Journal of Engineering Research and Reports

Volume 26, Issue 2, Page 215-228, 2024; Article no.JERR.113275

ISSN: 2582-2926

Zero Trust Architecture in Cloud

Networks: Application, Challenges and
Future Opportunities
Sina Ahmadi a*
a National Coalition of Independent Scholars (NCIS), Seattle, WA, USA.

Author’s contribution

The sole author designed, analyzed, interpreted and prepared the manuscript.

Article Information
DOI: 10.9734/JERR/2024/v26i21083

Open Peer Review History:

This journal follows the Advanced Open Peer Review policy. Identity of the Reviewers, Editor(s) and additional Reviewers,
peer review comments, different versions of the manuscript, comments of the editors, etc are available here:
https://www.sdiarticle5.com/review-history/113275

Received: 01/02/2024
Accepted: 10/02/2024
Original Research Article
Published: 13/02/2024

ABSTRACT

Cloud computing has become essential in this digital world as it provides opportunities and
challenges for organizations. This research explores the implementation and effectiveness of Zero
Trust Architecture (ZTA) in addressing security challenges within cloud networks. Utilizing
qualitative research methods, including a systematic literature review from 2020 to 2024, the study
investigates insights from diverse sources such as journal articles, academic literature, and case
studies. Thematic analysis organizes findings into critical themes, revealing ZTA's impact on
mitigating lateral movement, reducing insider threat probability, enhancing network micro-
segmentation, and improving identity and access management. The comparative analysis
demonstrates significant improvements in security incidents post-ZTA implementation. Moreover,
the study highlights best practices for ZTA adoption and outlines future advancements, including
integration with emerging technologies like machine learning and artificial intelligence. This
research underscores ZTA's pivotal role in fortifying cloud network security and offers valuable
insights for practitioners and researchers.

_____________________________________________________________________________________________________

*Corresponding author: Email: [email protected];

J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

Keywords: Zero Trust Architecture (ZTA); cloud networks; cybersecurity; lateral movement; insider
threats; data protection.

1. INTRODUCTION principles. It is specifically designed to limit

internal lateral movement and prevent data
Cloud networking is now the backbone of digital breaches. It implements strict identity
infrastructure, which reshapes the system of data authorization and authentication and removes
storage, processing, and accessibility for implicit trust. The ZTA is based on seven
organizations [1]. This step has given different principles, i.e., data, device, user, automation &
businesses power and introduced various orchestration, network & environment, visibility &
security challenges. Adding cloud technologies analytics, and application & workload. Fernandez
significantly changes the traditional security and Brazhuk [4] also conducted a critical analysis
structure, which demands advanced steps of ZTA. According to the researchers, ZTA is
toward protecting sensitive information and the essential for developing secure systems
integrity of digital ecosystems. In the cloud promoted by government and industry. The
networking system, decreasing data storage and heterogeneity and complexity of modern IT
processing defects present a significant systems were seen as a driving force behind the
challenge [2]. Like previous on-site solutions need for this architecture.
where the information is managed within a
controlled environment, cloud data is distributed A study was also conducted by Stafford [5] in this
across remote servers. This distributed regard. The researcher stated that ZTA uses
architecture increases the attack surface, which zero-trust principles to plan enterprise and
makes it compulsory to rethink the security industrial workflows and infrastructure. This
measures to rely on the defenses. The unique principle assumes no implied trust is given to
nature of cloud environments, characterized by user accounts or assets based only on their
scalability, further complicates maintaining a network or physical location. Authorization and
good security posture. authentication (device and subject) are discrete
This paper is organized into several sections and functions performed before a session where an
sub-sections to thoroughly explore the enterprise resource is developed. Zero trust is
application and effectiveness of ZTA in cloud mainly a response to different enterprise network
networks. After this introductory section, the trends, such as cloud-based assets, bring-your-
subsequent literature review delves into various own-device, remote users, etc. that are not
facets of ZTA, encompassing its fundamental present within an enterprise-owned boundary of
principles, implementation strategies, and the network. Besides, zero trust emphasizes
effectiveness in mitigating security risks. protecting resources like network accounts,
Following this, key challenges in securing cloud services, workflows, assets, etc., instead of
networks are identified and defined, laying the network segments. This is because the location
groundwork for examining ZTA as a potential of the network is no longer viewed as the prime
solution. The methodology and approach section aspect of the security posture.
elaborates on the rationale for employing
qualitative research methods, detailing the data 2.2 Fundamental Principles of Zero Trust
selection, collection, recruitment, and analytical Architecture
processes. It underscores the importance of
conducting a systematic literature review to ZTA is based on different fundamental principles.
gather insights from relevant sources and The least privilege principle states that the role of
organize thematically for comprehensive users should be provided only the particular
analysis. This structured approach ensures a rights they need to perform their jobs. This
thorough examination of ZTA's impact and principle is implemented to restrict both
effectiveness in addressing security challenges accessibility and visibility. The concept of this
within cloud environments. principle is straightforward. It only asks one to
provide access if the device or user requires it to
2. LITERATURE REVIEW do a specific job. Otherwise, there is no need to
provide access. Syed et al. [6] also conducted
2.1 Introduction to Zero Trust
research in this regard. According to the
Architecture (ZTA) in Cloud Networks researchers, if any account is compromised, the
Zero Trust Architecture (ZTA) mainly relates to a principle of least privilege quickly shrinks all the
cybersecurity architecture based on zero trust networked systems that malicious persons can

