Performance and Scalability Trade-Offs in Identity-Centric Zero Trust Architectures for Cloud-Native Applications
Keywords:
Zero Trust Architecture, Identity-Centric Security, Cloud-Native Applications, Performance Overhead, Scalability Trade-Offs, Microservices SecurityAbstract
Identity-Centric Zero Trust Architectures (IC-ZTA) have emerged as a foundational security paradigm for cloud-native applications, replacing perimeter-based trust with continuous identity verification. While IC-ZTA improves security posture against lateral movement and credential abuse, it introduces measurable performance overhead and scalability challenges, particularly in microservices-heavy and highly elastic environments. This short research paper analyzes the trade-offs between security enforcement, system latency, and horizontal scalability in IC-ZTA deployments. Through a synthesis of prior literature and conceptual performance modeling, we identify critical bottlenecks, evaluate optimization strategies, and propose architectural considerations for balancing security and efficiency in large-scale cloud-native systems.
References
Kindervag, J. (2010). No More Chewy Centers. Forrester Research, 21(4).
Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture. IEEE Security & Privacy, 18(4).
Sherry, J., et al. (2015). Making Middleboxes Someone Else’s Problem. ACM SIGCOMM Computer Communication Review, 45(4).
Gundaboina, A. (2022). Quantum Computing and Cloud Security: Future-Proofing Healthcare Data Protection. International Journal for Multidisciplinary Research, 4(4), 1–12. https://doi.org/10.36948/ijfmr.2022.v04i04.61014
Behl, A., & Behl, K. (2017). Cybersecurity and Cyberwar. Oxford University Press Journal, 12(2).
Pahl, C. (2018). Containerization and the PaaS Cloud. IEEE Cloud Computing, 5(2).
Zhang, Q., Chen, M., Li, L. (2019). Microservice Security. Journal of Cloud Computing, 8(1).
Gundaboina A. DevSecOps in Healthcare: Building Secure and Compliant Patient Engagement Applications. J Artif Intell Mach Learn & Data Sci 2024 2(4), 3052-3059. DOI: doi.org/10.51219/JAIMLD/anjan-gundaboina/629
Yu, S., Wang, Y., & Li, J. (2020). Authentication Overhead in Cloud Systems. Future Generation Computer Systems, 102(3).
Singh, R., & Chatterjee, M. (2021). Scalable Zero Trust Models. Computer Networks, 187(5).
Alasmary, W., et al. (2022). Decentralized Identity Enforcement. IEEE Access, 10(1).
Ferreira, A., et al. (2019). Policy-Based Access Control. Journal of Network and Computer Applications, 132(6).
Gundaboina, A. (2024). HITRUST Certification Best Practices: Streamlining Compliance for Healthcare Cloud Solutions. International Journal of Computer Science and Information Technology Research, 5(1), 76–94. https://ijcsitr.org/index.php/home/article/view/IJCSITR_2024_05_01_008
Hu, V., et al. (2014). Guide to Attribute Based Access Control. Computer Standards & Interfaces, 36(1).
Naldurg, P., et al. (2016). Security in Distributed Systems. ACM Computing Surveys, 49(2).
Santos, N., et al. (2018). Identity in Cloud Security. IEEE Internet Computing, 22(3).
Gundaboina, A. (2024). Automated Patch Management for Endpoints: Ensuring Compliance in Healthcare and Education Sectors. International Journal of Computer Science and Information Technology Research (IJCSITR), 5(2), 114–134. https://doi.org/10.63530/IJCSITR_2024_05_02_010
Chen, Y., & Li, X. (2021). Service Mesh Performance Analysis. Journal of Systems Architecture, 117(4).
Kumar, A., & Gupta, R. (2023). Zero Trust in Cloud-Native Platforms. International Journal of Information Security, 22(2).
Gundaboina, A. (2024). Application Protection Platforms (CNAPP) for Healthcare: Safeguarding Patient Data in Cloud Infrastructure. International Journal of Innovative Research in Engineering & Multidisciplinary Physical Sciences, 12(5), 1–12. https://doi.org/10.37082/IJIRMPS.v12.i5.232622
