Zero Trust Security Framework for Multi-Cloud Environments

Abstract

Multi-cloud strategies are fast to adopt and have helped organizations to enhance flexibility, resilience, and compliance through workloads distribution between a number of cloud services providers. Nevertheless, the trend has also brought about a serious security problem in the form of heterogeneous identity management systems, unequal enforcement of policies and fragmented monitoring. The security models previously used relying on perimeter security are no more suited in these environments and this exposes enterprises to lateral movement, compromise of credentials and misconfigurations. The study has dealt with these issues by presenting a Zero Trust for Multi-Cloud (ZTMC) architecture that combines federated identity management, centralized policy decision-making, micro segmentation, continuous monitoring, and trust brokerage. A prototype implementation was tested in a testbed of controlled multi-cloud deployment in both AWS and Azure, and its performance was compared to baseline security models. The findings have indicated that the ZTMC model was effective in implementing the principles of Zero Trusts as it ensured uniform authentication and authorization, denied lateral mobility without authorization, and offered adaptive real-time monitoring. Even though a small overhead was found in terms of CPU usage, memory usage, and communication latency, it was compensated by the increased security posture and consistent policy. The results confirm that Zero Trust is adaptable to the multi-cloud environment and offer an avenue of greater and more consolidated control in the distributed setups. To make the research more widely applicable and more resilient over time, future studies must concentrate on large-scale verification, AI-based adaptive access controls, quantum-safe cryptography, and industry-wide standardization processes.