Implementaciones actuales del modelo confianza cero para entornos en la nube: una revisión sistemática

Autores/as

  • Johann Castillo Oliva Universidad Nacional de Trujillo
  • Bruno Hiroshi Espinosa Luna Universidad Nacional de Trujillo
  • Alberto Carlos Mendoza de los Santos Universidad Nacional de Trujillo

DOI:

https://doi.org/10.32870/recibe.v12i2.299

Palabras clave:

control de accesos, seguridad de la información, seguridad en la nube, políticas de control, innovaciones

Resumen

La expansión de la computación en la nube en las organizaciones modernas enfrenta nuevos desafíos de seguridad de la información, en consecuencia, surge el paradigma de Confianza Cero como un método de reforzamiento para entornos en la nube. En relación a ello, esta revisión sistemática busca abordar dos preguntas de investigación: ¿Cuáles son las herramientas y procedimientos empleados en los últimos 5 años en las implementaciones de Confianza Cero para entornos de la nube? y ¿Cuáles son los métodos de evaluación utilizados en el modelo de Confianza Cero para entornos de la nube? Bajo la metodología PRISMA 2020, se analizaron 13 estudios de las bases de datos bibliográficas Scopus y Dimensions donde se destacan herramientas como blockchain, algoritmos criptográficos y modelos integrales de confianza, además de métodos de validación como pruebas de funcionalidad y análisis de seguridad. Por último, se da a conocer la falta de un método de evaluación uniforme para las aplicaciones del modelo Confianza Cero en la computación en la nube.

Citas

Akbar, undefined H., Zubair, undefined M., & Malik, undefined M. S. (2023). The Security Issues and challenges in Cloud Computing. International Journal for Electronic Crime Investigation, 7(1), Article 1. https://doi.org/10.54692/ijeci.2023.0701125

Ali, B., Hijjawi, S., Campbell, L. H., Gregory, M. A., & Li, S. (2022). A Maturity Framework for Zero-Trust Security in Multiaccess Edge Computing. Security and Communication Networks, 2022, 1-14. https://doi.org/10.1155/2022/3178760

Bajdor, P. (2022). Perception and evaluation of selected cloud computing factors in the light of conducted research among small and medium-sized enterprises. Procedia Computer Science, 207, 3788-3797. https://doi.org/10.1016/j.procs.2022.09.440

Chen, B., Qiao, S., Zhao, J., Liu, D., Shi, X., Lyu, M., Chen, H., Lu, H., & Zhai, Y. (2021). A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture. IEEE Internet of Things Journal, 8(13), 10248-10263. https://doi.org/10.1109/JIOT.2020.3041042

Cheng, M., Qu, Y., Jiang, C., & Zhao, C. (2022). Is cloud computing the digital solution to the future of banking? Journal of Financial Stability, 63, 101073. https://doi.org/10.1016/j.jfs.2022.101073

Divya, P., & Sherin, A. (2022). A Zero Trust Framework Security to Prevent Data Breaches and Mitigate the Cloud Network Attacks. International Journal for Research in Applied Science and Engineering Technology, 10, 3530-3538. https://doi.org/10.22214/ijraset.2022.42976

Feng, Y., Zhong, Z., Sun, X., Wang, L., Lu, Y., & Zhu, Y. (2023). Blockchain enabled zero trust based authentication scheme for railway communication networks. Journal of Cloud Computing, 12(1), 62. https://doi.org/10.1186/s13677-023-00411-z

Ferretti, L., Magnanini, F., Andreolini, M., & Colajanni, M. (2021). Survivable zero trust for cloud computing environments. Computers & Security, 110, 102419. https://doi.org/10.1016/j.cose.2021.102419

George, A. S., & Sagayarajan, S. (2023). Securing Cloud Application Infrastructure: Understanding the Penetration Testing Challenges of IaaS, PaaS, and SaaS Environments. Partners Universal International Research Journal, 2(1), Article 1. https://doi.org/10.5281/zenodo.7723187

Gill, S. H., Razzaq, M. A., Ahmad, M., Almansour, F. M., Haq, I. U., Jhanjhi, N., Alam, M. Z., & Masud, M. (2022). Security and privacy aspects of cloud computing: A smart campus case study. Intelligent Automation and Soft Computing, 31(1), Article 1. https://doi.org/10.32604/IASC.2022.016597

Guo, R., Tafti, A., & Subramanyam, R. (2023). Internal IT modularity, firm size, and adoption of cloud computing. Electronic Commerce Research. https://doi.org/10.1007/s10660-023-09691-8

Justice, C., & Sample, C. (2022). Future Needs of the Cybersecurity Workforce. International Conference on Cyber Warfare and Security, 17(1), Article 1. https://doi.org/10.34190/iccws.17.1.33

Lawan, M. M., Oduoza, C., & Buckley, K. (2021). A Systematic Review of Cloud Computing Adoption by Organisations. International Journal of Industrial and Manufacturing Systems Engineering, 6(3), Article 3. https://doi.org/10.11648/j.ijimse.20210603.11