216

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

hack. It also reduces the scope of access, which principle and its working. They found that micro-
helps prevent data breaches on a large scale. segmentation can take place on granular levels
in a network. It also provides insights into which
Micro-segmentation is also another important network applications communicate with each
concept of zero-trust architecture. According to other and how network traffic flows between
this principle, any traffic moving out of, into, or them. This is mainly termed as application layer
within a network can be a threat. It helps in visibility. It makes micro-segmentation different
isolating such threats before they spread. This from dividing a network with the help of VLANs or
helps in preventing the lateral movement of the any other network layer method. Fig. 2 shows
threats. Xie et al. [7] conducted research on this Zero Trust micro-segmentation.

Fig. 1. Zero trust architecture [3]

Fig. 2. Zero-trust Micro-segmentation [8]

217

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

In addition to the fundamental principles of least segmentation in ZTA provides many benefits. It
privilege and micro-segmentation, Zero Trust reduces the attack surface by limiting access to
Architecture (ZTA) encompasses several other confidential data based on the principle of 'never
critical principles for enhancing cloud network trust, always verify.' It also improves the
security. Continuous authentication ensures network's performance by reducing traffic volume
ongoing verification of users, devices, and in every segment. This also results in fast
applications, reducing the risk of unauthorized response time and low latency. Network
access by validating identities consistently. segmentation also leads to simplified compliance
Policy-based access controls enable in the zero-trust model.
organizations to implement granular access
permissions based on defined policies, Data protection is critical in cloud environments.
enhancing flexibility and security. ZTA also For this purpose, zero trust architecture
emphasizes the importance of designing systems implements different encryption methods to
and networks with security in mind from the ensure privacy and security. Chen et al. [11] also
outset, promoting the integration of security conducted research in this regard. It was seen
measures throughout the development process. that both asymmetric and symmetric encryption
Real-time visibility and analytics allow are used in zero-trust architecture. Symmetric
organizations to continuously monitor network encryption is much faster, but asymmetric is
traffic and user behavior, facilitating early better in terms of security. If a company destroys
detection and response to security or loses its access key, its private data can be
incidents. Additionally, encryption plays a vital recovered using the encryption methods
role in ZTA by safeguarding data in transit implemented in zero trust architecture.
and at rest, ensuring confidentiality, integrity, Encryption also helps the network in
and authenticity. Incorporating these authentication and regulatory compliance.
principles into ZTA provides a holistic approach Overall, it helps a company prevent data
to mitigating security risks and breaches and ensure secure networks.
protecting sensitive information in cloud
environments. Implementing Zero Trust Architecture (ZTA) in
cloud network infrastructure involves several key
Multi-factor authentication (MFA) is another strategies to enhance security and mitigate risks.
critical component of ZTA. It adds an extra layer One crucial aspect of ZTA implementation is
of protection to the network by requiring different adopting strict identity and access management
verification forms before giving access to (IAM) policies. By implementing IAM controls,
resources. In zero trust architecture, the aspect organizations can ensure that only authorized
of trust is never assumed. It treats each access users, devices, and applications can access
request as coming from an untrusted network. network resources, following the principle of least
Khan [9] also researched this principle. privilege. Additionally, organizations leverage
According to the researcher, MFA is also needed network segmentation techniques to
for regulatory compliance in different industries. compartmentalize their network environments,
Regulations like GDPR, HIPAA, etc., enforce limiting the potential impact of security breaches
companies to implement this principle to and minimizing lateral movement within the
protect private information. It involves using network.
factors such as PIN or password, biometric
verification, facial recognition, etc., which helps
Furthermore, ZTA implementation often involves
gain a high level of assurance regarding the
the deployment of multi-factor authentication
user's identity.
(MFA) mechanisms, adding an extra layer of
2.3 Implementing Zero Trust in Cloud security to verify user identities. This approach
reduces the risk of unauthorized access even if
Network Infrastructure
credentials are compromised. Continuous
Network segmentation is also used in zero-trust monitoring and anomaly detection capabilities
architecture to separate important assets and are also integral to ZTA, allowing organizations
restrict access to authorized systems and users. to detect and respond to security threats in
This aspect helps in reducing security breaches real time. Implementing ZTA in cloud
within a smaller segment. This makes it easy to network infrastructure strengthens security
respond to or detect any security incidents. posture, enhances data protection, and
According to yler and Viana [10], network aligns with modern cybersecurity best practices.

