Enhancing Cloud Security: Implementing Zero Trust Architectures in Multi-Cloud Environments
Downloads
As organisations are deploying multiple clouds to scale, gain flexibility and cost optimisation the challenge of securing these architectures grows exponentially. Conventional logical security platforms that are based on perimeters cannot effectively guard current complex cloud environments. Currently, however, there is a need to develop methods for their implementation, which refers to the Zero Trust Architecture (ZTA) approach with the overall slogan “Never Trust, Always Verify”. This security model means that any user, device, and network request is authenticated, authorized and monitored all the time irrespective of the source. In multi-cloud where applications, data and computing resources are located across various cloud service providers, use of Zero Trust lowers the risks of threats and cyber-attacks by minimizing the exposures that bad actors can exploit, and hardening control of entry to assets. Drawing on theory and research, this paper considers the advantages and disadvantages of the Zero Trust model, the processes that need to be completed to introduce it to the multi-cloud infrastructure, and possible case studies. Hence, Identity and Access Management, Micro-segmentation, and continuous monitoring can help the organization enhance the cloud security posture, and minimize compliance and risks related to sophisticated cloud environments.
Downloads
1. AlZain, M. A., Pardede, E., Soh, B., & Thom, J. A. (2012, January). Cloud computing security: from single to multi-clouds. In 2012 45th Hawaii International Conference on System Sciences (pp. 5490-5499). IEEE.
2. Banyal, R. K., Jain, V. K., & Jain, P. (2014, October). Dynamic trust based access control framework for securing multi-cloud environment. In Proceedings of the 2014 international conference on information and communication technology for competitive strategies (pp. 1-8).
3. Graupner, H., Torkura, K., Berger, P., Meinel, C., & Schnjakin, M. (2015, October). Secure access control for multi-cloud resources. In 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops) (pp. 722-729). IEEE.
4. Fan, W., & Perros, H. (2014). A novel trust management framework for multi-cloud environments based on trust service providers. Knowledge-Based Systems, 70, 392-406.
5. Sammeta, N., Jagadeesh Kannan, R., & Parthiban, L. (2014). Enhanced trusted third party for cyber security in multi cloud storage. In ICT and Critical Infrastructure: Proceedings of the 48th Annual Convention of Computer Society of India-Vol II: Hosted by CSI Vishakapatnam Chapter (pp. 525-533). Springer International Publishing.
6. Thandeeswaran, R., Subhashini, S., Jeyanthi, N., & Durai, M. S. (2012). Secured multi-cloud virtual infrastructure with improved performance. Cybernetics and information technologies, 12(2), 11-22.
7. Leite, A. F. (2015). A user-centered and autonomic multi-cloud architecture for high performance computing applications.
8. AlZain, M. A., Soh, B., & Pardede, E. (2011, December). Mcdb: using multi-clouds to ensure security in cloud computing. In 2011 IEEE ninth international conference on dependable, autonomic and secure computing (pp. 784-791). IEEE.
9. Tripathi, M. K., & Sehgal, V. K. (2014, May). Establishing trust in cloud computing security with the help of inter-clouds. In 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies (pp. 1749-1752). IEEE.
10. Ouedraogo, W. F., Biennier, F., & Ghodous, P. (2013). Model driven security in a multi-cloud context. International Journal of Electronic Business Management, 11(3), 178.
11. Bohli, J. M., Gruschka, N., Jensen, M., Iacono, L. L., & Marnau, N. (2013). Security and privacy-enhancing multicloud architectures. IEEE Transactions on dependable and secure computing, 10(4), 212-224.
12. Warhade, R. G., & Vankudothu, B. (2015, November). Enhancing Cloud Security Using Multicloud Architecture and Device Based Identity. In 2015 7th International Conference on Emerging Trends in Engineering & Technology (ICETET) (pp. 34-39). IEEE.
13. Li, X., Ma, H., Yao, W., & Gui, X. (2015). Data-driven and feedback-enhanced trust computing pattern for large-scale multi-cloud collaborative services. IEEE transactions on services computing, 11(4), 671-684.
