Co esponding au ho : Na een Kuma Bi u
Copy igh © 2025 Au ho (s) e ain he copy igh o his a icle. This a icle is published unde he e ms o he C ea i e Commons A ibu ion License 4.0.
Ze o us a scale: Secu i y a chi ec u e o dis ibu ed en e p ises
Na een Kuma Bi u *
Uni e si y o Sou he n Cali o nia, USA.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3027-3036
Publica ion his o y: Recei ed on 09 Ap il 2025; e ised on 18 May 2025; accep ed on 20 May 2025
A icle DOI: h ps://doi.o g/10.30574/wja .2025.26.2.1939
Abs ac
Ze o T us A chi ec u e (ZTA) has eme ged as he essen ial secu i y pa adigm o mode n dis ibu ed en e p ises acing
challenges ac oss cloud en i onmen s, geog aphies, and emo e wo k o ces. This a chi ec u e undamen ally shi s
secu i y om loca ion-based us o iden i y and policy-based e i ica ion, equi ing con inuous au hen ica ion and
au ho iza ion o e e y access eques ega dless o o igin. The model encompasses h ee co e componen s: iden i y-
cen ic secu i y ha es ablishes iden i y as he new pe ime e , mic osegmen a ion o sys ema ic isola ion o esou ces,
and con ex ual access policies ha inco po a e eal- ime isk assessmen s. O ganiza ions implemen ing Ze o T us
epo subs an ial secu i y imp o emen s, including educed b each cos s and smalle a ack su aces. Despi e clea
bene i s, implemen a ion challenges pe sis , pa icula ly a ound legacy sys em in eg a ion, pe o mance op imiza ion,
and alignmen wi h de elopmen p ac ices. Technical conside a ions include se ice mesh in eg a ion, iden i y
managemen a scale, and comp ehensi e API secu i y con ols. While he jou ney owa d Ze o T us p esen s
complexi y, i o e s a s uc u ed pa h o secu ing oday's in e connec ed digi al landscapes by decoupling iden i y
om ne wo k loca ion and en o cing he p inciple o leas p i ilege ac oss en e p ise en i onmen s.
Keywo ds: Au hen ica ion; Cybe secu i y; Enc yp ion; Mic osegmen a ion; Ze o-T us
1. In oduc ion
In oday's apidly e ol ing digi al landscape, en e p ises ace unp eceden ed secu i y challenges as hey expand ac oss
mul iple cloud p o ide s, geog aphies, and emb ace emo e wo k o ces. O ganiza ions a e inc easingly dis ibu ing
hei digi al asse s ac oss complex en i onmen s, wi h 76% o en e p ises now ope a ing mul i-cloud in as uc u es
ha span an a e age o 3.7 di e en se ice p o ide s [1]. This expansion has in oduced signi ican complexi y in o
secu i y a chi ec u es, as secu i y eams mus con end wi h p oli e a ing a ack su aces ha ex end well beyond
adi ional ne wo k bounda ies.
T adi ional pe ime e -based secu i y models—buil on he concep o a us ed in e nal ne wo k p o ec ed by
i ewalls—ha e become inc easingly inadequa e in add essing hese challenges. Recen secu i y me ics demons a e
his inadequacy, wi h 95% o b eaches being a ibu able o human e o despi e exis ing pe ime e con ols [1].
Fu he mo e, he a e age o al cos o a da a b each has eached $4.88 million in 2024, ma king a 10.7% inc ease om
he p e ious yea acco ding o he Cos o a Da a B each Repo [2]. O ganiza ions wi h dis ibu ed wo k o ces ace
e en g ea e challenges, as emo e wo k a angemen s ha e expanded he ypical en e p ise a ack su ace by 37%
since 2020, c ea ing nume ous new en y poin s o po en ial a acke s.
This a icle explo es Ze o T us A chi ec u e (ZTA) as he eme ging secu i y pa adigm o mode n dis ibu ed
en e p ises. The implemen a ion o Ze o T us p inciples has demons a ed measu able secu i y bene i s, wi h
o ganiza ions ha ha e deployed ma u e Ze o T us p og ams expe iencing b each cos s ha a e $1.44 million lowe
han hose wi hou such amewo ks in place [2]. The adop ion cu e o Ze o T us has accele a ed signi ican ly in
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3027-3036
3028
esponse o hese economics, wi h 49% o o ganiza ions now epo ing subs an ial p og ess in implemen ing Ze o T us
ini ia i es compa ed o jus 21% in 2020 [2]. Secu i y mode niza ion has become pa icula ly u gen as h ea ac o s
con inue o e ol e hei echniques, wi h c eden ial he emaining he mos common ini ial a ack ec o a 29% o
b eaches, ollowed closely by phishing a 19% [2]. These s a is ics unde sco e he necessi y o mo ing beyond
pe ime e -based secu i y o a model ha e i ies e e y access eques ega dless o i s o igin.
The d ama ic shi owa d hyb id wo k en i onmen s has c ea ed addi ional complexi ies, as 68% o o ganiza ions
epo signi ican di icul ies main aining isibili y in o use ac i i ies ac oss dis ibu ed ne wo ks. This lack o isibili y
co ela es s ongly wi h inc eased b each cos s, wi h o ganiza ions equi ing mo e han 300 days o iden i y and
con ain b eaches acing a e age cos s o $5.99 million—app oxima ely 23% highe han he global a e age [2]. The
business case o Ze o T us implemen a ion has hus become compelling om bo h secu i y and inancial pe spec i es,
d i ing wha indus y obse e s cha ac e ize as a undamen al a chi ec u al shi in en e p ise secu i y s a egy.