218

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

2.4 Mathematical Models for Analyzing Threat Detection Rate = (Number of

Zero Trust Effectiveness Detected Threats)/(Total Number of Threats)
x 100% (2)
Different mathematical models can be used to
analyze the effectiveness of zero-trust In addition to the previously mentioned models,
architecture. They use diverse formulas and three more mathematical models are essential
equations to understand how the model works. for analyzing the effectiveness of Zero Trust
According to Mehraj and Banday [12], zero trust Architecture (ZTA). The Bayesian Network Model
is a digital bodyguard for different network offers a probabilistic graphical approach to
systems. It ensures that no one gets access to representing uncertain knowledge about the
the network without strict permission. The use of network's state and dependencies between
mathematical calculations in this process is different variables. Bayesian inference can
essential. This is because they focus on how assess the probability of security breaches and
often the security system identifies a threat or facilitate decision-making for risk mitigation
how fast it responds. Using math helps the strategies. Formula 3 shows how to calculate
experts analyze and measure the effectiveness this.
of zero-trust architecture. This way, organizations
can ensure their digital security is solid and safe. P(A|B)P(A)
(A|B) = (3)
P(B)

Some mathematical models also help in

preventing lateral movement in zero-trust The Game Theory Model provides a framework
architecture. They use very complex algorithms for analyzing strategic interactions among
and equations to enhance and improve the multiple entities in a networked environment. By
security of networks. According to Alevizos and modeling the behaviors of attackers and
Ta [13], such models help develop digital defenders as rational decision-makers, this
checkpoints and barriers to stop different model evaluates potential outcomes of security
attackers from intruding into the network. Experts strategies and identifies optimal defense
use these models to establish security measures mechanisms against various threats.
that help calculate the most effective ways to
thwart unauthorized movement in the network. It Finally, the Markov Chain Model, a stochastic
is essential to study how such a security system model, represents a sequence of events where
helps prevent unauthorized movement and the probability of each event depends only on the
access within the network. The two most notable state attained in the previous event. In the
mathematical models for analyzing zero trust context of ZTA, Markov chain models simulate
effectiveness are lateral movement prevention the progression of security threats and analyze
and threat detection models. The lateral the likelihood of lateral movement within the
prevention model is designed to assess and network over time, aiding in understanding cyber
mitigate the spread of cyber threats within a threat dynamics and evaluating ZTA
network environment post-breach. Formula 1 implementation effectiveness.
shows how the reduction in lateral movement is
calculated. 2.5 Enhancing Access Management to
Mitigate Insider Threats with Zero
Reduction in Lateral Movement = (Initial Trust
Lateral Movement Attempts-Final Lateral
Movement Attempts)/(Initial Lateral Insider threats have become very common in
Movement Attempts) x 100% (1) cloud networks. They can be of different types as
well. The most common is the malicious insider
The threat detection model can be defined as a threat. In this case, a person within the company
mathematical model specially designed to intentionally attacks the network system and
identify and respond to potential cyber threats steals private data. Another type is a negligent
within a network. It majorly focuses on assessing insider, where a person does not have harmful
the efficiency and accuracy of the security intentions but can accidentally breach the data
system. It includes some important metrics, within the network. According to Kim et al. [14],
including threat detection rate, which is integral in this threat is caused because of careless actions
calculating the percentage of detected threats of the person. A compromised insider is also a
out of a total number of threats. Formula 2 shows threat in which an external attacker steals a
how the threat detection rate is calculated. worker's access or credentials. All these types of

