Current implementations of the zero trust model for cloud environments: a systematic review
Keywords:
access control, information security, cloud security, control policies, innovationsAbstract
The expansion of cloud computing in modern organizations faces new information security challenges; consequently, the Zero Trust paradigm emerges as a reinforcement method for cloud environments. In this regard, this systematic review aims to address two research questions: What are the tools and procedures employed in the last 5 years in Zero Trust implementations for cloud environments? And what evaluation methods are used in the Zero Trust model for cloud environments? Under the PRISMA 2020 methodology, 13 studies from the Scopus and Dimensions bibliographic databases were analyzed, highlighting tools such as blockchain, cryptographic algorithms, and comprehensive trust models, as well as validation methods such as functionality tests and security analysis. Finally, it is highlighted that there is a lack of a uniform evaluation method for Zero Trust model applications in cloud computing.References
Akbar, undefined H., Zubair, undefined M., & Malik, undefined M. S. (2023). The Security Issues and challenges in Cloud Computing. International Journal for Electronic Crime Investigation, 7(1), Article 1. https://doi.org/10.54692/ijeci.2023.0701125
Ali, B., Hijjawi, S., Campbell, L. H., Gregory, M. A., & Li, S. (2022). A Maturity Framework for Zero-Trust Security in Multiaccess Edge Computing. Security and Communication Networks, 2022, 1-14. https://doi.org/10.1155/2022/3178760
Bajdor, P. (2022). Perception and evaluation of selected cloud computing factors in the light of conducted research among small and medium-sized enterprises. Procedia Computer Science, 207, 3788-3797. https://doi.org/10.1016/j.procs.2022.09.440
Chen, B., Qiao, S., Zhao, J., Liu, D., Shi, X., Lyu, M., Chen, H., Lu, H., & Zhai, Y. (2021). A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture. IEEE Internet of Things Journal, 8(13), 10248-10263. https://doi.org/10.1109/JIOT.2020.3041042
Cheng, M., Qu, Y., Jiang, C., & Zhao, C. (2022). Is cloud computing the digital solution to the future of banking? Journal of Financial Stability, 63, 101073. https://doi.org/10.1016/j.jfs.2022.101073
Divya, P., & Sherin, A. (2022). A Zero Trust Framework Security to Prevent Data Breaches and Mitigate the Cloud Network Attacks. International Journal for Research in Applied Science and Engineering Technology, 10, 3530-3538. https://doi.org/10.22214/ijraset.2022.42976
Feng, Y., Zhong, Z., Sun, X., Wang, L., Lu, Y., & Zhu, Y. (2023). Blockchain enabled zero trust based authentication scheme for railway communication networks. Journal of Cloud Computing, 12(1), 62. https://doi.org/10.1186/s13677-023-00411-z
Ferretti, L., Magnanini, F., Andreolini, M., & Colajanni, M. (2021). Survivable zero trust for cloud computing environments. Computers & Security, 110, 102419. https://doi.org/10.1016/j.cose.2021.102419
George, A. S., & Sagayarajan, S. (2023). Securing Cloud Application Infrastructure: Understanding the Penetration Testing Challenges of IaaS, PaaS, and SaaS Environments. Partners Universal International Research Journal, 2(1), Article 1. https://doi.org/10.5281/zenodo.7723187
Gill, S. H., Razzaq, M. A., Ahmad, M., Almansour, F. M., Haq, I. U., Jhanjhi, N., Alam, M. Z., & Masud, M. (2022). Security and privacy aspects of cloud computing: A smart campus case study. Intelligent Automation and Soft Computing, 31(1), Article 1. https://doi.org/10.32604/IASC.2022.016597
Guo, R., Tafti, A., & Subramanyam, R. (2023). Internal IT modularity, firm size, and adoption of cloud computing. Electronic Commerce Research. https://doi.org/10.1007/s10660-023-09691-8
Justice, C., & Sample, C. (2022). Future Needs of the Cybersecurity Workforce. International Conference on Cyber Warfare and Security, 17(1), Article 1. https://doi.org/10.34190/iccws.17.1.33