2. The Pa adigm Shi : F om Pe ime e o Ze o T us
The undamen al p inciple o Ze o T us is elegan ly simple ye e olu iona y: **assume no de ice, use , o se ice is
us wo hy by de aul **. This ep esen s a comple e depa u e om con en ional secu i y hinking ha classi ied
ne wo ks as ei he "inside" ( us ed) o "ou side" (un us ed). T adi ional pe ime e -cen ic secu i y models ope a e
on he p emise ha de ense mechanisms should concen a e on ne wo k bounda ies, despi e e idence showing his
app oach lea es o ganiza ions ulne able o sophis ica ed h ea s ha bypass o o igina e wi hin hese pe ime e s.
Acco ding o secu i y esea ch, o e 70% o ne wo k a ic now mo es in an eas -wes di ec ion inside pe ime e s
a he han c ossing hem, ende ing adi ional models inc easingly ine ec i e in p o ec ing mode n dis ibu ed
sys ems [3]. The limi a ions o pe ime e -based app oaches become pa icula ly e iden when conside ing ha 60% o
b eaches in ol e c eden ials wi h excessi e p i ileges, bypassing pe ime e con ols en i ely.
Ze o T us shi s secu i y ocus om loca ion-based us o iden i y and policy-based us . Unde his model, e e y
eques mus unde go igo ous au hen ica ion, au ho iza ion, and con inuous e i ica ion based on con ex ual ac o s—
ega dless o whe e i o igina es. This shi aligns wi h he co e p inciples ou lined in NIST Special Publica ion 800-207,
which de ines Ze o T us as "a cybe secu i y pa adigm ocused on esou ce p o ec ion and he p emise ha us is
ne e g an ed implici ly bu mus be con inually e alua ed" [4]. O ganiza ions implemen ing Ze o T us a chi ec u e
ypically obse e a signi ican educ ion in hei a ack su ace, wi h esea ch indica ing ha p ope implemen a ion
can educe he exploi able a ack su ace by up o 45%, pa icula ly o la e al mo emen a acks ha adi ionally
p o e mos damaging once pe ime e s a e b eached [3].
Figu e 1 P ima y Ba ie s o Ze o T us Implemen a ion
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3027-3036
3029
3. Co e Componen s o Ze o T us A chi ec u e
3.1. Iden i y-Cen ic Secu i y
In a Ze o T us en i onmen , iden i y becomes he new pe ime e . NIST guidelines emphasize ha "all esou ce
au hen ica ion and au ho iza ion a e dynamic and s ic ly en o ced be o e access is allowed," es ablishing iden i y
e i ica ion as he co ne s one o he secu i y model [4]. This undamen al shi ecognizes ha adi ional ne wo k
loca ion no longe se es as a iable p oxy o us o secu i y. En e p ise adop ion o s ong iden i y managemen
ounda ions has become c i ical as o ganiza ions inc easingly ope a e in hyb id and mul i-cloud en i onmen s, wi h
esea ch indica ing ha 92% o en e p ises now u ilize mul iple iden i y sys ems ac oss hei echnological landscape
[3]. The implemen a ion o mul i- ac o au hen ica ion ep esen s a baseline equi emen , no simply as a bes p ac ice
bu as an essen ial con ol mechanism o Ze o T us a chi ec u e. The con inuous alida ion o iden i y claims ex ends
beyond adi ional session-based app oaches, wi h leading implemen a ions now pe o ming con inuous
au hen ica ion checks h oughou each session a he han only a ini ial connec ion. O ganiza ions ha implemen
iden i y-cen ic secu i y measu es aligned wi h Ze o T us p inciples epo an a e age 37% educ ion in iden i y-based
comp omise inciden s compa ed o adi ional pe ime e -based app oaches [3]. The sepa a ion o iden i y om
ne wo k loca ion enables secu i y eams o apply consis en con ols ega dless o whe e esou ces o use s a e loca ed
physically o logically wi hin he en e p ise a chi ec u e, add essing a c i ical gap in adi ional secu i y models whe e
loca ion o en se ed as an implici us ac o .
3.2. Mic osegmen a ion and Wo kload Secu i y
Ze o T us a chi ec u es employ mic osegmen a ion o con ain po en ial h ea s h ough sys ema ic isola ion o
ne wo k esou ces. This app oach ep esen s a d ama ic e olu ion om adi ional ne wo k segmen a ion, p o iding
g anula con ol a he wo kload le el a he han b oad ne wo k segmen s. Acco ding o NIST, "A key componen o a
ma u e ZTA deploymen is he use o sepa a e in as uc u e o di e en classes o da a/ esou ces," demons a ing
how segmen a ion se es as bo h an a chi ec u al and secu i y con ol [4]. The en o cemen o s ic communica ion
policies be ween segmen s is inc easingly implemen ed h ough so wa e-de ined app oaches a he han ha dwa e
cons uc s, wi h 76% o en e p ises now implemen ing some o m o so wa e-de ined segmen a ion [3]. Mode n Ze o
T us deploymen s au ho ize connec ions based on wo kload iden i y a he han ne wo k loca ion, le e aging
c yp og aphic iden i y ma ke s ha canno be easily spoo ed o ans e ed be ween sys ems. Resea ch indica es ha
o ganiza ions implemen ing comp ehensi e mic osegmen a ion expe ience a subs an ial educ ion in b each impac ,
wi h p ope ly segmen ed en i onmen s showing a 66% smalle b each scope compa ed o adi ionally segmen ed
ne wo ks [3]. The abili y o educe a ack su aces and limi la e al mo emen wi hin ne wo ks ep esen s a quan i iable
secu i y bene i , as a acke s ypically equi e access o an a e age o 4.7 sys ems be o e eaching hei ul ima e a ge
in en e p ise ne wo ks. Mic osegmen a ion di ec ly add esses his a ack pa e n by implemen ing s ic eas -wes
a ic con ols ha d ama ically educe an a acke 's abili y o mo e la e ally once ini ial access is gained. This
app oach ensu es ha se ices communica e only when explici ly pe mi ed, signi ican ly educing he blas adius o
po en ial secu i y b eaches by en o cing he p inciple o leas p i ilege a he ne wo k le el.