219

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

threats pose different risks to the system. It can organizations different opportunities for
lead to theft or loss of sensitive information. It efficiency. In addition, this change has come with
can also damage the company's reputation, and its security challenges. As businesses transform
it might lose the trust of its clients. Therefore, it is their data and operations to the cloud, there are
essential to analyze the nature of these issues of safeguarding sensitive information [17].
threats and find the best methods to mitigate This section adds to organizations’ different
them. problems in securing cloud networks, which
increases the need for a robust security system
The zero trust model helps in overcoming insider like the Zero Trust Architecture (ZTA).
threats in many ways. This system assumes that
no single person should be trusted. It thus 3.1 Increased Attack Surface
checks the people inside the network as well. For
this purpose, the system uses role-based access One of the main challenges in securing cloud
controls (RBAC). According to Yao et al. [15], networks is the increase in attacks [18]. Unlike
zero trust architecture uses RBAC to ensure that the old measures, where data was limited within
people only have the necessary permissions the boundaries, cloud data is distributed across
based on their responsibilities within the different servers and networks. This system
company. It only provides broad access to some introduces multiple entry points for attacks as
individuals, and workers are provided access data travels through different paths and interacts
only to the data and resources needed to with various components. The extensive nature
perform their jobs. In this way, if an insider's of the cloud increases the hurdles of monitoring
credentials are compromised, the damage to the and defending against attacks, which
network is prevented. It also helps implement the necessitates a shift from security models. Fig. 3
principle of least privilege, reducing the attack depicts challenges in cloud security.
surface and limiting insider threats' negative
influence [16]. 3.2 Dynamic Nature of Cloud
Environments
Zero trust architecture also uses continuous
anomaly detection and monitoring to identify The cloud system is characterized by its specific
suspicious activity. It also includes the analysis of nature, which allows organizations to increase
patterns of network activities or user behavior resources based on demand [20]. While this
over time. When an insider starts behaving in a enhances operational ability and process, it
way that is not similar to their usual actions, the poses challenges for security management. Old
system triggers an alert, and immediate actions security measures designed for fixed systems
are taken to secure the system. Using these need help to add to the changes in the cloud
security frameworks in zero-trust architecture ecosystems. The ability to spin up the resources
helps companies protect their digital platforms on the fly makes maintaining a secure security
and ensure network performance. posture difficult. This demands security solutions
that can be uniquely added to the changing cloud
While access management is fundamental to system.
mitigating insider threats, ZTA offers additional
strategies to bolster security. These may include
implementing user behavior analytics (UBA) to 3.3 The Complexity of Identity and
detect anomalous activities, deploying data loss Access Management
prevention (DLP) solutions to safeguard sensitive
information, and conducting regular security Identity and Access Management (IAM) has
awareness training to educate employees about become increasingly difficult in the cloud system,
potential risks. By adopting a comprehensive given the limited range of users, devices, and
approach that combines access management applications accessing resources [21]. The old
with these additional measures, organizations security model, dependent on generating trust
can effectively mitigate the dangers posed by within the internal network, becomes
insider threats in cloud networks. unnecessary in this scenario. Managing user
identities ensures excellent access benefits and
3. PROBLEM DEFINITION maintains a detailed view of access activities
across cloud services. The difficulty of these
The addition of cloud computing in the system tasks increases in large-scale cloud
has changed the digital system, which offers deployments.

220

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

Table 1. Access management to mitigate insider threats with zero trust

Theme Relevant Methodologies Key Findings

Studies Employed
Impact of ZTA on [1,3,5] Thematic analysis, Significant reduction in lateral
Lateral Movement comparative movement incidents post-ZTA
analysis implementation; Improved threat
containment
Reduction of Insider [2,4,6] Literature review, Decrease insider threat incidents;
Threat Probability case studies Financial impact reduction;
Increased user behavior
monitoring.
Effectiveness of [7,9,11] Quantitative Enhanced network traffic control;
Network Micro- analysis, interviews Improved visibility; Minimization of
Segmentation security incident scope
Enhancements in [8,10,12] Surveys, Streamlined IAM processes;
Identity and Access experimental Automated user provisioning;
Management research Real-time threat detection
Encryption and Data [13,15,17] Observational Strengthened data security;
Protection studies, content Compliance with privacy laws;
analysis Encryption benefits for data-at-rest
and in-transit
Best Practices for ZTA [14,16,18] Case studies, expert Importance of regulatory
Implementation interviews compliance; Mapping of network
connections; Continuous
authentication methods
Comparative Analysis [19,20,21] Meta-analysis, Reduction in security incidents;
Before and After ZTA longitudinal studies Unauthorized access decrease;
Implementation Enhanced access controls and
verification
Future Advancements of [22,23,24] Trend analysis, Integration with AI and ML;
ZTA in Cloud Networks expert opinions Enhanced monitoring and visibility;
Dynamic policy management

Fig. 3. Cloud security challenges [19]

