Implementation of zero trust architecture based on the proposed model to ensure enterprise cyber-security
DOI:
https://doi.org/10.30837/rt.2025.3.222.02Keywords:
zero trust, zero trust architecture, zero trust architecture deployment models, information security, cybersecurityAbstract
Modern enterprises face increasingly complex cybersecurity challenges, requiring a new approach to protecting digital assets that will ensure secure access to corporate resources anytime, anywhere, as well as their effective function wherever they are located. Traditional approaches, such as perimeter-based security models, no longer guarantee an adequate level of security and are unable to effectively counter modern cyber threats, as enterprise infrastructure is undergoing significant changes related to the expansion of the attack surface, the growth in the number of connected devices, the development of artificial intelligence, the use of cloud technologies, and remote access. Given these changes and challenges, more organizations are turning their attention to a new concept and architecture of protection that can satisfy new requirements for information security and cybersecurity. Such a concept is currently the security paradigm known as “zero trust”, which is based on the principle of “never trust, always verify” and is defined as one of the most effective approaches to countering modern cyber threats. Given the dynamics of cyber threats and the architectural complexity of modern IT enterprises, the successful implementation of zero trust principles requires a systematic approach and involves the integration of modern technologies and security mechanisms. However, despite its obvious advantages, the process of implementing zero trust architecture in corporate information systems is accompanied by significant difficulties from both a technical and organizational point of view. The aim of this paper is to develop a model for implementing zero trust architecture to organize and ensure enterprise cybersecurity. The results presented in this paper are intended to help security specialists use the recommendations provided for the practical implementation of zero trust architecture in their IT enterprises in accordance with the proposed model. Specifically, the paper briefly discusses some recommendations for choosing zero trust architecture deployment models for various types of enterprise activities, and the proposed model for implementing zero trust architecture can help to understand the fundamental changes in the approach to organizing cybersecurity, and effectively implement the zero trust concept, considering the technical and organizational capabilities and requirements of a specific IT enterprise. The proposed zero trust architecture implementation model can serve as a guideline for the effective migration to zero trust architecture in modern digital enterprises, and its use opens significant prospects for the development of more reliable and scalable systems for protecting the information resources of IT enterprises, which is extremely relevant in today's digital cyberspace.
References
Marsh S.P. Formalising Trust as a Computational Concept. Department of Computing Science and Mathe-matics University of Stirling. 1994. 184 p.
Welborn R., Kasten V. The Jericho principle: how companies use strategic collaboration to find new sources of value. John Wiley & Sons. 2003. 288 p.
Ward R., Beyer B. Beyondcorp // A new approach to enterprise security. 2014. 39(6). P. 6–11.
Gilman E., Barth D. Zero Trust Networks: Building Secure Systems in Untrusted Networks. 2017. 315 p.
Cunningham C., Balaouras S., Barringham B., Dostie P. The Zero Trust eXtended (ZTX) Ecosystem. Ex-tending Zero Trust Security Across Your Digital Business. Forrester Research, Inc. Cambridge, MA. 2018. URL: https://www.cisco.com/c/dam/m/en_sg/solutions/security/pdfs/forrester-ztx.pdf.
Fisher B. Forrester’s Zero Trust or Gartner’s Lean Trust? 2019. URL: https://blogs.cisco.com/security/forresters-zero-trust-or-gartners-lean-trust.
Rose S., Borchert O., Mitchell S., Connelly S. Zero Trust Architecture // NIST Special Publication 800-207. 2020. https://doi.org/10.6028/NIST.SP.800–207.
National Cybersecurity Center of Excellence (NCCoE). Implementing a Zero Trust Architecture. URL: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture.
Єсін В. І., Вілігура В. В., Узлов Д. Ю. Огляд існуючих моделей та основних принципів нульової довір // Радіотехніка. 2024. Вип. 217. С. 39–54. https://doi.org/10.30837/rt.2024.2.217.03.
Greenberg A. The Untold Story of NotPetya, the Most Devastating Cyberattack in History // Wired. (2018). URL: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world.
Yampolskiy R., Spellchecker M. Artificial Intelligence Safety and Cybersecurity: a Timeline of AI Failures // arXiv preprint arXiv:1610.07997. 2016. 12 p. https://doi.org/10.48550/arXiv.1610.07997.