3.3. Con ex ual Access Policies
Dynamic policy en o cemen is cen al o Ze o T us implemen a ion, wi h NIST de ining a co e ene ha "access o
esou ces is de e mined by dynamic policy—including he obse able s a e o clien iden i y, applica ion/se ice, and
he eques ing asse —and may include o he beha io al and en i onmen al a ibu es" [4]. This con ex ual app oach
undamen ally al e s how access decisions a e made, mo ing beyond s a ic ules o inco po a e eal- ime isk
assessmen . Use iden i y and a ibu es se e as p ima y inpu s o hese decisions, wi h ad anced implemen a ions
e alua ing no jus au hen ica ion s a us bu ongoing beha io pa e ns h oughou sessions. De ice heal h and
compliance s a us ep esen equally c i ical ac o s, wi h 83% o o ganiza ions now inco po a ing endpoin pos u e
assessmen s in o hei access con ol amewo ks [3]. Reques con ex , including iming, loca ion, and beha io al
pa e ns, enables o ganiza ions o iden i y anomalous access a emp s e en when alid c eden ials a e p esen ed,
add essing a key weakness in adi ional access models. Da a sensi i i y classi ica ion has eme ged as an essen ial inpu
o con ex ual policies, wi h o ganiza ions implemen ing da a-cen ic con ols epo ing 31% ewe da a ex il a ion
inciden s compa ed o hose elying p ima ily on pe ime e p o ec ions [3]. En i onmen al isk ac o s comple e he
con ex ual pic u e, allowing secu i y sys ems o ele a e sc u iny du ing pe iods o heigh ened h ea o unusual ac i i y
pa e ns. NIST guidance emphasizes ha hese con ex ual elemen s should in o m eal- ime decisions abou whe he
o g an , limi , o deny access o esou ces, no ing ha "subjec access o en e p ise esou ces should be g an ed on a
pe -session basis" a he han h ough pe sis en au ho iza ions [4].
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3027-3036
3030
Figu e 2 Quan i iable Bene i s o Ze o T us Implemen a ion
4. Implemen ing Ze o T us a Scale
Scaling Ze o T us ac oss dis ibu ed en e p ises p esen s se e al key challenges ha equi e sys ema ic a chi ec u al
app oaches. Recen indus y esea ch e eals he cu en s a e o Ze o T us adop ion, wi h only 8% o o ganiza ions
ha ing implemen ed Ze o T us ac oss hei en i e en e p ise, while 49% a e implemen ing in speci ic a eas and 34%
a e s ill in he planning s ages [5]. This implemen a ion gap unde sco es he complexi y o scaling Ze o T us beyond
pilo p ojec s o comp ehensi e en e p ise co e age. The jou ney owa d ma u e Ze o T us is clea ly challenging, wi h
he op ba ie s o implemen a ion including he di icul y o p o ec ing legacy sys ems (ci ed by 46% o esponden s),
ollowed by he complexi y o implemen a ion (41%), and conce ns abou use expe ience impac (38%) [5].
O ganiza ions p og essing on hei Ze o T us jou ney ypically ocus on secu ing iden i y as hei p ima y s a ing
poin , wi h 49% indica ing i 's hei op Ze o T us p io i y, highligh ing he ounda ional ole o iden i y in success ul
implemen a ions.
4.1. Fede a ed Iden i y Managemen
La ge o ganiza ions mus implemen ede a ed iden i y solu ions ha can p o ide seamless ye secu e access ac oss
dis ibu ed en i onmen s. En e p ise iden i y landscapes ha e g own inc easingly complex, wi h o ganiza ions
managing nume ous iden i y sys ems ac oss hei echnology po olio. Resea ch indica es ha while iden i y-based
secu i y is becoming cen al o Ze o T us s a egies, only 29% o o ganiza ions a e e y con iden in hei iden i y
secu i y con ols [5]. This con idence gap c ea es signi ican challenges o Ze o T us implemen a ion, as inconsis en
iden i y p ac ices di ec ly unde mine he us model's e ec i eness. O ganiza ions epo ha 89% ha e expe ienced
a leas one iden i y- ela ed b each in ecen yea s, unde sco ing he c i ical impo ance o obus iden i y managemen
[5]. Fede a ed solu ions mus span mul iple cloud en i onmen s, wi h he di e si y o cloud pla o ms c ea ing
addi ional complexi y o iden i y managemen . Suppo ing di e se au hen ica ion me hods has become a p ac ical
necessi y, as 57% o o ganiza ions epo using p i ileged iden i y managemen solu ions as pa o hei Ze o T us
app oach [5]. Main aining consis en iden i y e i ica ion s anda ds p esen s a signi ican ope a ional challenge, as
o ganiza ions s uggle wi h he di e si y o applica ions and sys ems in hei en i onmen . The g owing emphasis on
machine iden i ies u he complica es ede a ed iden i y managemen , wi h 73% o o ganiza ions epo ing ha hey
manage mo e machine iden i ies han human iden i ies, c ea ing an expanded iden i y su ace ha equi es consis en
secu i y con ols [5].