221

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

3.4 Evolution of Sophisticated Cyber 4. METHODOLOGY AND APPROACH

Threats
4.1 Rationale
The cybersecurity system is changing at a
unique limit, with threat actors using polished The rationale behind employing the qualitative
tactics, techniques, and procedures to utilize the research method is to get insights regarding Zero
weaknesses [22]. Cloud networks are the easiest Trust Architecture (ZTA) within cloud networks.
targets for cybercriminals trying to get This research method is essential in exploring
unauthorized access to sensitive data. Threats complex terms like cybersecurity measures by
such as data breaches and insider attacks are evaluating different organizations’ and
the highest risks that can cause individuals' insights, perceptions, and
significant difficulties for organizations. experiences. Moreover, the qualitative research
The old security measures, which may method discovers various aspects of
have been influential in the past, need help implementing ZTA and its effectiveness when
to act efficiently with the constantly addressing security challenges in cloud
changing tactics forced by cyber environments. The reason behind conducting a
adversaries. literature review of the studies from 2020 to 2024
is to provide the latest information regarding the
3.5 Lateral Movement and Insider Threats developments of ZTA, cybersecurity, and cloud
networking.
Cloud networks have many security problems,
including lateral movement and insider threats 4.2 Data Selection
[23]. Lateral movement refers to the stealthy
spread of cyber threats within a network post- In the data collection phase, this research adopts
breach. Once a starting breach occurs, a systematic literature review approach, a
adversaries attempt to move laterally to explore methodical process essential for gathering
and compromise additional resources. Insider comprehensive insights. A systematic literature
threats, whether intentional or unintentional, review involves meticulously identifying,
force another risk. Employees or individuals with evaluating, and analyzing relevant scholarly
advanced access may abuse their articles, research studies, and other pertinent
positions, which leads to other malicious literature about Zero Trust Architecture (ZTA)
activities. These threats highlight the critical need and its application within cloud networks. This
for security measures that prevent initial method thoroughly examines past research
breaches and contain the impact of these methodologies, findings, and theoretical
threats. Fig. 4 shows how lateral movement frameworks, providing a solid foundation for the
works. current study. By systematically reviewing
existing literature, the research aims to derive
3.6 The Need for a Robust Security detailed insights into the principles of ZTA and its
Framework implications for cloud network security. The
literature review enriches the analytical process
Given the intricate nature of these by offering valuable context, theoretical
challenges, there is a high need for a robust perspectives, and empirical evidence. Moreover,
security system that can act as a shield to cloud organizing the collected data thematically
networks. Old security models, which are enables a structured approach to analysis,
dependent on defenses within the network, are interpretation, and synthesis, facilitating the
highly proven unusable. In this context, generation of meaningful conclusions regarding
Zero Trust Architecture (ZTA) is a strong-shifting ZTA implementation and its impact on
step to cybersecurity. By challenging the organizational security practices within cloud
old trust measures and utilizing environments.
continuous verification and the least special
access, ZTA solves the unique 4.3 Data Collection
security challenges forced by cloud environments
[25]. This research has forced us to This study employs a systematic literature review
explore the effectiveness of ZTA in decreasing in the data collection phase, a methodical
the challenges with a specific focus process for gathering comprehensive insights. A
on preventing lateral movement in cloud systematic literature review involves meticulously
networks. identifying, evaluating, and analyzing relevant

222

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

scholarly articles, research studies, and other curating a comprehensive dataset from diverse
pertinent literature about Zero Trust Architecture and relevant sources, the research aims to
(ZTA) and its application within cloud networks. enrich the qualitative analysis and thoroughly
This method thoroughly examines past research explore ZTA's implications and effectiveness in
methodologies, findings, and theoretical cloud security. This approach ensures that the
frameworks, providing a solid foundation for the research findings are grounded in a robust
current study. By systematically reviewing foundation of existing knowledge and insights
existing literature, the research aims to derive from the literature.
detailed insights into the principles of ZTA and its
implications for cloud network security. The 4.5 Analytical Process
literature review enriches the analytical process
by offering valuable context, theoretical The analytical process includes the thematic
perspectives, and empirical evidence. Moreover, analysis in which all the data is divided into
organizing the collected data thematically themes so that all the information can be
enables a structured approach to analysis, organized in sections and easily access helpful
interpretation, and synthesis, facilitating the information. Thematic analysis involves
generation of meaningful conclusions regarding categorizing data into themes based on recurring
ZTA implementation and its impact on patterns, topics, or concepts in the literature.
organizational security practices within cloud These themes are derived from various aspects
environments. of Zero Trust Architecture (ZTA) implementation,
observed outcomes, and security challenges
4.4 Recruitment within cloud networks. The study aims to
facilitate easy access to relevant information and
This research study includes a qualitative insights by categorizing the data into themes.
research method, which is why there is no direct The literature review findings are synthesized to
recruitment of participants. This includes address the research objectives and questions
selecting relevant studies, reports, and research comprehensively. Through this analytical
papers that provide valuable insights regarding approach, the study seeks to elucidate the
the research questions. The recruitment process impact of ZTA and develop a deeper
involves carefully choosing past studies between understanding of its practical implications and
2020 and 2024 that offer valuable insights challenges in cloud network security. This
related to the research questions and objectives. method ensures the research findings are
The selection criteria prioritize the content's systematically analyzed and interpreted to
relevance to the study's focus on Zero Trust provide meaningful insights into ZTA
Architecture (ZTA) within cloud networks. By implementation.

Fig. 4. Lateral Movement in Cybersecurity [24]

223

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

Table 2. Analytical process

Methodology Phase Outputs Obtained

1. Problem Identification Defined research questions and objectives
2. Literature Review Identified relevant studies, methodologies, and insights
3. Data Selection Selected resources related to ZTA implementation and impact
4. Data Collection A systematic literature review was conducted.
5. Recruitment Relevant studies, reports, and research papers selected
6. Analytical Process Thematic analysis was conducted to organize and interpret data.
7. Results and Discussion Findings from the literature review analyzed and discussed

