A Multi-Layered Zero-Trust Security Framework for Cloud-Native and Distributed Enterprise Systems Using AI-Driven Identity and Access Intelligence
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V4I3P115Keywords:
Zero Trust, continuous authentication, identity and access management (IAM), risk-based access control, identity analytics, micro-segmentation, policy-as-code, anomaly detectionAbstract
Cloud-native and distributed enterprise systems span multi-cloud platforms, Kubernetes-based microservices, SaaS applications, and edge environments, where traditional perimeter-based security assumptions no longer hold. This paper proposes a multi-layered Zero-Trust Security Framework that enforces continuous verification across identities, devices, networks, workloads, and data. The framework is enhanced with AI-driven identity and access intelligence to replace static, rule-based authorization with adaptive, risk-aware policy enforcement. Context is collected from user behavior, device posture, and network conditions, then transformed into risk signals that support continuous authentication and dynamic access decisions. Policy-as-code enables consistent orchestration across ZTNA gateways, API gateways, service meshes, and cloud-native controls, while micro-segmentation limits lateral movement and reduces blast radius under assume-breach conditions. The model integrates with enterprise IAM, PAM, and SIEM to support privileged access governance, centralized auditing, and automated response actions such as step-up MFA, session restriction, or access revocation. In a simulated cloud-native environment using Kubernetes and identity-analytics datasets, the framework demonstrates strong detection effectiveness (94.7% accuracy) with low false positives (3.2%) and practical access latency (1.8 s), outperforming traditional IAM and basic Zero-Trust baselines. The results indicate that combining layered Zero-Trust enforcement with AI-guided identity risk scoring improves security resilience without sacrificing operational scalability in modern enterprise deployments
Downloads
References
[1] Jiang, H., Nagra, J., & Ahammad, P. (2016). SoK: Applying machine learning in security — A survey. arXiv. https://arxiv.org/abs/1611.03186.
[2] Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture (NIST Special Publication 800 207). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800 207
[3] Stafford, V. (2020). Zero trust architecture. NIST special publication, 800(207), 800-207.
[4] Alevizos, L., Ta, V. T., & Hashem Eiza, M. (2022). Augmenting zero trust architecture to endpoints using blockchain: A state‐of‐the‐art review. Security and privacy, 5(1), e191.
[5] Zero Trust Security, Stetinel One, Online. https://images.contentstack.io/v3/assets/blt53c99b43892c2378/blt1aa641555e52467c/68c98dd2bcb8301e4c01773e/zero-trust-security-1024x536.png.
[6] Dasgupta, D., Akhtar, Z., & Sen, S. (2020). Machine learning in cybersecurity: A comprehensive survey. Journal of Defense Modeling and Simulation. https://doi.org/10.1177/1548512920951275.
[7] Kamoun, F., Iqbal, F., Esseghir, M. A., & Baker, T. (2020, October). AI and machine learning: A mixed blessing for cybersecurity. In 2020 International Symposium on Networks, Computers and Communications (ISNCC) (pp. 1-7). IEEE.
[8] Prasad, R., & Rohokale, V. (2019). Artificial intelligence and machine learning in cyber security. In Cyber security: the lifeline of information and communication technology (pp. 231-247). Cham: Springer International Publishing.
[9] Conditional access to confidential documents using Azure AD and Azure Information Protection, 2017. Online. https://www.linkedin.com/pulse/conditional-access-confidential-documents-using-azure-alexandroni
[10] Sen, R., Heim, G., & Zhu, Q. (2022). Artificial intelligence and machine learning in cybersecurity: applications, challenges, and opportunities for MIS academics. Communications of the Association for Information Systems, 51(1), 28.
[11] Kim, Y., & Kim, H. K. (2021). Deep learning algorithms for cybersecurity applications: A technological and status review. Computer Science Review, 39, 100317. https://doi.org/10.1016/j.cosrev.2020.100317
[12] Pareek, C. S. (2022). Never Trust, Always Verify: Zero Trust Security Testing Framework. Journal of Artificial Intelligence & Cloud Computing, 1(1), 1-5.
[13] Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture (NIST Special Publication 800 207). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800 207
[14] Srivastava, R. (2021). Cloud Native Microservices with Spring and Kubernetes: Design and Build Modern Cloud Native Applications using Spring and Kubernetes (English Edition). BPB Publications.
[15] Vanickis, R., Jacob, P., Dehghanzadeh, S., & Lee, B. (2018, June). Access control policy enforcement for zero-trust-networking. In 2018 29th Irish Signals and Systems Conference (ISSC) (pp. 1-6). IEEE.
[16] Shang, C., Yang, Z., Liu, Q., & Zhao, C. (2008, December). A context based dynamic access control model for web service. In 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing (Vol. 2, pp. 339-343). IEEE.
[17] Zhang, Y., & Wu, X. (2016). Access control in Internet of Things: A survey. arXiv. https://arxiv.org/abs/1610.01065.
[18] Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture. NIST Special Publication 800 207. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800 207
[19] Ali, B., Hijjawi, S., Campbell, L. H., Gregory, M. A., & Li, S. (2022). A maturity framework for zero‐trust security in multiaccess edge computing. Security and Communication Networks, 2022(1), 3178760.
[20] Bhat, J., & Sundar, D. (2022). Building a Secure API-Driven Enterprise: A Blueprint for Modern Integrations in Higher Education. International Journal of Emerging Research in Engineering and Technology, 3(2), 123-134. https://doi.org/10.63282/3050-922X.IJERET-V3I2P113
[21] Bhat, J. (2022). The Role of Intelligent Data Engineering in Enterprise Digital Transformation. International Journal of AI, BigData, Computational and Management Studies, 3(4), 106-114. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I4P111
[22] Bhat, J., Sundar, D., & Jayaram, Y. (2022). Modernizing Legacy ERP Systems with AI and Machine Learning in the Public Sector. International Journal of Emerging Research in Engineering and Technology, 3(4), 104-114. https://doi.org/10.63282/3050-922X.IJERET-V3I4P112
[23] Sundar, D., & Jayaram, Y. (2022). Composable Digital Experience: Unifying ECM, WCM, and DXP through Headless Architecture. International Journal of Emerging Research in Engineering and Technology, 3(1), 127-135. https://doi.org/10.63282/3050-922X.IJERET-V3I1P113
[24] Sundar, D., Jayaram, Y., & Bhat, J. (2022). A Comprehensive Cloud Data Lakehouse Adoption Strategy for Scalable Enterprise Analytics. International Journal of Emerging Research in Engineering and Technology, 3(4), 92-103. https://doi.org/10.63282/3050-922X.IJERET-V3I4P111
[25] Sundar, D. (2022). Architectural Advancements for AI/ML-Driven TV Audience Analytics and Intelligent Viewership Characterization. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(1), 124-132. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I1P113
[26] Jayaram, Y., & Sundar, D. (2022). Enhanced Predictive Decision Models for Academia and Operations through Advanced Analytical Methodologies. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(4), 113-122. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I4P113
[27] Jayaram, Y., Sundar, D., & Bhat, J. (2022). AI-Driven Content Intelligence in Higher Education: Transforming Institutional Knowledge Management. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(2), 132-142. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I2P115
[28] Jayaram, Y., & Bhat, J. (2022). Intelligent Forms Automation for Higher Ed: Streamlining Student Onboarding and Administrative Workflows. International Journal of Emerging Trends in Computer Science and Information Technology, 3(4), 100-111. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I4P110
