Recent Trends in Cloud Computing and Web Engineering (e-ISSN: 3048-6068)

This paper investigates the integration of Zero Trust principles into Identity and Access Management (IAM) frameworks to strengthen security in multi-cloud and hybrid cloud environments. Unlike traditional perimeter-based defenses, the Zero Trust model enforces rigorous verification for every access request, ensuring that no entity, internal or external, is implicitly trusted. Our methodology incorporates dynamic trust scoring, continuous identity verification, adaptive privilege adjustments, and real-time monitoring to secure cloud infrastructures against evolving threats. By employing a multi-layered approach, including critical components like Advanced Encryption Standard (AES) for data security, contextual behavior analysis, and anomaly detection powered by machine learning, our Zero Trust IAM framework provides a scalable and proactive security solution. Experimental results demonstrate notable enhancements in security, with unauthorized access reduced by 30% and improved threat detection response times across various cloud services. The adaptive trust scoring effectively limits access based on real-time behavioral, contextual, and device-based factors, reducing risks from lateral movement and insider threats. The results further indicate that Zero Trust improves compliance management by enforcing strict access controls and continuous monitoring, which aligns well with regulatory standards. We discuss challenges in implementing Zero Trust in complex cloud environments and provide best practices for adoption. This work underscores Zero Trust as a robust, scalable IAM strategy, essential for a secure and resilient cloud ecosystem.

Ren Y, Xiao Y, Zhou Y, Zhang Z, Tian Z. Cskg4apt: A cybersecurity knowledge graph for advanced persistent threat organization attribution. IEEE Transactions on Knowledge and Data Engineering. 2022 Jul 20;35(6):5695-709.

Zaid B, Sayeed A, Bala P, Alshehri A, Alanazi AM, Zubair S. Toward secure and resilient networks: a zero-trust security framework with quantum fingerprinting for devices accessing network. Mathematics. 2023 Jun 10;11(12):2653.

Sharma M, Bagoria R, Arora P. Hybrid CNN-GRU Model for Handwritten Text Recognition on IAM, Washington and Parzival Datasets. In2023 2nd International Conference on Smart Technologies and Systems for Next Generation Computing (ICSTSN) 2023 Apr 21 (pp. 1-6). IEEE.

Lefebvre M, Nair S, Engels DW, Horne D. Building a Software Defined Perimeter (SDP) for network introspection. In2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN) 2021 Nov 9 (pp. 91-95). IEEE.

Wei YC, Yu TW. Zero Trust Framework In Financial Sector: The Handling Of Machine Learning Based Trust Management. In2023 International Conference on Consumer Electronics-Taiwan (ICCE-Taiwan) 2023 Jul 17 (pp. 211-212). IEEE

Nana H, Yuanyuan Y. A research on data secure access control mechanism based on zero trust and attribute encryption in medical cloud. In2022 IEEE 8th International Conference on Computer and Communications (ICCC) 2022 Dec 9 (pp. 1400-1404). IEEE.

Finney G, Kindervag J. Zero Trust DevOps.

Zhang C, He J, Fan B, Gong Y, Li S, Yin B, Lin Y. Tag-Based Trust Evaluation In Zero Trust Architecture. In2022 4th International Academic Exchange Conference on Science and Technology Innovation (IAECST) 2022 Dec 9 (pp. 772-776). IEEE.

Xu W, Xie Y, Lv M, Sun H, Li A, Zhao H. SDP Security Control Technology Based on Zero Trust. In2022 IEEE 4th International Conference on Civil Aviation Safety and Information Technology (ICCASIT) 2022 Oct 12 (pp. 611-616). IEEE.

Qiu J, Tian Z, Du C, Zuo Q, Su S, Fang B. A survey on access control in the age of internet of things. IEEE Internet of Things Journal. 2020 Jan 24;7(6):4682-96.