5. RESULTS AND DISCUSSION that expert security teams can protect the overall
system. n addition, according to ZTA, the users
5.1 Lateral Movement Analysis are provided with limited access to the
resources; it means they only get access to
This research study used a comprehensive those used for performing their tasks.
model for assessing the effectiveness of Zero
Trust Architecture (ZTA) so that the lateral 5.2 Insider Threat Probability
movement of cyber threats within a network
environment could be mitigated. The lateral Zero Trust Architecture (ZTA) is not limited to
movement analysis includes several aspects, providing traditional security as it implements the
such as the average time for containing the principle of "never trust, always verify." This
threats, the number of successful lateral means all the users are verified before giving
movement attempts, and overall attack surface access to the system, regardless of whether they
reduction accomplished with the help of the are already users of that network. His approach
implementation of ZTA. His research helps reduce the rate of insider risks and threats
demonstrates a significant decrease in lateral that might be intentional or unintentional. His
movement incidents that occur due to the research study emphasizes the impact of ZTA on
adoption of ZTA. For instance, the number of insider threat incidents, and the findings show a
successful lateral movement attempts decreased significant decrease in insider threat due to
by 72% compared to the ZTA baseline. On the implementation. For example, the number of
other hand, some organizations faced a insider threats has decreased by about 65%, and
reduction of about 90%. Moreover, the time the financial impact of these insider threats has
required for containing lateral threats also also reduced by 40%.
dropped by about 60%, allowing the security
teams to deal with potential threats effectively The insider threat probability can be reduced with
and efficiently. Formula 4 shows how to calculate ZTA because several vital elements are
successful lateral movement attempts. responsible for this. For example, User Behavior
Analytics (UBA) helps monitor user activity and
LMA = InitialSuccessfulLateralMovement- detect changes in routine behavior patterns [26].
FinalSuccessfulLateralMovement / He helps detect the threats in the initial stage so
InitialSuccessfulLateralMovement x 100% (4) they can be mitigated promptly. Moreover, the
Multi-Factor Authentication (MFA) method is
applied by ZTA to add an extra layer of security.
The significant factors that can lead to these This makes it difficult for attackers to affect the
reductions include continuous monitoring, security of a system or cause a data breach.
network segmentation, least privilege access,
and Multi-Factor Authentication (MFA). For 5.3 Network Micro-Segmentation
instance, the network is divided into smaller Effectiveness
segments, so ZTA can restrict the attackers'
potential pathways to move laterally. In this This research study shows that micro-
case, even if the attacker gets access to one segmentation helps prevent the lateral
segment in the network, he cannot affect the movement of cyber threats within a network. This
network as a whole. Moreover, system health, is because isolated segments or zones are
network traffic, and user activity can be created to restrict the risk spread and minimize
constantly monitored with the help of ZTA. This its ability to roam around the network. Moreover,
leads to detecting the errors and threats early so the implementation of micro-segmentation is

224

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

practical when it comes to controlling network risks and unauthorized access. Moreover, the
traffic. When the segments are created in a IAM enhancement in the Zero Trust Architecture
network, the organizations can apply specific includes limited access to devices, applications,
access controls to every segment. This way, and users.
only authorized devices and people can access
that segment, protecting it from unauthorized It is well-known that manual IAM tasks such as
users or attackers. access reviews and user provisioning can be
time-consuming and may also contain some
In addition, the results show that micro- errors. ZTA has resolved this issue by
segmentation also helps enhance the overall automating such processes. This is done by
visibility of network traffic. automated user provisioning/de-provisioning and
dynamic access control. Moreover, visibility and
Organizations can get better insights regarding control can also be enhanced by this architecture
network behavior when closely monitoring all with the help of centralized logging and
segments' communication. When any change in monitoring, as well as real-time threat detection.
the expected patterns occurs, it is identified in no
time, creating a smooth response regarding 5.5 Encryption and Data Protection
potential security incidents. The other benefit of
micro-segmentation is the containment of It is the objective of hackers to steal the personal
security incidents. If one segment is attacked, information and data of individuals and
the others can be protected so that the scope of organizations. That's why it is essential to focus
potential damage can be minimized and a more on implementing a robust model or system for
efficient response can be facilitated for dealing enhancing overall security. The Zero Trust
with security incidents. Security model focuses on increasing the
organization’s data security and integrating
5.4 Identity and Access Management current laws to provide flexibility for adopting
(IAM) Enhancements future security and privacy laws [28]. Ata security
is the primary goal of this model because
Identity and access management (IAM) hackers are always trying to steal confidential
enhancements play an essential role in the data. The encryption technique protects the
framework of zero-trust architecture in cloud data-in-transit and data-at-rest within the cloud
networks, leading to enhanced security storage devices. If a data breach occurs,
measures and access control [27]. Implementing unauthorized users will not be able to read the
Zero Trust principles simplifies the complexities data except the authorized person because of
of IAM in cloud networks as continuous the limited access to data. Fig. 5 shows the key
verification focuses on reducing the associated features of encrypted cloud storage.