4.2. End- o-End Enc yp ion
Ze o T us equi es pe asi e enc yp ion o p o ec da a h oughou i s li ecycle, elimina ing implici us in ne wo k
bounda ies o anspo mechanisms. The implemen a ion o end- o-end enc yp ion se es as a undamen al building
block o Ze o T us en i onmen s, ensu ing da a con iden iali y ac oss all communica ion pa hs. While enc yp ion is a
widely ecognized equi emen , implemen a ion challenges emain signi ican ac oss en e p ises. Resea ch indica es
ha o ganiza ions a e inc easingly ocusing on enc yp ion as pa o hei cybe secu i y s a egy, wi h da a enc yp ion
anking as he ou h mos common secu i y con ol used o suppo Ze o T us implemen a ion (employed by 43% o
o ganiza ions) [5]. API communica ions ac oss o ganiza ional bounda ies ep esen pa icula isk ec o s,
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3027-3036
3031
necessi a ing s ong enc yp ion con ols o main ain secu i y as in o ma ion a e ses sys em bounda ies. In e nal eas -
wes a ic be ween mic ose ices equi es equal p o ec ion, as la e al mo emen wi hin ne wo ks emains a p ima y
a ack echnique once ini ial access is achie ed. Ze o T us A chi ec u e implemen a ion equi es add essing hese
enc yp ion needs h ough consis en policies and echnologies ha ensu e all communica ion pa hs main ain
app op ia e p o ec ion le els ega dless o hei o igin o des ina ion [6]. Au hen ica ion lows and c eden ial
exchanges demand he highes le els o p o ec ion, wi h implemen a ion app oaches ha inco po a e s ong
c yp og aphic p ac ices o p e en c eden ial he o manipula ion. Sys ema ic key managemen p esen s a pa icula
challenge o en e p ise-scale implemen a ions, equi ing coo dina ed app oaches ha balance secu i y equi emen s
wi h ope a ional complexi y ac oss di e se echnology en i onmen s.
4.3. Dis ibu ed Policy En o cemen
Policy en o cemen mus occu a mul iple laye s wi hin he echnology s ack o implemen Ze o T us p inciples
e ec i ely a en e p ise scale. The a chi ec u al app oach o policy en o cemen ep esen s a c i ical success ac o o
Ze o T us implemen a ions, wi h 70% o o ganiza ions epo ing di icul y inco po a ing consis en policy
en o cemen ac oss hei dis ibu ed en i onmen s [5]. Ne wo k laye en o cemen h ough nex -gene a ion i ewalls
and secu e ga eways p o ides he ounda ional secu i y laye , wi h 55% o o ganiza ions implemen ing secu e
ga eways as pa o hei Ze o T us s a egy [5]. Se ice mesh a chi ec u es enable ine-g ained policy con ol in
con aine ized en i onmen s, p o iding c i ical capabili y o applying Ze o T us p inciples o mode n applica ion
a chi ec u es. The s a egic implemen a ion o Ze o T us A chi ec u e equi es coo dina ion ac oss mul iple
a chi ec u al laye s, beginning wi h he planning s age whe e secu i y and business equi emen s a e aligned,
con inuing h ough design and build phases whe e speci ic con ols a e implemen ed, and ex ending in o he
ope a ional phase whe e ongoing moni o ing and adjus men ensu e secu i y e ec i eness [6]. Applica ion laye
en o cemen h ough API ga eways has become equally essen ial, wi h API secu i y ep esen ing a g owing ocus a ea
o o ganiza ions implemen ing Ze o T us . The laye ed app oach o policy en o cemen aligns wi h Ze o T us 's
de ense-in-dep h p inciple, c ea ing mul iple con ol poin s ha collec i ely educe secu i y isk e en when indi idual
componen s may ha e ulne abili ies o gaps in co e age. O ganiza ions implemen ing comp ehensi e policy
en o cemen amewo ks epo signi ican ad an ages in secu i y pos u e, wi h he abili y o apply consis en con ols
ega dless o whe e applica ions o da a eside wi hin he en e p ise ecosys em [6].
4.4. Comp ehensi e Obse abili y
Figu e 3 Cu en S a e o Ze o T us Implemen a ion [5]
E ec i e Ze o T us implemen a ion demands obus eleme y and moni o ing capabili ies ha span he en i e
en e p ise echnology landscape. Visibili y ac oss he en i onmen se es as bo h an enable o Ze o T us and a
bene i o i s implemen a ion, wi h ad anced moni o ing capabili ies appea ing consis en ly in ma u e Ze o T us
a chi ec u es. Resea ch indica es ha o ganiza ions a e inc easingly ecognizing he alue o moni o ing capabili ies,
wi h 42% implemen ing expanded logging and moni o ing as pa o hei Ze o T us s a egy [5]. The collec ion and
analysis o secu i y e en s o m he ounda ion o his capabili y, wi h comp ehensi e isibili y enabling bo h p oac i e
h ea iden i ica ion and e ec i e inciden esponse. Beha io al analysis o de ec anomalous access pa e ns has
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3027-3036
3032
eme ged as a c i ical capabili y, wi h ools ha es ablish baseline beha io s and iden i y de ia ions ha may indica e
secu i y h ea s. The Ze o T us implemen a ion jou ney includes speci ic phases o ope a ional moni o ing and
adjus men , ensu ing ha secu i y con ols emain e ec i e as en i onmen s and h ea s e ol e o e ime [6].