Chen B., Qiao S., Zhao J., Liu D., Shi X., Lyu M., Chen H., Lu H., Zhai Y. A Security Awareness and Pro-tection System for 5G Smart Healthcare Based on Zero-Trust Architecture // IEEE Internet of Things Journal. 8(13). 2020. P. 10248–10263. https://doi.org/10.1109/JIOT.2020.3041042.
MarketsandMarkets. Zero Trust Security Market. (2024). URL: https://marketsandmarkets.com/PressReleases/zero-trust-security.
Bertino E. Zero Trust Architecture: Does It Help? // IEEE Security & Privacy. 2021. 19(05). P. 95–96. https://doi.org/10.1109/MSEC.2021.3091195.
Єсін В. І., Вілігура В. В., Узлов Д. Ю. Архітектура нульової довіри: проблеми та рекомендації щодо успішного впровадження // Радіотехніка. 2024. Вип. 218. С. 7–34. https://doi.org/10.30837/rt.2024.3.218.01.
Cunningham C., Holmes D., Pollard J. The eight business and security benefits of zero trust // Forrester Re-search, Inc. 2019. URL: https://www.forrester.com/report/the-eight-business-and-security-benefits-of-zerotrust/RES134863.
Fernandez E. B., Brazhuk A. A critical analysis of Zero Trust Architecture (ZTA) // Computer Standards & Interfaces. 2024. Vol. 89. 103832. https://doi.org/10.1016/j.csi.2024.103832.
Teerakanok S., Uehara T., Inomata A. Migrating to Zero Trust Architecture: Reviews and Challenges // Se-curity and Communication Networks. 2021. Vol. 6. P. 1–10. https://dx.doi.org/10.1155/2021/9947347.
Phiayura P., Teerakanok S. A Comprehensive Framework for Migrating to Zero Trust Architecture // IEEE Access. 2023. Vol. 11. P. 19487–19511. https://10.1109/ACCESS.2023.3248622.
Ali B., Hijjawi S., Campbell L. H., Gregory M. A., Li S. A Maturity Framework for Zero-Trust Security in Multiaccess Edge Computing // Security and Communication Networks. 2022. P. 1–14. https://doi.org/10.1155/2022/3178760.
Haber M. J. Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organiza-tions, 2nd ed. New York, NY, USA: Apress. 2020. 384 p.
Foltz K. E., Simpson W. R. Zero Trust Technology Integration Issues. Institute for Defense Analyses. 2021. P. 34. URL: https://www.jstor.org/stable/resrep34846.
Bertino E., Brancik K. Services for Zero Trust Architectures – A Research Roadmap // IEEE International Conference on Web Services (ICWS), Chicago, IL, USA, 2021. P. 14–20. https://doi.org/10.1109/ICWS53863.2021.00016.
CISCO. From MFA to Zero Trust: A Five-Phase Journey to Securing the Federal Workforce. 2021. URL: https://www.cisco.com/c/dam/global/en_uk/products/collateral/security/zero-trust/mfa-zero-trust-five-phase-journey-securing-workforce.pdf.
Osborn B., McWilliams J., Beyer B., Saltonstall M. BeyondCorp: Design to deployment at Google. 2016. 41(1). P. 28–34.
Hirning D. Implementing a Zero Trust Security Model at Microsoft. 2025. URL: https://www.microsoft.com/insidetrack/blog/implementing-a-zero-trust-security-model-at-microsoft/.
AWS Prescriptive Guidance: Embracing Zero Trust: A strategy for secure and agile business transformation. 2025. URL: https://docs.aws.amazon.com/pdfs/prescriptive-guidance/latest/strategy-zero-trust-architecture/strategy-zero-trust-architecture.pdf.
ON2IT. A Hands-on Approach to Zero Trust Implementation. 2020. URL: https://www.cymbel.com/wp-content/uploads/2020/10/A-hands-on-approach-to-Zero-Trust-implementation.pdf.
Best Practices Implementing Zero Trust with Palo Alto Networks. Palo Alto Networks, Inc. 2024. URL: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/best-practices/zero-trust-best-practices/zero-trust-best-practices.pdf.
Garbis J., Chapman J. W. Zero Trust Security: An Enterprise Guide. Berkeley, CA : Apress, 2021. 300 p.