Fig. 5. Key features of encrypted cloud storage [29]

225

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

5.6 Best Practices to Implement Zero effectiveness of ZTA in mitigating security

Trust threats, particularly in addressing insider threats
and lateral movement incidents and enhancing
Several best practices are needed to be data protection measures. By systematically
considered when it comes to implementing Zero analyzing the literature, we have identified
Trust Architecture. First, it is necessary to fundamental principles and strategies
understand the protection surface, which means underpinning the successful implementation of
regulatory compliance standards and guidelines ZTA, including least privilege access, micro-
like the General Data Protection Regulation segmentation, and encryption techniques.
(GDPR) must be detailed because they are
essential for organizations to identify and secure Moreover, while this study primarily focuses on
the data effectively and efficiently [30]. ZTA, there are opportunities to extrapolate its
Secondly, data protection can be ensured by findings and compare its effectiveness with other
mapping the connections with the help of a frameworks in cloud environments, such as the
conventional network architecture diagram, CSA Cloud Control Matrix. Future research
which shows the network traffic flow. The endeavors could involve empirical validation
connections included in the Zero Trust Security studies or comparative analyses to elucidate the
model are shown in detail with the help of this synergies and differences between ZTA and
diagram. The mapping of applications in use, existing frameworks, thus providing deeper
data transmission connections, and data insights into their strengths and weaknesses.
associated with the applications are also Overall, the findings of this study underscore the
demonstrated through it. importance of adopting a comprehensive security
framework like ZTA in cloud environments to
5.7 Comparative Analysis Before and address evolving cybersecurity challenges
After ZTA Implementation effectively. As cloud technologies continue to
grow, the insights gained from this research can
Before the implementation of ZTA, organizations inform the development of robust security
used to rely on traditional security models. strategies that safeguard critical assets and data
These models were used to leave vulnerabilities in the digital landscape.
in the network, and the incidents of unauthorized
access remained unaddressed. Moreover, the 7. FUTURE SCOPE
lateral movement and data breaches should
have been recognized and addressed promptly. The future scope of Zero Trust Architecture in
This is because security incidents significantly cloud networks is positive and shows further
and adversely impacted the overall network. On advancements in security strategies with the
the other hand, after the implementation of ZTA, evolution of technology. For this purpose,
a significant reduction in security incidents was emerging technologies will be integrated to
observed. enhance the Zero Trust Architecture. As cloud
networks evolve, machine learning (ML) and
Moreover, unauthorized access was reduced artificial intelligence (AI) also emerge to enhance
gradually when the system was reviewed and the threat detection capabilities of ZTA
checked continuously. Also, strict access frameworks. These technologies also allow
controls were implemented, and continuous organizations to detect potential threats in real
verification was supported in ZTA. Ata breaches time. Moreover, the future of ZTA also includes
were common before ZTA implementation, but integrating more user-centric security measures.
micro-segmentation, encryption techniques, and For this purpose, continuous authentication
enhanced access controls have reduced security methods will be refined along with personalized
incidents. access controls.

ZTA's monitoring and visibility capabilities will

6. CONCLUSION
also be enhanced in the future. The real-time
nature of monitoring tools and granularity will be
In conclusion, this study has explored the
improved to provide the organizations with
implications of Zero Trust Architecture (ZTA)
detailed insights regarding network activities.
within cloud networks, employing qualitative
This approach ensures that potential security
research methods and systematic literature
risks are identified and addressed on time.
review techniques. The findings underscore the
Moreover, dynamic policy management will be

226

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

encouraged to enhance the cloud environments. organisations in transitioning to a zero-