Au oma ed esponse capabili ies o suspicious ac i i ies comple e he secu i y eedback loop, enabling apid mi iga ion
o po en ial h ea s be o e hey can cause signi ican damage. An e ec i e implemen a ion app oach inco po a es
moni o ing om he ea lies planning s ages, ensu ing ha isibili y equi emen s a e conside ed as undamen al
a chi ec u al componen s a he han a e hough s [6]. Con inuous eedback loops o e ine secu i y policies ep esen
he inal componen o comp ehensi e obse abili y, wi h ma u e implemen a ions le e aging ope a ional da a o
adjus secu i y con ols based on ac ual en i onmen al condi ions and eme ging h ea s.
5. Technical Conside a ions o Implemen a ion
The echnical implemen a ion o Ze o T us a chi ec u e equi es ca e ul conside a ion o mul iple in as uc u e
componen s and secu i y con ols ha collec i ely enable he en o cemen o Ze o T us p inciples. As o ganiza ions
mo e owa d dis ibu ed and cloud-na i e a chi ec u es, he echnical complexi y o implemen ing Ze o T us inc eases
subs an ially. Resea ch shows ha app oxima ely 50% o o ganiza ions oday a e a a ious s ages o Ze o T us
implemen a ion, wi h mos s ill in ea ly phases o ma u i y [7]. This inc emen al adop ion e lec s bo h he complexi y
o implemen a ion and he need o balance secu i y imp o emen wi h ope a ional con inui y. The p ima y echnical
challenges e ol e a ound in eg a ing Ze o T us con ols wi h exis ing in as uc u es, pa icula ly in en e p ises wi h
es ablished echnology landscapes ha we en' designed wi h Ze o T us p inciples in mind. A sys ema ic app oach o
hese challenges ypically equi es conside a ion o se ice a chi ec u es, iden i y sys ems, and API secu i y
amewo ks as co e echnical componen s o e ec i e Ze o T us implemen a ions.
5.1. Se ice Mesh In eg a ion
Se ice meshes like Is io, Linke d, o AWS App Mesh can acili a e Ze o T us by p o iding c i ical secu i y capabili ies
o con aine ized and mic ose ice en i onmen s. The adop ion o mic ose ice a chi ec u es has accele a ed he need
o se ice mesh echnology, as adi ional ne wo k secu i y app oaches become inadequa e o secu ing he complex
communica ion pa e ns in mode n applica ions. Se ice meshes p o ide c i ical capabili ies o implemen ing Ze o
T us in mic ose ice en i onmen s by c ea ing an a chi ec u e whe e secu i y is embedded wi hin he applica ion
in as uc u e a he han applied as an ex e nal con ol. The implemen a ion o mu ual TLS (mTLS) o se ice- o-
se ice communica ion ep esen s a ounda ional capabili y, ensu ing ha all communica ion be ween se ices is
au hen ica ed and enc yp ed ega dless o whe e hose se ices physically eside [7]. This enc yp ion capabili y
elimina es a signi ican a ack ec o by p e en ing a ic in e cep ion o manipula ion, e en wi hin os ensibly secu e
ne wo k pe ime e s. Beyond enc yp ion, se ice meshes excel a en o cing access policies a he p oxy le el, ensu ing
ha se ices can only communica e wi h explici ly au ho ized endpoin s acco ding o de ined policies. This capabili y
aligns di ec ly wi h he Ze o T us p inciple ha all access mus be explici ly au ho ized a he han implici ly pe mi ed
based on ne wo k loca ion. Teleme y collec ion p o ides essen ial isibili y in o se ice beha io , wi h se ice mesh
implemen a ions cap u ing de ailed me ics on communica ion pa e ns ha can e eal po en ial secu i y anomalies
[8]. This isibili y se es as bo h a de ec ion mechanism o secu i y inciden s and a e i ica ion ool o ensu e ha Ze o
T us policies a e ope a ing as in ended. Wo kload iden i y e i ica ion p o ides he ounda ion o hese secu i y
con ols by es ablishing c yp og aphic iden i ies o se ices ha can' be easily spoo ed o ans e ed, enabling he
mesh o make au ho i a i e decisions abou which se ices should be pe mi ed o communica e wi h each o he
ega dless o hei ne wo k loca ion o unde lying in as uc u e [7].