Ross R., Winstead M., McEvilley M. Engineering Trustworthy Secure Systems // NIST Special Publication. NIST SP 800-160v1r1. 2022. 195 p. https://doi.org/10.6028/NIST.SP.800-160v1r1.
Goldwasser S., Micali S., Rackoff C. The knowledge complexity of interactive proof-systems // Proceedings of the seventeenth annual ACM symposium on Theory of computing (STOC '85). Association for Computing Machin-ery, New York, NY, USA, 1985. P. 291–304. https://doi.org/10.1145/22145.22178.
Fiege U., Fiat A., Shamir A. Zero knowledge proofs of identity // Proceedings of the nineteenth annual ACM symposium on Theory of computing. 1987. P. 210–217. https://doi.org/10.1145/28395.28419.
Blum M., Feldman P., Micali S. Non-interactive zero-knowledge and its applications // Proceedings of the twentieth annual ACM symposium on Theory of computing (STOC '88). Association for Computing Machinery, New York, NY, USA, 1988. P. 103–112. https://doi.org/10.1145/62212.62222.
Goldreich O. Foundations of Cryptography. Basic Tools (Vol. 1). Cambridge University Press, 2001. 372 p.
Ben-Sasson E., Chiesa A., Tromer E., Virza, M. Succinct Non-Interactive Zero Knowledge for a von Neu-mann Architecture // 23rd USENIX Security Symposium (USENIX Security 14). August 20-22, 2014. San Diego, CA. 2014. P. 781–796. URL: https://eprint.iacr.org/2013/879.pdf.
Cloud Security Alliance (CSA). Software-Defined Perimeter (SDP) Specification v2.0. (2022). URL: https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2.
Chailloux A., Ciocan D. F., Kerenidis I., Vadhan S. (2008). Interactive and Noninteractive Zero Knowledge are Equivalent in the Help Model // Canetti R. (eds) Theory of Cryptography. TCC 2008. Lecture Notes in Computer Science. Springer, Berlin, Heidelberg. 2008. Vol. 4948. P. 501–534. https://doi.org/10.1007/978-3-540-78524-8_28.
Junkai L., Daqi H., Pengfei W., Yunbo Y., Qingni S., Zhonghai W. SoK: Understanding zk-SNARKs: The Gap Between Research and Practice. arXiv. arXiv:2502.02387. 2025. 24 p. https://doi.org/10.48550/arXiv.2502.02387.
Ben-Sasson E., Bentov I., Horesh Y., Riabzev M. Scalable, transparent, and post-quantum secure computa-tional integrity // Cryptology ePrint Archive. 2018. 046.
Liskov M. Updatable Zero-Knowledge Databases // Roy B. (eds) Advances in Cryptology – ASIACRYPT 2005. ASIACRYPT 2005. Lecture Notes in Computer Science. Springer, Berlin, Heidelberg. 2005. Vol. 3788. P. 174–198. https://doi.org/10.1007/11593447_10.
American Council for Technology and Industry Advisory Council (ACT-IAC). Zero Trust Cybersecurity Current Trends. 2019. 29 p. URL: https://www.actiac.org/documents/zero-trust-cybersecurity-current-trends.
Department of Defense (DOD). Zero Trust Reference Architecture. Version 1.0. 2021. URL: https://www.texasre.org/Documents/Resource%20Hub/Cybersecurity/Zero%20Trust%20Reference%20Architecture.pdf.
Department of Defense (DoD). Zero Trust Strategy. The US Department of Defense. Version 2.0. 2022. URL: https://dodcio.defense.gov/Portals/0/Documents/Library/DoD-ZTStrategy.pdf.
Department of Defense (DoD). Zero Trust Reference Architecture. Version 2.0. Defense Information Sys-tems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team. 2022. 104 p. URL: https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v2.0(U)_Sep22.pdf.
Badshah S., Khan A. A., Khan B. Towards process improvement in DevOps: A systematic literature review // Proceedings of the 24th International Conference on Evaluation and Assessment in Software Engineering. (EASE '20). Association for Computing Machinery, New York, NY, USA. 2020. P. 427–433. http://dx.doi.org/10.1145/3383219.3383280.
Davis J., Daniels R. Effective DevOps: Building a Culture of Collaboration, Affinity, and Tooling at Scale 1st Ed. O’Reilly Media, Inc. 2016. 408 p.
