References
1. Kindervag, J. (2010). Build Security Into Your Network's DNA: The Zero Trust Network Architecture. Forrester Research.
2. NIST. (2018). NIST Special Publication 800-207: Zero Trust Architecture.
3. Google. (2016–2018). BeyondCorp: Design to Deployment at Google. login., USENIX. Wikipedia
4. Rodigari, S., O’Shea, D., McCarthy, P., McCarry, M., & McSweeney, S. (2021). Performance Analysis of Zero-Trust Multi-Cloud. arXiv preprint. arXiv
5. Sarkar, S., Choudhary, G., Shandilya, S. K., Hussain, A., & Kim, H. (2022). Security of Zero Trust Networks in Cloud Computing: A Comparative Review. Sustainability (2022) – pre-2022 content on concepts. MDPI
6. Alevizos, L., Ta, V. T., & Eiza, M. H. (2021). Augmenting Zero Trust Architecture to Endpoints Using Blockchain: A State-of-the-Art Review. arXiv preprint. arXiv
7. McGrath, G., & Brenner, P. (2017). Serverless Computing: Design, Implementation, and Performance. (Though focused on serverless, referenced general security architecture.)