5.2. Iden i y and Access Managemen (IAM) a Scale
Dis ibu ed en e p ises should conside comp ehensi e iden i y and access managemen solu ions ha can ope a e
e ec i ely ac oss complex echnology landscapes. The implemen a ion o Ze o T us a chi ec u e places iden i y a he
cen e o secu i y decision-making, making obus IAM capabili ies essen ial o success ul deploymen . Cloud-na i e
IAM solu ions wi h mul i-cloud capabili ies ha e become inc easingly impo an as o ganiza ions dis ibu e wo kloads
ac oss di e se en i onmen s, necessi a ing iden i y sys ems ha can p o ide consis en secu i y ega dless o whe e
applica ions o da a eside. These solu ions mus balance secu i y equi emen s wi h usabili y conside a ions, as
excessi e ic ion in au hen ica ion p ocesses o en leads o wo ka ounds ha unde mine secu i y objec i es [8]. Jus -
in- ime access p o isioning ep esen s a c i ical capabili y o Ze o T us implemen a ion, educing s anding p i ileges
ha could be exploi ed by a acke s while ensu ing ha legi ima e use s can s ill access equi ed esou ces when
needed. This app oach signi ican ly educes he isk su ace by ensu ing ha access igh s exis only when ac i ely
equi ed a he han pe sis ing inde ini ely [7]. P i ileged access managemen wi h ime-bound pe missions ex ends
his p inciple o adminis a i e accoun s, which ep esen pa icula ly high- alue a ge s o a acke s due o hei
expanded capabili ies. By limi ing he du a ion o ele a ed p i ileges and equi ing equen e-au hen ica ion,
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3027-3036
3033
o ganiza ions can subs an ially educe he isk o p i ilege abuse o exploi a ion [8]. Risk-based au hen ica ion ha
adap s o h ea in elligence comple es he IAM capabili y se , enabling o ganiza ions o dynamically adjus
au hen ica ion equi emen s based on he isk p o ile o speci ic access eques s. This adap i e app oach allows secu i y
eams o implemen s onge con ols when isk indica o s sugges po en ial h ea s while main aining s eamlined
access o ou ine, low- isk scena ios [7].
5.3. API Secu i y
As APIs become he p ima y in e ace o dis ibu ed se ices, Ze o T us equi es comp ehensi e secu i y con ols ha
p o ec hese c i ical communica ion channels. The g ow h in API usage has ans o med applica ion a chi ec u es, wi h
APIs now se ing as he p ima y in eg a ion mechanism o bo h in e nal and ex e nal se ices. This p oli e a ion
c ea es signi ican secu i y challenges, as each API po en ially exposes aluable da a and unc ionali y o ex e nal
en i ies wi hou he adi ional secu i y con ols ha p o ec ed monoli hic applica ions. API ga eways wi h obus
au hen ica ion mechanisms ha e eme ged as p ima y secu i y con ols, p o iding cen alized en o cemen poin s o
consis en API secu i y policies [8]. These ga eways implemen au hen ica ion equi emen s o all API consume s,
ensu ing ha only p ope ly iden i ied and au ho ized clien s can access API esou ces ega dless o hei ne wo k
o igin. This capabili y di ec ly suppo s he Ze o T us p inciple ha iden i y e i ica ion is equi ed o all access
eques s, ega dless o sou ce. Ra e limi ing and anomaly de ec ion capabili ies p o ide p o ec ion agains abuse and
po en ial a acks, add essing bo h in en ional secu i y h ea s and unin en ional esou ce consump ion ha could
impac a ailabili y [7]. These p o ec ions ypically in ol e es ablishing baseline usage pa e ns and iden i ying
de ia ions ha migh indica e secu i y p oblems, such as c eden ial s u ing a emp s o API econnaissance ac i i ies.
Schema alida ion and inpu sani iza ion se e as c i ical p e en i e con ols, ensu ing ha all da a passed o APIs
adhe es o expec ed o ma s and alue anges [8]. This alida ion p e en s many common a ack echniques, such as
injec ion a acks o mal o med eques s designed o igge applica ion ulne abili ies. G anula access con ols a he
API ope a ion le el comple e he secu i y amewo k, enabling o ganiza ions o implemen leas -p i ilege p inciples by
es ic ing each API consume o p ecisely he ope a ions equi ed o legi ima e pu poses a he han g an ing b oad
access o en i e API su aces [7].
Figu e 4 Ze o T us Implemen a ion App oaches by Con ol Type
6. O e coming Implemen a ion Challenges
The ansi ion o Ze o T us a chi ec u e p esen s nume ous implemen a ion challenges ha o ganiza ions mus
sys ema ically add ess o achie e secu i y objec i es while main aining ope a ional e ec i eness. While Ze o T us
o e s signi ican secu i y bene i s, esea ch indica es ha i s implemen a ion in oduces conside able complexi y,
pa icula ly o o ganiza ions wi h es ablished IT landscapes. The in eg a ion challenges a e mul i ace ed, wi h s udies
e ealing ha app oxima ely 60% o secu i y p o essionals ci e legacy sys ems compa ibili y as a p ima y conce n when
implemen ing Ze o T us a chi ec u e [9]. These implemen a ion di icul ies ex end beyond pu ely echnical
conside a ions o encompass ope a ional, inancial, and o ganiza ional ac o s ha collec i ely in luence adop ion
success. O ganiza ions ha success ully na iga e hese challenges ypically ollow s uc u ed app oaches ha balance
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3027-3036
3034
immedia e secu i y imp o emen s wi h long- e m a chi ec u al e olu ion, add essing legacy in eg a ion, pe o mance
op imiza ion, and p ocess alignmen as in e connec ed aspec s o hei Ze o T us jou ney.
