Implementing Zero Trust Architecture in Multi-Cloud Environments
DOI:
https://doi.org/10.47941/ijce.2754Keywords:
Zero Trust Architecture, Multi-Cloud Security, Identity and Access Management, AI-driven Security, NIST 800-207Abstract
Purpose: The purpose of this study is to examine the implementation of Zero Trust Architecture (ZTA) within multi-cloud environments, where traditional perimeter-based security models are increasingly inadequate. The paper aims to identify and address the unique security challenges posed by multi-cloud infrastructures, such as identity and access management (IAM), policy enforcement, network segmentation, and continuous monitoring.
Methodology: The research analyzes established industry frameworks, notably NIST Special Publication 800-207, to provide a theoretical foundation for ZTA. It explores practical implementation strategies by evaluating real-world case studies and assessing technologies such as AI-driven threat detection, identity federation, and software-defined perimeters. Comparative analysis of cloud service provider tools and standardization techniques is also conducted to identify best practices for cross-cloud security.
Findings: The study finds that implementing ZTA in multi-cloud environments significantly enhances security postures by minimizing attack surfaces and improving regulatory compliance. Effective integration of AI, federated identity solutions, and cloud-native security tools enables continuous verification and least privilege access control.
Unique Contribution to Theory, Practice and Policy: The research concludes that while ZTA presents interoperability and policy enforcement challenges, these can be mitigated through standardized frameworks and automation, making ZTA a viable model for modern cloud security.
Downloads
References
E. Bertino, "Zero Trust Architecture: From Principles to Deployment," IEEE Security & Privacy, vol. 19, no. 5, pp. 72-77, Sep.-Oct. 2021.
J. Kindervag, "No More Chewy Centers: Introducing Zero Trust Architecture," Forrester Research, 2010.
National Institute of Standards and Technology, "Zero Trust Architecture," NIST Special Publication 800-207, Aug. 2020.
M. Rose, L. Peterson, and C. Smith, "AI-driven Security in Zero Trust Networks," IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 4, pp. 1253-1267, July 2021.
K. Raina and B. Gupta, "Security Challenges in Multi-Cloud Environments: A Zero Trust Perspective," IEEE Access, vol. 10, pp. 24567-24580, 2022.
Cloud Security Alliance, "Cloud Controls Matrix: Standardizing Cloud Security and Compliance," CSA Report, 2023.
S. R. Banerjee, M. Mukherjee, and A. Anand, "Identity Federation in Multi-Cloud Systems: Challenges and Best Practices," IEEE Transactions on Cloud Computing, vol. 11, no. 3, pp. 657-670, 2023.
A. K. Verma and T. Rajan, "Multi-Factor Authentication and Federated Identity in Cloud Security," International Journal of Information Security Science, vol. 9, no. 2, pp. 125-139, 2022.
D. J. Raymond and T. F. Butler, "Context-Aware Policy Enforcement in Zero Trust Architectures," IEEE Transactions on Network and Service Management, vol. 18, no. 4, pp. 3156-3168, 2021.
J. Lee, S. Kim, and H. Park, "Software-Defined Micro-Segmentation for Multi-Cloud Security," Journal of Cybersecurity Research, vol. 17, no. 2, pp. 89-105, 2022.
M. Hossain, E. Zulkernine, and P. Martin, "AI-Driven Threat Intelligence in Zero Trust Security Models," IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 1, pp. 152-167, 2023.
A. B. Shah and N. A. Roy, "Machine Learning for Anomaly Detection in Zero Trust Cloud Environments," IEEE Transactions on Emerging Topics in Computing, vol. 11, no. 2, pp. 482-495, 2023.
Federal Risk and Authorization Management Program (FedRAMP), "Zero Trust Security Guidelines for Cloud Service Providers," FedRAMP Technical Report, 2023.
R. S. Kalle, B. Li, and M. Karimi, “Policy-as-Code for Secure Multi-Cloud Environments,” IEEE Transactions on Cloud Computing, vol. 11, no. 1, pp. 55-68, 2023.
L. Chen, R. W. Smith, and J. Patel, “Secure Access Service Edge: Integrating Zero Trust Across Multi-Cloud Environments,” IEEE Security & Privacy, vol. 19, no. 3, pp. 44-52, 2022.
Y. Nakamura, A. Gupta, and D. Lee, “AI-Driven Zero Trust Security Policy Automation,” IEEE Transactions on Information Forensics and Security, vol. 18, pp. 178-193, 2023.
A. P. Williams and C. Zhao, “Ensuring Regulatory Compliance in Multi-Cloud Zero Trust Architectures,” IEEE Access, vol. 9, pp. 123456-123469, 2021.
J. Smith, R. Kumar, and L. Johnson, “Zero Trust Network Access: Principles and Deployment Challenges,” IEEE Transactions on Network and Service Management, vol. 18, no. 4, pp. 567-579, 2022.
M. Lee, A. Brown, and K. Patel, “Federated Identity Management for Multi-Cloud Security,” IEEE Transactions on Cloud Computing, vol. 10, no. 3, pp. 112-124, 2023.
H. Chen, S. Wilson, and J. Lee, “Software-Defined Perimeter: Enhancing Zero Trust Security for Cloud Workloads,” IEEE Security & Privacy, vol. 19, no. 5, pp. 36-47, 2022.
D. Nakamoto, P. Fernandez, and C. Zhao, “Secure Access Service Edge (SASE): Converging Network and Security for Zero Trust,” IEEE Access, vol. 9, pp. 221567-221582, 2021.
A. Gupta, R. Liu, and B. Park, “AI-Driven Threat Detection in Zero Trust Network Access Environments,” IEEE Transactions on Information Forensics and Security, vol. 18, pp. 899-913, 2023.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Tirumala Ashish Kumar Manne
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
