Zero trust in cloud identity and access management: A review of models, advantages and limitations

Authors

DOI:

https://doi.org/10.47796/ing.v8i00.1342

Keywords:

Data Protection, Emerging technologies, information management

Abstract

The growing adoption of cloud computing and digital environments has increased the frequency of attacks and the likelihood of unauthorized access, against which traditional identity and access management (IAM) models prove insufficient. In this context, the Zero Trust approach emerges as a more robust alternative that redefines security. The aim of this research was to analyze IAM models applied to cloud computing under the Zero Trust framework, as well as to identify their advantages and limitations. Using the PRISMA methodology, a search was conducted across three databases, and after applying inclusion criteria, 22 manuscripts were analyzed. The results reveal 15 IAM models based on Zero Trust that integrate artificial intelligence, blockchain, and dynamic access control, offering enhanced security in areas such as 5G, IoT, cloud, and healthcare. Nevertheless, limitations remain regarding complexity, costs, scalability, and privacy. In conclusion, these models not only strengthen security but also represent a line of inquiry and development aimed at reformulating resource protection across diverse sectors.

Downloads

Download data is not yet available.

References

Ahmadi, S. (2025). Autonomous identity-based threat segmentation for zero trust architecture. Cyber Security and Applications, 3, 100106. https://doi.org/10.1016/j.csa.2025.100106

Al-Hammuri, K., Gebali, F., y Kanan, A. (2024). ZTCloudGuard: Zero Trust Context-Aware Access Management Framework to Avoid Medical Errors in the Era of Generative AI and Cloud-Based Health Information Ecosystems. AI (Switzerland), 5(3), 1111-1131. https://doi.org/10.3390/ai5030055

Alnaim, A. K. (2025). Adaptive Zero Trust Policy Management Framework in 5G Networks. Mathematics, 13(9), 1501. https://doi.org/10.3390/math13091501

Alshomrani, S., y Li, S. (2022). PUFDCA: A Zero-Trust-Based IoT Device Continuous Authentication Protocol. Wireless Communications and Mobile Computing, 2022(2), 6367579. https://doi.org/10.1155/2022/6367579

Arif, T., Jo, B., y Park, J. H. (2025). A Comprehensive Survey of Privacy-Enhancing and Trust-Centric Cloud-Native Security Techniques Against Cyber Threats. Sensors, 25(8), 2350. https://doi.org/10.3390/s25082350

Bartakke, J., y Kashyap, R. (2024). The Usage of Clouds in Zero-Trust Security Strategy: An Evolving Paradigm. Journal of Information and Organizational Sciences, 48(1), 149-165. https://doi.org/10.31341/jios.48.1.8

Belal, M. M., y Sundaram, D. M. (2022). Comprehensive review on intelligent security defences in cloud: Taxonomy, security issues, ML/DL techniques, challenges and future trends. Journal of King Saud University - Computer and Information Sciences, 34(10, Part B), 9102-9131. https://doi.org/10.1016/j.jksuci.2022.08.035

Bernabé, J. M., Cánovas, E., García-Rodríguez, J., M. Zarca, A., y Skarmeta, A. (2025). Decentralised Identity Management solution for zero-trust multi-domain Computing Continuum frameworks. Future Generation Computer Systems, 162, 107479. https://doi.org/10.1016/j.future.2024.08.003

Cao, Y., Pokhrel, S. R., Zhu, Y., Doss, R., y Li, G. (2024). Automation and Orchestration of Zero Trust Architecture: Potential Solutions and Challenges. Machine Intelligence Research, 21(2), 294-317. https://doi.org/10.1007/s11633-023-1456-2

Chen, B., Qiao, S., Zhao, J., Liu, D., Shi, X., Lyu, M., Chen, H., Lu, H., y Zhai, Y. (2021). A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture. IEEE Internet of Things Journal, 8(13), 10248-10263. https://doi.org/10.1109/JIOT.2020.3041042

Dakić, V., Morić, Z., Kapulica, A., y Regvart, D. (2025). Analysis of Azure Zero Trust Architecture Implementation for Mid-Size Organizations. Journal of Cybersecurity and Privacy, 5(1), 2. https://doi.org/10.3390/jcp5010002

Du, Z., Jiang, W., Tian, C., Rong, X., y She, Y. (2023). Blockchain-Based Authentication Protocol Design from a Cloud Computing Perspective. Electronics (Switzerland), 12(9), 2140. https://doi.org/10.3390/electronics12092140