6.1. Legacy Sys em In eg a ion
Many o ganiza ions s uggle wi h inco po a ing legacy sys ems in o a Ze o T us model, p esen ing one o he mos
signi ican ba ie s o comp ehensi e implemen a ion. Legacy sys ems o en ely on implici us models ha con lic
wi h Ze o T us p inciples, c ea ing bo h echnical and ope a ional challenges o secu i y eams. Implemen ing p oxy-
based access con ols ep esen s one o he mos e ec i e app oaches o ex ending Ze o T us p inciples o legacy
en i onmen s, allowing o ganiza ions o implemen mode n secu i y con ols wi hou di ec ly modi ying legacy
applica ions [9]. These p oxy laye s in e cep and media e all access eques s o legacy sys ems, p o iding a con ol
poin o en o cing Ze o T us policies e en when he unde lying applica ions lack na i e suppo o mode n
au hen ica ion o au ho iza ion mechanisms. The g adual segmen a ion o legacy en i onmen s p o ides
complemen a y p o ec ion by limi ing po en ial a ack pa hs be ween sys ems, e ec i ely c ea ing secu i y bounda ies
ha con ain h ea s e en when comple e Ze o T us con ols canno be implemen ed. Resea ch indica es ha
mic osegmen a ion se es as a c i ical ansi ional s a egy o legacy sys ems, implemen ing componen s o Ze o T us
e en when comp ehensi e implemen a ion isn' immedia ely easible [10]. API-based in eg a ion pa e ns wi h
enhanced secu i y con ols o e ano he e ec i e app oach, c ea ing secu e in e aces o legacy unc ionali y ha
inco po a e mode n secu i y con ols. These API acades implemen consis en secu i y policies while abs ac ing he
complexi ies o unde lying sys ems, p o iding s anda dized access me hods ha can be secu ed acco ding o Ze o T us
p inciples [9]. Iden i y ede a ion wi h legacy au hen ica ion sys ems add esses one o he mos challenging aspec s o
legacy in eg a ion, b idging mode n iden i y pla o ms wi h es ablished au hen ica ion mechanisms. This ede a ion
app oach allows o ganiza ions o implemen consis en iden i y e i ica ion ac oss he e ogeneous en i onmen s
wi hou equi ing wholesale eplacemen o legacy au hen ica ion componen s, signi ican ly educing implemen a ion
ba ie s while imp o ing o e all secu i y pos u e.
6.2. Pe o mance Conside a ions
Ze o T us in oduces addi ional secu i y checks ha can impac pe o mance, c ea ing po en ial con lic s be ween
secu i y objec i es and use expe ience equi emen s. Resea ch indica es ha Ze o T us implemen a ions in oduce
addi ional compu a ional o e head h ough inc eased au hen ica ion and au ho iza ion equi emen s, po en ially
a ec ing applica ion esponsi eness i no p ope ly op imized [9]. Each access eques in a Ze o T us model equi es
comp ehensi e secu i y e alua ion, which can in oduce la ency compa ed o adi ional secu i y app oaches ha
assume us based on ne wo k loca ion o ini ial au hen ica ion. Implemen ing e icien caching mechanisms o
secu i y decisions ep esen s one o he mos e ec i e app oaches o minimizing hese pe o mance impac s, allowing
o ganiza ions o empo a ily s o e au hen ica ion and au ho iza ion esul s o consis en access pa e ns. These cached
decisions can be eused wi hin app op ia e ime ames, elimina ing he need o epea edly pe o m iden ical secu i y
e alua ions o he same con ex s [10]. Dis ibu ing policy en o cemen ac oss he echnology s ack u he imp o es
pe o mance by mo ing decision-making close o p o ec ed esou ces, educing ne wo k ound- ips and po en ial
bo lenecks associa ed wi h cen alized e alua ion models. This dis ibu ed app oach aligns wi h he p inciple ha " he
e alua ion o us should always be loca ed as close o he esou ce as possible," ensu ing e icien policy en o cemen
wi hou sac i icing secu i y e ec i eness [9]. Op imizing au hen ica ion lows o minimize o e head add esses ano he
signi ican pe o mance ac o , wi h echniques such as oken euse and s eamlined p o ocol implemen a ions
educing he compu a ional cos o iden i y e i ica ion. Resea ch indica es ha p ope ly uned au hen ica ion sys ems
can signi ican ly educe o e head while main aining secu i y e ec i eness, pa icula ly in high- olume ansac ion
en i onmen s [10]. Balancing secu i y con ols wi h pe o mance equi emen s ul ima ely equi es isk-based
decisions abou implemen a ion app oaches, wi h o ganiza ions applying mo e comp ehensi e con ols o high- alue
asse s while implemen ing s eamlined p o ec ion o less c i ical esou ces. This balanced app oach ensu es ha
secu i y esou ces a e alloca ed acco ding o isk p o iles, op imizing bo h secu i y e ec i eness and ope a ional
pe o mance.
