Zero-Trust Architectures for Multi-Cloud Environments
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V3I4P107Keywords:
Zero-Trust Architecture, Federated Identity, Micro-Segmentation, Policy Enforcement, API Gateway, Service Mesh, Continuous AuthenticationAbstract
Multi-cloud strategies have become widespread, and this trend has brought a new level of complexity into enterprise IT infrastructure security. Perimeter-based models of traditional security are no longer sufficient in resource, identity, and workload environments that cross multiple heterogeneous cloud providers. Due to the nature of multi-cloud environments, the following paper suggests a Zero-Trust Architecture (ZTA) that follows the principle of never trust, always verify. The architecture provides constant identity questions, least access privilege, micro-segmentation, and conditional policy administration using federated identity management, software-defined perimeters, and dynamic policy engines. We consider the main issues of the implementation of Zero-Trust to multi-cloud deployments such as identity fragmentation, policy silos, complex operations, and risks of lateral movement. The architecture that is proposed can deal with these problems by including service meshes, API gates, and policy brokers in one place to allow cross-cloud interoperability and safe inter-service interaction. The targets of various performance measures are followed, which show measurable returns in threat identification and breach remediation, with tolerable trade-offs in terms of resource utilization and latency. Moreover, we talk about the implementation details like compliance auditing, scalability, or user experience. As our evaluation indicates, Zero-Trust outshines the traditional perimeter models in terms of security effectiveness and resilience in operations. Future directions are identified as concluding remarks, such as AI-based threat detection, automated policy generation and integration of quantum-resistant cryptographic capabilities to guarantee long-term flexibility and resilience of Zero-Trust in an evolving cloud environment
Downloads
References
[1] Rodigari, S., O'Shea, D., McCarthy, P., McCarry, M., & McSweeney, S. (2021, September). Performance analysis of zero-trust multi-cloud. In 2021 IEEE 14th International Conference on Cloud Computing (CLOUD) (pp. 730-732). IEEE.
[2] Allakonda, M., & Sagar, K. (2021, July). A Survey on Data Security Challenges in a Cloud Environment. In 2021 IEEE International Conference on Electronics, Computing and Communication Technologies (CONECCT) (pp. 1-5). IEEE.
[3] Afolaranmi, S. O., Ferrer, B. R., & Lastra, J. L. M. (2018, October). A framework for evaluating security in multi-cloud environments. In IECON 2018-44th annual conference of the IEEE industrial electronics society (pp. 3059-3066). IEEE.
[4] Chinamanagonda, S. (2019). Security in Multi-cloud Environments-Heightened focus on securing multi-cloud deployments. Journal of Innovative Technologies, 2(1).
[5] Sidharth, S. (2021). Multi-Cloud Environments: Reducing Security Risks in Distributed Architectures.
[6] Wahab, O. A., Bentahar, J., Otrok, H., & Mourad, A. (2016). Towards trustworthy multi-cloud services communities: A trust-based hedonic coalitional game. IEEE Torr, P. (2005). Demystifying the threat modelling process. IEEE Security & Privacy, 3(5), 66-70.
[7] Transactions on Services Computing, 11(1), 184-201.
[8] Abusitta, A., Bellaiche, M., & Dagenais, M. (2019). Multi-cloud Cooperative Intrusion Detection System: Trust and Fairness Assurance. Annals of Telecommunications, 74, 637-653.
[9] Umar Aftab, M., Qin, Z., Ali, S., & Khan, J. (2018, December). The evaluation and comparative analysis of role-based access control and attribute-based access control models. In 2018, 15th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP) (pp. 35-39). IEEE.
[10] Wang, Y., Ma, Y., Xiang, K., Liu, Z., & Li, M. (2018, June). A role-based access control system using attribute-based encryption. In 2018 International Conference on Big Data and Artificial Intelligence (BDAI) (pp. 128-133). IEEE.
[11] Mujib, M., & Sari, R. F. (2020, October). Performance Evaluation of a Data Centre Network with Network Microsegmentation. In 2020, 12th International Conference on Information Technology and Electrical Engineering (ICITEE) (pp. 27-32). IEEE.