Lawan, M. M., Oduoza, C., & Buckley, K. (2021). A Systematic Review of Cloud Computing Adoption by Organisations. International Journal of Industrial and Manufacturing Systems Engineering, 6(3), Article 3. https://doi.org/10.11648/j.ijimse.20210603.11
Li, P., Ou, W., Liang, H., Han, W., Zhang, Q., & Zeng, G. (2023). A zero trust and blockchain-based defense model for smart electric vehicle chargers. Journal of Network and Computer Applications, 213, 103599. https://doi.org/10.1016/j.jnca.2023.103599
Liu, S., Zhuang, Y., Huang, L., & Zhou, X. (2022). Exploiting LSB Self-quantization for Plaintext-related Image Encryption in the Zero-trust Cloud. Journal of Information Security and Applications, 66, 103138. https://doi.org/10.1016/j.jisa.2022.103138
Liu, Z., Li, X., & Mu, D. (2022). Data-Driven Zero Trust Key Algorithm. Wireless Communications and Mobile Computing, 2022, 1-9. https://doi.org/10.1155/2022/8659428
Mandal, S., Khan, D. A., & Jain, S. (2021). Cloud-Based Zero Trust Access Control Policy: An Approach to Support Work-From-Home Driven by COVID-19 Pandemic. New Generation Computing, 39(3-4), 599-622. https://doi.org/10.1007/s00354-021-00130-6
Miller, L., Mérindol, P., Gallais, A., & Pelsser, C. (2021). Securing Workflows Using Microservices and Metagraphs. Electronics, 10(24), 3087. https://doi.org/10.3390/electronics10243087
N’goran, R., Tetchueng, J.-L., Pandry, G., Kermarrec, Y., & Asseu, O. (2022). Trust Assessment Model Based on a Zero Trust Strategy in a Community Cloud Environment. Engineering, 14(11), 479-496. https://doi.org/10.4236/eng.2022.1411036
Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., Shamseer, L., Tetzlaff, J. M., Akl, E. A., Brennan, S. E., Chou, R., Glanville, J., Grimshaw, J. M., Hróbjartsson, A., Lalu, M. M., Li, T., Loder, E. W., Mayo-Wilson, E., McDonald, S., … Moher, D. (2021). The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. The BMJ, 372, undefined-undefined. https://doi.org/10.1136/bmj.n71
Paul, B., & Rao, M. (2023). Zero-Trust Model for Smart Manufacturing Industry. Applied Sciences (Switzerland), 13(1). Scopus. https://doi.org/10.3390/app13010221
Rajasoundaran, S., Prabu, A. V., Routray, S., Kumar, S. V. N. S., Malla, P. P., Maloji, S., Mukherjee, A., & Ghosh, U. (2021). Machine learning based deep job exploration and secure transactions in virtual private cloud systems. Computers & Security, 109, 102379. https://doi.org/10.1016/j.cose.2021.102379
Rose, S. W., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture. NIST. https://www.nist.gov/publications/zero-trust-architecture
Saleem, M., Warsi, M. R., & Islam, S. (2023). Secure information processing for multimedia forensics using zero-trust security model for large scale data analytics in SaaS cloud computing environment. Journal of Information Security and Applications, 72, 103389. https://doi.org/10.1016/j.jisa.2022.103389
Shetty, J. P., & Rajesh, P. (2021). An overview of cloud computing in SMEs. Journal of Global Entrepreneurship Research, 11. https://doi.org/10.1007/s40497-021-00273-2
Sohrabi, C., Franchi, T., Mathew, G., Kerwan, A., Nicola, M., Griffin, M., Agha, M., & Agha, R. (2021). PRISMA 2020 statement: What’s new and the importance of reporting guidelines. International Journal of Surgery, 88, 105918. https://doi.org/10.1016/j.ijsu.2021.105918
Teodoro, D. D. R. (2022). Cloud infrastructure architecture and the zero trust model as a cybersecurity strategy. Revista Científica Multidisciplinar Núcleo Do Conhecimento, 13(11), 204-232. https://doi.org/10.32749/nucleodoconhecimento.com.br/technology-en/zero-trust-model
Wang, Z., Yu, X., Xue, P., Qu, Y., & Ju, L. (2023). Research on Medical Security System Based on Zero Trust. Sensors, 23(7), 3774. https://doi.org/10.3390/s23073774
Zheng, M., Huang, R., Wang, X., & Li, X. (2023). Do firms adopting cloud computing technology exhibit higher future performance? A textual analysis approach. International Review of Financial Analysis, 90, 102866. https://doi.org/10.1016/j.irfa.2023.102866
