From Network Edge to Identity Edge: Designing the Identity Perimeter for Zero Trust at Scale
Keywords:
Identity perimeter, zero trust, MFA adoption, credential compromise, operational efficiency.Abstract
This shift to identity-based controls rather than network perimeter security has become an immediate requirement due to the wider use of hybrid work, SaaS applications, and the increasing prevalence of credential-based attackers, which account for a quarter of breaches. This study analyzes the meaning of putting identity at the core of the perimeter based on access control by operationalizing zero trust. It discusses the practical implementation, as Google BeyondCorp, Microsoft Entra ID, Okta, and Cisco Duo, in quantitative terms, including the MFA adoption, rates of compromise, and authentication delay. The findings show that an identity perimeter design will reduce credential-related compromises by 99.2%, compared to 40% and authentication latency of less than 500ms. The Zero Trust identity perimeter architecture offers a scalable design with quantifiable security resiliency and a superior user experience. The article also highlights the economic payoffs, noting a 3.2x return on investment (ROI) over 3 years, with a payback period of 11 months. These conclusions extend to the fact that, as identity is considered, the perimeter is enhanced, and also the effectiveness of the operations. The study offers a practical implementation pathway to organizations intending to migrate to an identity-based approach to security, balancing between strong security and consumer-focused experience.
Downloads
References
Trakadas, P., Nomikos, N., Michailidis, E. T., Zahariadis, T., Facca, F. M., Breitgand, D., ... & Gkonis, P. (2019). Hybrid clouds for data-intensive, 5G-enabled IoT applications: An overview, key issues and relevant architecture. Sensors, 19(16), 3591.
Skowyra, R., Xu, L., Gu, G., Dedhia, V., Hobson, T., Okhravi, H., & Landry, J. (2018, June). Effective topology tampering attacks and defenses in software-defined networks. In 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (pp. 374-385). IEEE.
Vanickis, R., Jacob, P., Dehghanzadeh, S., & Lee, B. (2018, June). Access control policy enforcement for zero-trust-networking. In 2018 29th Irish Signals and Systems Conference (ISSC) (pp. 1-6). IEEE.
Chamberlain, N. (2019). Microsoft 365 Mobility and Security–Exam Guide MS-101: Explore threat management, governance, security, compliance, and device services in Microsoft 365. Packt Publishing Ltd.
Tervajoki, M. (2017). IT Transformation to Support Business Driven Requirements.
Indu, I., Anand, P. R., & Bhaskar, V. (2018). Identity and access management in cloud environment: Mechanisms and challenges. Engineering science and technology, an international journal, 21(4), 574-588.
Gupta, B. B., & Quamara, M. (2018). An identity based access control and mutual authentication framework for distributed cloud computing services in IoT environment using smart cards. Procedia computer science, 132, 189-197.
Pekkala, A. (2019). Migrating a web application to serverless architecture.
Thomas, K., Pullman, J., Yeo, K., Raghunathan, A., Kelley, P. G., Invernizzi, L., ... & Bursztein, E. (2019). Protecting accounts from credential stuffing with password breach alerting. In 28th USENIX Security Symposium (USENIX Security 19) (pp. 1556-1571).
Aarvik, P. (2020). Blockchain as an anti-corruption tool. U4 Issue.
English, A. (2020). A Composite Vulnerability Assessment Tool for Authentication Factor Multiplicity Technologies (Doctoral dissertation, Colorado Technical University).
Hernández León, A. F. (2020). FIDO2 web passwordless authentication for SSO systems.
Yekini, T. A., Jaafar, F., & Zavarsky, P. (2019, January). Study of trust at device level of the internet of things architecture. In 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE) (pp. 150-155). IEEE.
Raju, R. K. (2017). Dynamic memory inference network for natural language inference. International Journal of Science and Research (IJSR), 6(2). https://www.ijsr.net/archive/v6i2/SR24926091431.pdf
Tiwari, T., Turk, A., Oprea, A., Olcoz, K., & Coskun, A. K. (2017, December). User-profile-based analytics for detecting cloud security breaches. In 2017 IEEE International Conference on Big Data (Big Data) (pp. 4529-4535). IEEE.