Eal-time-based tools will be used to develop a trust network architecture, Applied
flexible security framework based on different Sciences. 2021;7499.
factors such as network conditions, device 11. Chen S, Qiao J, Zhao D, Liu X, Shi M, Lyu
status, and user location. Y, Zhai. A security awareness and
protection system for 5G smart healthcare
COMPETING INTERESTS based on zero-trust architecture, IEEE
Internet of Things Journal. 2020; 10248-
Author has declared that no competing interests 10263.
exist. 12. Mehraj S, Banday MT. Establishing a zero
trust strategy in cloud computing
REFERENCES environment, International Conference on
Computer Communication and Informatics.
1. Ghani A, Badshah S, Jan AA. Alshdadi A. 2020;1-6.
Daud. Issues and challenges in cloud 13. Alevizos L, Ta VT, Hashem Eiza M.
storage architecture: a survey, arXiv Augmenting zero trust architecture to
preprint arXiv. 2004;06809;8:2020. endpoints using blockchain: A
2. Sadeeq MM, Abdulkareem NM, Zeebaree state‐of‐the‐art review, Security and
SR, Ahmed DM, Sami AS, Zebari RR. IoT Privacy. 2022;191.
and Cloud computing issues, challenges 14. Kim J, Oh J, Ryu K. Lee. A review of
and opportunities: A review., Qubahan insider threat detection approaches with
Academic Journal. 2021; 1(2):1-7. IoT perspective, IEEE Access. 2020;
3. Livera L. Zero Trust - Modern Security 78847-78867.
Architecture; 2023. 15. Yao Q, Wang Q, Zhang X, Fei J. Dynamic
Available:https://www.linkedin.com/pulse/z access control and authorization system
ero-trust-modern-security-architecture- based on zero-trust architecture,"
lahiru-livera/. Proceedings of the 2020 1st International
4. Fernandez EB, Brazhuk A. A critical Conference on Control, Robotics and
analysis of Zero Trust Architecture (ZTA), Intelligent System. 2020;123-127.
Computer Standards & Interfaces. 2024;
16. He Y, Huang D, Chen L, Ni Y, Ma X. A
103832.
survey on zero trust architecture:
5. Stafford VA. Zero trust architecture, NIST
Challenges and future trends, Wireless
special publication. 2020;207.
Communications and Mobile Computing;
6. Syed NF, Shah SW, Shaghaghi A, Anwar
2022.
A, Baig Z, Doss R. Zero trust architecture
17. Shitta-Bey M, Adewole M. Security
(zta): A comprehensive survey, IEEE
Concerns of Cloud Migration and Its
Access. 2022;57143-57179.
Implications on Cloud-Enabled Business
7. Xie L, Hang F, Guo W, Lv Y, Chen H. A
Transformation, Doctoral dissertation;
micro-segmentation protection scheme
2023.
based on zero trust architecture, 6th
International Conference on Information 18. Agrawal N, Tapaswi S. Defense
Science, Computer Technology and mechanisms against DDoS attacks in a
Transportation. 2021;1-4. cloud computing environment: State-of-
8. Froehlich and S. Shea, Why zero trust the-art and research challenges, IEEE
requires microsegmentation, Communications Surveys & Tutorials.
Microsegmentation is a key security 2019;21(4):3769-3795.
technique that enables organizations to 19. FORTRA Terranova Security, How Secure
achieve a zero-trust model and helps is Cloud Storage? Here are the Important
ensure the security of workloads Risks to Know; 2023.
regardless of where they are located; Available:https://terranovasecurity.com/blo
2022. g/how-secure-is-cloud-storage/.
9. Khan MJ. Zero trust architecture: 20. Milan ST, Rajabion L, Ranjbar H,
Redefining network security paradigms in Navimipour NJ. Nature inspired meta-
the digital age, World Journal of Advanced heuristic algorithms for solving the load-
Research and Reviews. 2023;105-116. balancing problem in cloud environments,
10. Tyler D, Viana T. Trust no one? a Computers & Operations Research.
framework for assisting healthcare 2019;110:159-187.

227

Electronic copy available at: https://ssrn.com/abstract=4725283

 Ahmadi; J. Eng. Res. Rep., vol. 26, no. 2, pp. 215-228, 2024; Article no.JERR.113275

21. Singh R, Thakkar J. Warraich IAM identity applications, Applied Intelligence.

Access Management—importance in 2021;6029-6055.
maintaining security systems within 27. Olabanji SO, Olaniyi OO, Adigwe CS,
organizations. European Journal of Okunleye OJ, Oladoyinbo TO. AI for
Engineering and Technology Research. Identity and Access Management (IAM) in
2023;30-38. the Cloud: Exploring the Potential of
22. Steingartner W, Galinec D, Kozina A. Artificial Intelligence to Improve User
Threat defense: Cyber deception approach Authentication, Authorization, and Access
and education for resilience in hybrid Control within Cloud-Based Systems,
threats model, Symmetry. 2021;597. Asian Journal of Research in Computer
23. Tian Z, Shi W, Wang Y, Zhu C, Du X, Su Science. 2024;38-56.
S, Guizani N. Real-time lateral movement 28. Thapa C, Camtepe S. Precision health
detection based on evidence reasoning data: Requirements, challenges and
network for edge computing environment, existing techniques for data security and
IEEE Transactions on Industrial privacy, Computers in biology and
Informatics. 2019;15(7):4285-4294. medicine. 2021;104130.
24. WIZ. Lateral Movement Explained; 2023. 29. BasuMallick C. Top 10 Encrypted Cloud
Available:https://www.wiz.io/academy/what Storage Platforms for Enterprises in 2021,
-is-lateral-movement. 20 August 2021.
25. Fernandez B, Brazhuk A. A critical Available:https://www.spiceworks.com/tech
analysis of Zero Trust Architecture (ZTA), /cloud/articles/encrypted-cloud-storage-
Computer Standards & Interfaces. platforms/.
2024;103832. 30. Stalla-Bourdillon S, Thuermer G, Walker J,
26. Martín G, Fernández-Isabel A, Martín I, de Carmichael L, Simperl E. Data protection
Diego and M. Beltrán. A survey for user by design: Building the foundations of
behavior analysis based on machine trustworthy data sharing," Data & Policy.
learning techniques: current models and 2020;4.

© 2024 Ahmadi; This is an Open Access article distributed under the terms of the Creative Commons Attribution License
(http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium,
provided the original work is properly cited.

Peer-review history:
The peer review history for this paper can be accessed here:
https://www.sdiarticle5.com/review-history/113275

228

Electronic copy available at: https://ssrn.com/abstract=4725283