6.3. De SecOps Alignmen
Success ul Ze o T us implemen a ion equi es close alignmen wi h De SecOps p ac ices ha in eg a e secu i y
h oughou he applica ion li ecycle a he han ea ing i as a sepa a e conce n. Resea ch emphasizes ha "secu i y
implemen a ions a e mo e e ec i e when hey a e embedded in he design p ocess a he han added as an
a e hough ," highligh ing he impo ance o in eg a ing Ze o T us p inciples in o de elopmen wo k lows om he
ea lies s ages [9]. Secu i y policy as code ep esen s a ounda ional De SecOps p ac ice o Ze o T us implemen a ion,
enabling au oma ed deploymen and consis en en o cemen o secu i y con ols ac oss complex en i onmen s. This
app oach allows secu i y policies o be ea ed as so wa e a i ac s, subjec o e sion con ol, es ing, and con inuous
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3027-3036
3035
imp o emen p ocesses ha ensu e bo h e ec i eness and consis ency [10]. Au oma ed compliance e i ica ion
ex ends his app oach by con inuously e alua ing deployed sys ems agains de ined secu i y s anda ds, ensu ing ha
Ze o T us con ols emain p ope ly con igu ed despi e ongoing changes o he echnology en i onmen . This
e i ica ion capabili y di ec ly add esses he challenge o con igu a ion d i , which ep esen s a signi ican isk ac o
in main aining Ze o T us e ec i eness o e ime [9]. Con inuous secu i y moni o ing in CI/CD pipelines enables ea ly
iden i ica ion o secu i y issues, shi ing secu i y e alua ion ea lie in he de elopmen li ecycle when emedia ion is
ypically less cos ly and mo e e ec i e. This app oach aligns wi h esea ch indica ing ha "secu i y con ols a e mos
e ec i e when in eg a ed in o exis ing wo k lows a he han imposed as sepa a e p ocesses," educing
implemen a ion ic ion while imp o ing o e all secu i y ou comes [10]. De elope - iendly secu i y ooling comple es
he De SecOps alignmen by educing ba ie s o secu i y implemen a ion, making i easie o de elopmen eams o
inco po a e Ze o T us p inciples wi hou equi ing deep secu i y expe ise. This ooling app oach ecognizes ha
success ul Ze o T us implemen a ion depends no jus on echnical capabili ies bu also on o ganiza ional adop ion,
wi h usabili y se ing as a c i ical ac o in secu i y e ec i eness ac oss complex echnology en i onmen s.
7. Conclusion
Ze o T us A chi ec u e ep esen s no jus a secu i y s a egy bu a undamen al dis ibu ed sys ems a chi ec u e
choice ha enables secu e, dynamic, and decen alized applica ion ecosys ems. By decoupling iden i y om ne wo k
loca ion, implemen ing igo ous au hen ica ion and au ho iza ion, and main aining con inuous e i ica ion,
o ganiza ions can build esilien secu i y amewo ks ha adap o he eali ies o mode n dis ibu ed en e p ises. As
o ganiza ions con inue o expand ac oss di e se en i onmen s, Ze o T us p inciples p o ide he ounda ion o
secu i y a chi ec u es ha can scale wi h business needs while main aining a consis en secu i y pos u e. The jou ney
o Ze o T us may be challenging, bu i o e s a clea pa h o wa d o secu ing complex digi al landscapes h ough
comp ehensi e iden i y e i ica ion, mic osegmen a ion, con ex ual policies, and in eg a ed secu i y con ols ha
collec i ely ans o m adi ional secu i y models in o adap i e, iden i y-cen e ed p o ec ion amewo ks.
Re e ences
[1] Chahil Choudha y, e al, "Cloud Secu i y: Challenges and S a egies o Ensu ing Da a P o ec ion," In e na ional
Con e ence on Technological Ad ancemen s in Compu a ional Sciences (ICTACS), 2023, [Online]. A ailable:
h ps://ieeexplo e.ieee.o g/documen /10390302
[2] IBM Secu i y, "Cos o a Da a B each Repo 2024," IBM Secu i y, 2024, [Online]. A ailable:
h ps:// able.media/wp-con en /uploads/2024/07/30132828/Cos -o -a-Da a-B each-Repo -2024.pd
[3] Naeem Fi dous Syed, e al., "Ze o T us A chi ec u e (ZTA): A Comp ehensi e Su ey," in IEEE Access, ol. 10, pp.
47927-47940, 2022, doi: 10.1109/ACCESS.2022.3171532. [Online]. A ailable:
h ps://ieeexplo e.ieee.o g/s amp/s amp.jsp?a numbe =9773102
[4] Sco Rose, e al., "Ze o T us A chi ec u e," Na ional Ins i u e o S anda ds and Technology, Gai he sbu g, MD,
USA, Special Publica ion (NIST SP) 800-207, 2020. [Online]. A ailable:
h ps://n lpubs.nis .go /nis pubs/specialpublica ions/NIST.SP.800-207.pd
[5] OpenTex Cybe secu i y, "S a e O Ze o T us in The En e p ise: Shi To Iden i y-Powe ed Secu i y," OpenTex ,
2022. [Online]. A ailable: h ps://www.open ex .com/asse s/documen s/en-US/pd /s a e-o -ze o- us -in- he-
en e p ise-shi - o-iden i y-powe ed-secu i y- epo -en.pd
[6] Meng u Tsai, e al., "S a egy o Implemen ing o Ze o T us A chi ec u e," IEEE T ansac ions on Reliabili y,
2024. [Online]. A ailable:
h ps://www. esea chga e.ne /publica ion/377201806_S a egy_ o _Implemen ing_o _Ze o_T us _A chi ec u
e
[7] Pacha ee Phiayu a and Songpon Tee akanok, "A Comp ehensi e F amewo k o Mig a ing o Ze o T us
A chi ec u e," IEEE Access ( Volume: 11), 2023. [Online]. A ailable:
h ps://ieeexplo e.ieee.o g/documen /10052642
[8] Ahmad Mujahid Abdu ahman; Emi Husni, "A Secu e Digi al Image Ma ke place: Mic ose ices and OWASP API
Secu i y Using Sp ing Boo ," In e na ional Con e ence on ICT o Sma Socie y (ICISS), 2024, doi:
10.1109/ACCESS.2024.3388644. [Online]. A ailable: h ps://ieeexplo e.ieee.o g/documen /10750956
