Zero Trust Security Governance by Utilizing Identity and Access Management

Year : 2023 | Volume : 01 | Issue : 02 | Page : 6-17
By

    Sampath Talluri

  1. IAM Lead Engineer, Department of Computer Science, Western Michigan University, Michigan, United States

Abstract

The Zero Trust Paradigm, a more stringent approach to network security, operates on the fundamental concept of “Never Assume, Always Authenticate.” It is currently being implemented in different countries to align with their national cybersecurity and access management governance policies. The differentiation of these Zero Trust systems is contingent upon factors such as awareness, infrastructure, expenses, and security demand. Additionally, the identity-based access management models within the Zero Trust system exhibit variations depending on factors such as user profiles, resource allocations, application domains, the specific Zero Trust rules in place, and the role of the Zero Trust administrator. The aforementioned disparities contribute to the phenomenon of security fragmentation, resulting in the proliferation of risk and vulnerability to attacks in various network zones. This study conducts deductive research on the standard frameworks of identity-based zero-trust system, as implemented in the United States and India, both at an industrial level and in other domains. The research substantiates their soundness based on the available factual data regarding the updates and advancements made in addressing evolving security and user-access management concerns. In the subsequent section, the conclusion highlights potential areas for enhancement and notable characteristics observed in the respective models that can be integrated to develop a zone-neutral Zero Trust model. This result showed that India’s Zero Trust infrastructure lacks the scalability and innovation scope of the USA’s Zero Trust system. Thus, to develop a zone-neutral model operational in both areas, India’s model should be integrated with advanced classification, detection, and user management systems and better areas of application.

Keywords: zero trust, user identity, authentication, regional ZT, ZT systems

[This article belongs to International Journal of Mobile Computing Technology(ijmct)]

How to cite this article: Sampath Talluri Zero Trust Security Governance by Utilizing Identity and Access Management ijmct 2023; 01:6-17
How to cite this URL: Sampath Talluri Zero Trust Security Governance by Utilizing Identity and Access Management ijmct 2023 {cited 2023 Jul 20};01:6-17. Available from: https://journals.stmjournals.com/ijmct/article=2023/view=130669

Browse Figures

References

Chaudhry UB, Hydros AKM. Zero‐trust‐based security model against data breaches in the banking sector: A blockchain consensus algorithm. IET Blockchain. 2023; 3 (2): 98–115. doi: 10.1049/blc2.
Heath D. (2023). The evolution of zero trust and the frameworks that guide it. [Online] IBM Blog. Available at https://www.ibm.com/blog/the-evolution-of-zero-trust-and-the-frameworks-that-guide-it/
(2023). Zero trust. [Online] ManageEngine. Available at https://www.manageengine.com/
active-directory-360/manage-and-protect-identities/zero-trust-security.html [
Rose S, Borchert O, Mitchell S, Connelly S. (2020). Zero Trust Architecture. [Online] Available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
Paul B, Rao M. Zero-trust model for Smart Manufacturing Industry. Appl Sci. 2022; 13 (1): 221. doi: 10.3390/app13010221.
Fernandez EB, Brazhuk A. A critical analysis of zero trust architecture (ZTA). SSRN Electron J. 2022. doi: 10.2139/ssrn.4210104.
Adahman Z, Malik AW, Anwar Z. An analysis of zero-trust architecture and its cost-effectiveness for organizational security. Comput Sec. 2022; 122: 102911. doi: 10.1016/j.cose.2022.102911.
Adahman Z. Zero-trust architecture and its cost-effectiveness on network security. Ndsuedu. 2022. Available from: https://library.ndsu.edu/ir/handle/10365/32683.
He Y, Huang D, Chen L, Ni Y, Ma X. A survey on Zero Trust Architecture: challenges and future trends. Wirel Commun Mob Comput. 2022; 2022: 1–13. doi: 10.1155/2022/6476274.
Zhang Y. Privacy-preserving with Zero trust computational intelligent hybrid technique to English education model. Appl Artif Intell. 2023; 37 (1). doi: 10.1080/08839514.2023.2219560.
Razavian M, Paech B, Tang A. The vision of on-demand architectural knowledge systems as a decision-making companion. J Syst Softw. 2023; 198: 111560. doi: 10.1016/j.jss.2022.111560.
Liu H, Ai M, Huang R, Qiu R, Li Y. Identity authentication for edge devices based on zero‐trust architecture. Concurrency Comput Pract Experience. 2022; 34 (23). doi: 10.1002/cpe.7198.
Feng Y, Zhong Z, Sun X, Wang L, Lu Y, Zhu Y. Blockchain enabled Zero trust based authentication scheme for Railway Communication Networks. J Cloud Comput. 2023; 12 (1). doi: 10.1186/s13677-023-00411-z.
(2021). Zero Trust: 2021 A revolutionary approach to Cyber or just another buzz word? [Online] Available at https://dokumen.tips/documents/zero-trust-deloitte-2021-7-18-zero-trust-is-a-framework-for-looking-at-cyber.html?page=1
(2023). The state of zero trust security in global organizations. [Online] Available at https://www.okta.com/resources/reports/state-of-zero-trust-security-in-global-organizations/
Kerman A, Borchert O, Rose S. (2020). Implementing a zero trust architecture. [Online] Available at https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture
Teplinsky MJ. (2023). A review of NIST’s draft Cybersecurity Framework 2.0. [Online] Available at https://www.lawfaremedia.org/article/a-review-of-nist-s-draft-cybersecurity-framework-2.0
Talluri S, Anne VP. Active directory implementation: resolving provisioning/deprovisioning access and ensuring accurate user identity and access across the organization using IAM. Int J Inf Technol. 2023; 4 (02): 29–37.
Raina, K. (2023). Zero trust security explained: principles of the zero trust model. [Online] Available at https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/
(2023). Public draft: The NIST Cybersecurity Framework 2.0 National Institute of Standards and Technology. Available at https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.ipd.pdf
Tejaswi M. (2023). Zero trust to become cornerstone of data security this year in India: Dell’s Ripu Bajwa. [Online] The Hindu. Available at https://www.thehindu.com/business/zero-trust-to-become-cornerstone-of-data-security-this-year-in-india-dells-ripu-bajwa/article66793069.ece
Sathyajith S. (2022). Role of zero trust in India’s digital transformation journey. [Online] Entrepreneur. Available at https://www.entrepreneur.com/en-in/growth-strategies/role-of-zero-trust-in-indias-digital-transformation-journey/433648
Guru S. (2022). The new standard for cyber security of organisations and enterprises: zero trust architecture. [Online] Cyber Secure India. Available at https://cybersecureindia.in/new-standard-for-cyber-security-organisations-and-enterprises-zero-trust-architecture/
(2021). Safe & Trusted Internet: Guidelines on Information Security Practices for Government Entities. [Online] Available at https://www.cyberyodha.org/2023/06/safe-trusted-internet-guidelines-on.html
Alappat MR. (2023). Multifactor authentication using zero trust. Thesis. [Online] Rochester Institute of Technology. Available at https://scholarworks.rit.edu/cgi/viewcontent.cgi?article=1263
9&context=theses#:~:text=The%20concept%20of%20Zero%20Trust,authentication%20before%20being%20granted%20access


Regular Issue Subscription Review Article
Volume 01
Issue 02
Received June 24, 2023
Accepted July 7, 2023
Published July 20, 2023