Romero-Brufau, S., Wyatt, K. D., Boyum, P., Mickelson, M., Moore, M., & Cognetta-Rieke, C. (2020). A lesson in implementation: a pre-post study of providers’ experience with artificial intelligence-based clinical decision support. International journal of medical informatics, 137, 104072.
Gaehtgens, F., Kampman, K., Data, A., Teixeira, H., & Collinson, D. (2019). Magic Quadrant for Identity Governance and Administration.
Oest, A., Zhang, P., Wardman, B., Nunes, E., Burgis, J., Zand, A., ... & Ahn, G. J. (2020). Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale. In 29th {USENIX} Security Symposium ({USENIX} Security 20).
Lyastani, S. G., Schilling, M., Neumayr, M., Backes, M., & Bugiel, S. (2020, May). Is FIDO2 the kingslayer of user authentication? A comparative usability study of FIDO2 passwordless authentication. In 2020 IEEE Symposium on Security and Privacy (SP) (pp. 268-285). IEEE.
Savinov, S. (2017). A dynamic risk-based access control approach: model and implementation (Doctoral dissertation, University of Waterloo).
Dou, Z., Khalil, I., & Khreishah, A. (2017). A novel and robust authentication factor based on network communications latency. IEEE Systems Journal, 12(4), 3279-3290.
Sindiren, E., & Ciylan, B. (2018). Privileged account management approach for preventing insider attacks. International Journal of Computer Science and Network Security, 18(1), 33-42.
Haber, M. J. (2020). Just in Time. In Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations (pp. 285-294). Berkeley, CA: Apress.
Fiore, D., Baldauf, M., & Thiel, C. (2019, November). " Forgot Your Password Again?" Acceptance and user experience of a chatbot for in-company IT support. In Proceedings of the 18th International Conference on Mobile and Ubiquitous Multimedia (pp. 1-11).
Hatcher, W. G., & Yu, W. (2018). A survey of deep learning: Platforms, applications and emerging research trends. IEEE access, 6, 24411-24432.
Patel, V. (2018). Airport passenger processing technology: a biometric airport journey.
Göksel, U. Ç. T. U., ALKAN, M., Doğru, İ. A., & Dörterler, M. (2019, October). Perimeter network security solutions: A survey. In 2019 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT) (pp. 1-6). IEEE.
Cho, J. H., Xu, S., Hurley, P. M., Mackay, M., Benjamin, T., & Beaumont, M. (2019). Stram: Measuring the trustworthiness of computer-based systems. ACM Computing Surveys (CSUR), 51(6), 1-47.
Yaqoob, T., Arshad, A., Abbas, H., Amjad, M. F., & Shafqat, N. (2019). Framework for calculating return on security investment (ROSI) for security-oriented organizations. Future Generation Computer Systems, 95, 754-763.
Schwartz, M., & Machulak, M. (2018). Securing the Perimeter. Deploying Identity and Access Management with Free Open Source Software.
Sarti, F. (2020). Toward a usable system-generated authentication mechanism (Doctoral dissertation, Politecnico di Torino).
Beltrán, M., Calvo, M., & González, S. (2017, July). Federated system-to-service authentication and authorization combining PUFs and tokens. In 2017 12th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC) (pp. 1-8). IEEE.
Wang, W., Harari, G. M., Wang, R., Müller, S. R., Mirjafari, S., Masaba, K., & Campbell, A. T. (2018). Sensing behavioral change over time: Using within-person variability features from mobile sensing to predict personality traits. Proceedings of the ACM on interactive, mobile, wearable and ubiquitous technologies, 2(3), 1-21.
Tijan, E., Aksentijević, S., Ivanić, K., & Jardas, M. (2019). Blockchain technology implementation in logistics. Sustainability, 11(4), 1185.
Bernabe, J. B., Canovas, J. L., Hernandez-Ramos, J. L., Moreno, R. T., & Skarmeta, A. (2019). Privacy-preserving solutions for blockchain: Review and challenges. Ieee Access, 7, 164908-164940.
Ravichandran, N., Inaganti, A. C., Muppalaneni, R., & Nersu, S. R. K. (2020). AI-Powered Workflow Optimization in IT Service Management: Enhancing Efficiency and Security. Artificial Intelligence and Machine Learning Review, 1(3), 10-26.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