Сусукайло В. А. Використання підходу DevSecOps для аналізу сучасних загроз інформаційної безпеки // Кібербезпека: освіта, наука, техніка. 2021. 2(14). C. 26–35. https://doi.org/10.28925/2663-4023.2021.14.2635.
Prates L., Pereira R. DevSecOps practices and tools // International Journal of Information Security. 2024. Vol. 24. 11. https://doi.org/10.1007/s10207-024-00914-z.
Turner S., Holmes D., Cunningham C., Budge J., McKay P., Cser A., Shey H., Maxim M. A. A Practical Guide To A Zero Trust Implementation. Forrester Research, Inc. 2021. 14 p. URL: https://www.forrester.com/report/a-practical-guide-to-a-zero-trust-implementation/RES157736.
Uttecht K. D. Zero trust (ZT) concepts for federal government architectures // MIT Lincoln Laboratory. 2020. 58 p. URL: https://apps.dtic.mil/sti/pdfs/AD1108910.pdf.
Peck J., Beyer B., Beske C., Saltonstall M. Migrating to BeyondCorp // Maintaining productivity while im-proving security. 2017. 42(2). P. 1–7.
URL: https://www.usenix.org/system/files/login/articles/login_summer17_10_peck.pdf.
Chandramouli R., Butcher Z. NIST Special Publication 800-207A. A Zero Trust Architecture Model for Ac-cess Control in Cloud-Native Applications in Multi-Location Environments // National Institute of Standards and Tech-nology. 2023. 31 p. https://doi.org/10.6028/NIST.SP.800-207A.
Collier Z. A., Sarkis J. The zero trust supply chain: Managing supply chain risk in the absence of trust // In-ternational Journal of Production Research. 2021. 59(11). P. 3430–3445. https://doi.org/10.1080/00207543.2021.1884311.
Sin L.W., Samsudin A.E., Zengeni I.P., Zolkipli M.F. Zero Trust Security Models in Penetration Testing // International Journal of Advances in Engineering and Management (IJAEM). 2024. 6(7). P. 442–450. URL: https://ijaem.net/issue_dcp/Zero%20Trust%20Security%20Models%20in%20Penetration%20Testing.pdf.
Akamai Security. A Blueprint for Building a Zero Trust Architecture. 2024. URL: https://www.akamai.com/site/en/documents/white-paper/a-blueprint-for-building-a-zero-trust-architecture-white-paper.pdf.
Adahman Z., Malik A.W., Anwar Z. An analysis of zero-trust architecture and its cost-effectiveness for or-ganizational security // Computers & Security. 2022. 122(1). 102911. https://doi.org/10.1016/j.cose.2022.102911.
Mavroudis V. Zero-Trust Network Access (ZTNA). arXiv. 2024. 10 p. https://doi.org/10.48550/arXiv.2410.20611.
Al-Ofeishat H., Alshorman R. Build a Secure Network Using Segmentation and Micro-segmentation Tech-niques // International Journal of Computing and Digital Systems. 2024. 16(1). P. 1499–1508. http://dx.doi.org/10.12785/ijcds/1601111.
Zero Trust Architecture: A Paradigm Shift in Cybersecurity and Privacy. 2021. URL: https://www.pwc.com/sg/en/publications/assets/page/zero-trust-architecture.pdf.
Ahmed I., Nahar T., Urmi S. S., Taher K. A. Protection of Sensitive Data in Zero Trust Model. In Proceed-ings of the International Conference on Computing Advancements (ICCA '20) // Association for Computing Machinery, New York, NY, USA. 2020. 63(1). P. 1–5. https://doi.org/10.1145/3377049.3377114.
Microsoft. Zero Trust deployment plan with Microsoft 365. 2025. URL: https://learn.microsoft.com/en-us/microsoft-365/security/microsoft-365-zero-trust.
Kinyua J., Awuah L. AI/ML in security orchestration, automation and response: Future research directions // Intelligent Automation & Soft Computing. 2021. 28(2). P. 527–545. https://doi.org/10.32604/iasc.2021.016240.
He Y., Huang D., Chen L., Ni Y., Ma X. A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing. 2022. 13 p. https://doi.org/10.1155/2022/6476274.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