14. Kritikos, K., Kirkham, T., Kryza, B., & Massonet, P. (2015). Security enforcement for multi-cloud platforms–the case of paasage. Procedia Computer Science, 68, 103-115.
15. Bai, B. B., & Devi, N. R. (2014). Ensuring Security at Data Level in Cloud using Multi Cloud Architecture. The International Journal of Science and Technoledge, 2(6), 254.
16. Thakur, A. S., & Gupta, P. K. (2014). Framework to improve data integrity in multi cloud environment.
17. Balasaraswathi, V. R., & Manikandan, S. (2014, May). Enhanced security for multi-cloud storage using cryptographic data splitting with dynamic approach. In 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies (pp. 1190-1194). IEEE.
18. Aditya, S. K., Premkumar, K., Anitha, R., & Mukherjee, S. (2014, December). Combined security framework for multi-cloud environment. In The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014) (pp. 100-105). IEEE.
19. Evangeline, M. S., & Prasad, A. S. (2014). Scalable and Secure Multi Cloud Architecture for IaaS to Address the Performance Issues. International Journal of Computer Applications, 105(16).
20. Li, J., Ouedraogo, W. F., & Biennier, F. (2013, May). Multi-Cloud Governance Service based on Model Driven Policy Generation. In CLOSER (pp. 165-174).
21. Poulis, A., Panigyrakis, G., & Panos Panopoulos, A. (2013). Antecedents and consequents of brand managers’ role. Marketing Intelligence & Planning, 31(6), 654-673.
22. Shilpa, Lalitha, Prakash, A., & Rao, S. (2009). BFHI in a tertiary care hospital: Does being Baby friendly affect lactation success?. The Indian Journal of Pediatrics, 76, 655-657.
23. Gopinath, S., Janga, K. C., Greenberg, S., & Sharma, S. K. (2013). Tolvaptan in the treatment of acute hyponatremia associated with acute kidney injury. Case reports in nephrology, 2013(1), 801575.
24. Swarnagowri, B. N., & Gopinath, S. (2013). Ambiguity in diagnosing esthesioneuroblastoma--a case report. Journal of Evolution of Medical and Dental Sciences, 2(43), 8251-8255.
25. Malhotra, I., Gopinath, S., Janga, K. C., Greenberg, S., Sharma, S. K., & Tarkovsky, R. (2014). Unpredictable nature of tolvaptan in treatment of hypervolemic hyponatremia: case review on role of vaptans. Case reports in endocrinology, 2014(1), 807054.
26. Swarnagowri, B. N., & Gopinath, S. (2013). Pelvic Actinomycosis Mimicking Malignancy: A Case Report. tuberculosis, 14, 15.
27. Karakolias, S. E., & Polyzos, N. M. (2014). The newly established unified healthcare fund (EOPYY): current situation and proposed structural changes, towards an upgraded model of primary health care, in Greece. Health, 2014.
28. Polyzos, N., Karakolias, S., Dikeos, C., Theodorou, M., Kastanioti, C., Mama, K., ... & Thireos, E. (2014). The introduction of Greek Central Health Fund: Has the reform met its goal in the sector of Primary Health Care or is there a new model needed?. BMC health services research, 14, 1-11.
29. Polyzos, N. (2015). Current and future insight into human resources for health in Greece. Open Journal of Social Sciences, 3(05), 5.
30. Shakibaie-M, B. (2008). Microscope-guided external sinus floor elevation (MGES)–a new minimally invasive surgical technique. IMPLANTOLOGIE, 16(1), 21-31.
31. Vozikis, A., Panagiotou, A., & Karakolias, S. (2021). Α Tool for Litigation Risk Analysis for Medical Liability Cases. HAPSc Policy Briefs Series, 2(2), 268-277.
Copyright (c) 2016 Pavan Muralidhara, Vaishnavi Janardhan
This work is licensed under a Creative Commons Attribution 4.0 International License.