Li, P., Ou, W., Liang, H., Han, W., Zhang, Q., & Zeng, G. (2023). A zero trust and blockchain-based defense model for smart electric vehicle chargers. Journal of Network and Computer Applications, 213, 103599. https://doi.org/10.1016/j.jnca.2023.103599

Liu, S., Zhuang, Y., Huang, L., & Zhou, X. (2022). Exploiting LSB Self-quantization for Plaintext-related Image Encryption in the Zero-trust Cloud. Journal of Information Security and Applications, 66, 103138. https://doi.org/10.1016/j.jisa.2022.103138

Liu, Z., Li, X., & Mu, D. (2022). Data-Driven Zero Trust Key Algorithm. Wireless Communications and Mobile Computing, 2022, 1-9. https://doi.org/10.1155/2022/8659428

Mandal, S., Khan, D. A., & Jain, S. (2021). Cloud-Based Zero Trust Access Control Policy: An Approach to Support Work-From-Home Driven by COVID-19 Pandemic. New Generation Computing, 39(3-4), 599-622. https://doi.org/10.1007/s00354-021-00130-6

Miller, L., Mérindol, P., Gallais, A., & Pelsser, C. (2021). Securing Workflows Using Microservices and Metagraphs. Electronics, 10(24), 3087. https://doi.org/10.3390/electronics10243087

N’goran, R., Tetchueng, J.-L., Pandry, G., Kermarrec, Y., & Asseu, O. (2022). Trust Assessment Model Based on a Zero Trust Strategy in a Community Cloud Environment. Engineering, 14(11), 479-496. https://doi.org/10.4236/eng.2022.1411036

Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., Shamseer, L., Tetzlaff, J. M., Akl, E. A., Brennan, S. E., Chou, R., Glanville, J., Grimshaw, J. M., Hróbjartsson, A., Lalu, M. M., Li, T., Loder, E. W., Mayo-Wilson, E., McDonald, S., … Moher, D. (2021). The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. The BMJ, 372, undefined-undefined. https://doi.org/10.1136/bmj.n71

Paul, B., & Rao, M. (2023). Zero-Trust Model for Smart Manufacturing Industry. Applied Sciences (Switzerland), 13(1). Scopus. https://doi.org/10.3390/app13010221

Rajasoundaran, S., Prabu, A. V., Routray, S., Kumar, S. V. N. S., Malla, P. P., Maloji, S., Mukherjee, A., & Ghosh, U. (2021). Machine learning based deep job exploration and secure transactions in virtual private cloud systems. Computers & Security, 109, 102379. https://doi.org/10.1016/j.cose.2021.102379

Rose, S. W., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture. NIST. https://www.nist.gov/publications/zero-trust-architecture

Saleem, M., Warsi, M. R., & Islam, S. (2023). Secure information processing for multimedia forensics using zero-trust security model for large scale data analytics in SaaS cloud computing environment. Journal of Information Security and Applications, 72, 103389. https://doi.org/10.1016/j.jisa.2022.103389

Shetty, J. P., & Rajesh, P. (2021). An overview of cloud computing in SMEs. Journal of Global Entrepreneurship Research, 11. https://doi.org/10.1007/s40497-021-00273-2

Sohrabi, C., Franchi, T., Mathew, G., Kerwan, A., Nicola, M., Griffin, M., Agha, M., & Agha, R. (2021). PRISMA 2020 statement: What’s new and the importance of reporting guidelines. International Journal of Surgery, 88, 105918. https://doi.org/10.1016/j.ijsu.2021.105918

Teodoro, D. D. R. (2022). Cloud infrastructure architecture and the zero trust model as a cybersecurity strategy. Revista Científica Multidisciplinar Núcleo Do Conhecimento, 13(11), 204-232. https://doi.org/10.32749/nucleodoconhecimento.com.br/technology-en/zero-trust-model

Wang, Z., Yu, X., Xue, P., Qu, Y., & Ju, L. (2023). Research on Medical Security System Based on Zero Trust. Sensors, 23(7), 3774. https://doi.org/10.3390/s23073774

Zheng, M., Huang, R., Wang, X., & Li, X. (2023). Do firms adopting cloud computing technology exhibit higher future performance? A textual analysis approach. International Review of Financial Analysis, 90, 102866. https://doi.org/10.1016/j.irfa.2023.102866

Descargas

Publicado

2024-02-11

Cómo citar

Castillo Oliva, J., Espinosa Luna, B. H., & Mendoza de los Santos, A. C. (2024). Implementaciones actuales del modelo confianza cero para entornos en la nube: una revisión sistemática. ReCIBE, Revista electrónica De Computación, Informática, Biomédica Y Electrónica, 12(2), C7–16. https://doi.org/10.32870/recibe.v12i2.299

Número

Vol. 12 Núm. 2 (2023): Nov 2023 - Abr 2024

Sección

Computación e Informática

Licencia

Derechos de autor 2024 ReCIBE, Revista electrónica de Computación, Informática, Biomédica y Electrónica