Glöckler, J., Sedlmeir, J., Frank, M., & Fridgen, G. (2024). A Systematic Review of Identity and Access Management Requirements in Enterprises and Potential Contributions of Self-Sovereign Identity. Business & Information Systems Engineering, 66(4), 421-440. https://doi.org/10.1007/s12599-023-00830-x

Golightly, L., Modesti, P., Garcia, R., y Chang, V. (2023). Securing distributed systems: A survey on access control techniques for cloud, blockchain, IoT and SDN. Cyber Security and Applications, 1, 100015. https://doi.org/10.1016/j.csa.2023.100015

Hrishikesh, J. (2025). Emerging Technologies Driving Zero Trust Maturity Across Industries. IEEE Open Journal of the Computer Society, 6, 25–36. https://doi.org/10.1109/ojcs.2024.3505056

Lilhore, U. K., Simaiya, S., Alroobaea, R., Baqasah, A. M., Alsafyani, M., Alhazmi, A., y Khan, M. M. (2025). SmartTrust: A hybrid deep learning framework for real-time threat detection in cloud environments using Zero-Trust Architecture. Journal of Cloud Computing, 14(1), 35. https://doi.org/10.1186/s13677-025-00764-7

Liu, C., Tan, R., Wu, Y., Feng, Y., Jin, Z., Zhang, F., Liu, Y., y Liu, Q. (2024). Dissecting zero trust: Research landscape and its implementation in IoT. Cybersecurity, 7(1), 20. https://doi.org/10.1186/s42400-024-00212-0

Mukta, R., Pal, S., Chowdhury, K., Hitchens, M., Paik, H., y Kanhere, S. S. (2025). Zero Trust Driven Access Control Delegation Using Blockchain. Blockchain: Research and Applications, 100319, 100319. https://doi.org/10.1016/j.bcra.2025.100319

Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., Shamseer, L., Tetzlaff, J. M., Akl, E. A., Brennan, S. E., Chou, R., Glanville, J., Grimshaw, J. M., Hróbjartsson, A., Lalu, M. M., Li, T., Loder, E. W., Mayo-Wilson, E., McDonald, S., … Alonso-Fernández, S. (2021). Declaración PRISMA 2020: Una guía actualizada para la publicación de revisiones sistemáticas. Revista Española de Cardiología, 74(9), 790-799. https://doi.org/10.1016/j.recesp.2021.06.016

Peepliwal, A. K., Pandey, H. M., Prakash, S., Chowhan, S. S., Kumar, V., Sharma, R., y Mahajan, A. A. (2024). A prototype model of zero trust architecture blockchain with EigenTrust-based practical Byzantine fault tolerance protocol to manage decentralized clinical trials. Blockchain: Research and Applications, 5(4), 100232. https://doi.org/10.1016/j.bcra.2024.100232

Sarkar, S., Choudhary, G., Kumar Shandilya, S. K., Azath, A., y Kim, H. (2022). Security of Zero Trust Networks in Cloud Computing: A Comparative Review. Sustainability (Switzerland), 14(18), 11213. https://doi.org/10.3390/su141811213

Tian, J. (2025). Zero trust anonymous access algorithm for multi cloud storage system based on CP-ABE. Egyptian Informatics Journal, 30(100681), 100681. https://doi.org/10.1016/j.eij.2025.100681

Ziegler, L., Grabatin, M., Pöhn, D., y Hommel, W. (2025). Designing a security incident response process for self-sovereign identities. EURASIP Journal on Information Security, 2025(1), 12. https://doi.org/10.1186/s13635-025-00195-6

Downloads

Published

2025-11-28

How to Cite

Cordova Urbina, D. A., Diaz Sifuentes, S. H., & Mendoza de los Santos, A. C. (2025). Zero trust in cloud identity and access management: A review of models, advantages and limitations. INGENIERÍA INVESTIGA, 8(00), e1342. https://doi.org/10.47796/ing.v8i00.1342

Issue

Vol. 8 (2026): Ingeniería Investiga

Section

Artículo de Revisión

License

Copyright (c) 2025 Daily Ashley Cordova Urbina, Sergio Heli Diaz Sifuentes, Alberto Carlos Mendoza de los Santos

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Most read articles by the same author(s)

1 2 > >> 

Similar Articles

You may also start an advanced similarity search for this article.