[12] Teerakanok, S., Uehara, T., & Inomata, A. (2021). Migrating to Zero Trust Architecture: Reviews and Challenges. Security and Communication Networks, 2021(1), 9947347.
[13] Vanickis, R., Jacob, P., Dehghanzadeh, S., & Lee, B. (2018, June). Access control policy enforcement for zero-trust networking. In 2018, 29th Irish Signals and Systems Conference (ISSC) (pp. 1-6). IEEE.
[14] Stafford, V. (2020). Zero trust architecture. NIST special publication, 800(207), 800-207.
[15] DeCusatis, C., Liengtiraphan, P., Sager, A., & Pinelli, M. (2016, November). Implementing zero-trust cloud networks with transport access control and first packet authentication. In 2016 IEEE International Conference on Smart Cloud (SmartCloud) (pp. 5-10). IEEE.
[16] Fitria, N. (2021). Comparing Software-Defined Perimeter and Zero-Trust Architectures for Secure, Cloud-Native Online Retail Infrastructures. International Journal of Applied Business Intelligence, 1(12), 12-22.
[17] Collier, Z. A., & Sarkis, J. (2021). The zero trust supply chain: Managing supply chain risk in the absence of trust. International Journal of Production Research, 59(11), 3430-3445.
[18] Ruan, Y., Durresi, A., & Uslu, S. (2018, May). Trust assessment for the Internet of Things in multi-access edge computing. In 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA) (pp. 1155-1161). IEEE.
[19] Zimmermann, A., Gonen, B., Schmidt, R., El-Sheikh, E., Bagui, S., & Wilde, N. (2014, September). Adaptable Enterprise Architectures for Software Evolution of SmartLife Ecosystems. In 2014 IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations (pp. 316-323). IEEE.
[20] Simpson, W. R., & Foltz, K. E. (2021). Network segmentation and zero trust architectures. In Lecture Notes in Engineering and Computer Science, Proceedings of the World Congress on Engineering (WCE) (pp. 201-206).
[21] Pappula, K. K., & Rusum, G. P. (2020). Custom CAD Plugin Architecture for Enforcing Industry-Specific Design Standards. International Journal of AI, BigData, Computational and Management Studies, 1(4), 19-28. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V1I4P103
[22] Rahul, N. (2020). Vehicle and Property Loss Assessment with AI: Automating Damage Estimations in Claims. International Journal of Emerging Research in Engineering and Technology, 1(4), 38-46. https://doi.org/10.63282/3050-922X.IJERET-V1I4P105
[23] Enjam, G. R., & Chandragowda, S. C. (2020). Role-Based Access and Encryption in Multi-Tenant Insurance Architectures. International Journal of Emerging Trends in Computer Science and Information Technology, 1(4), 58-66. https://doi.org/10.63282/3050-9246.IJETCSIT-V1I4P107
[24] Pappula, K. K., Anasuri, S., & Rusum, G. P. (2021). Building Observability into Full-Stack Systems: Metrics That Matter. International Journal of Emerging Research in Engineering and Technology, 2(4), 48-58. https://doi.org/10.63282/3050-922X.IJERET-V2I4P106
[25] Pedda Muntala, P. S. R., & Jangam, S. K. (2021). End-to-End Hyperautomation with Oracle ERP and Oracle Integration Cloud. International Journal of Emerging Research in Engineering and Technology, 2(4), 59-67. https://doi.org/10.63282/3050-922X.IJERET-V2I4P107
[26] Rahul, N. (2021). AI-Enhanced API Integrations: Advancing Guidewire Ecosystems with Real-Time Data. International Journal of Emerging Research in Engineering and Technology, 2(1), 57-66. https://doi.org/10.63282/3050-922X.IJERET-V2I1P107
[27] Enjam, G. R., & Chandragowda, S. C. (2021). RESTful API Design for Modular Insurance Platforms. International Journal of Emerging Research in Engineering and Technology, 2(3), 71-78. https://doi.org/10.63282/3050-922X.IJERET-V2I3P108
