Stanford Database Library of American Journal of Applied Science and Technology

Vol. 5 No. 09 (2025)
Articles

From Theory to Practice: Implementing Zero Trust Architectures in Multi-Tenant Cloud Storage Systems

pdf
  • Rahul A. Menon
Rahul A. Menon
Global Institute for Cybersecurity Studies, University of Lisbon

Published 2025-09-30

Keywords

  • Zero Trust Architecture,
  • micro-segmentation,
  • multi-tenant cloud,
  • cloud storage security

How to Cite

Rahul A. Menon. (2025). From Theory to Practice: Implementing Zero Trust Architectures in Multi-Tenant Cloud Storage Systems. Stanford Database Library of American Journal of Applied Science and Technology, 5(09), 125–131. Retrieved from https://oscarpubhouse.com/index.php/sdlajast/article/view/46

Copyright (c) 2025 Rahul A. Menon

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

This article presents a comprehensive, theory-driven examination of Zero Trust Architecture (ZTA) applied to multi-tenant cloud storage environments, synthesizing the most salient insights from contemporary surveys, standards, and applied analyses. The work constructs an integrated conceptual framework that links foundational ZTA principles—never trust, always verify—with micro-segmentation design patterns, identity and access governance, telemetry and continuous attestation, and economic and operational constraints unique to multi-tenant cloud storage. Drawing on cross-disciplinary literature across cloud storage challenges (Ghani et al., 2020; Sadeeq et al., 2021), Zero Trust standards and surveys (Stafford, 2020; Syed et al., 2022; Fernandez & Brazhuk, 2024), and domain-specific proposals for micro-segmentation and migration (Xie et al., 2021; Teerakanok et al., 2021), the paper articulates a rigorous methodology for designing ZTA-compliant control planes for cloud storage providers and large tenants. The methodology is entirely text-based and theoretical: it defines threat models, control taxonomies, policy synthesis procedures, attestation and telemetry architectures, and cost-benefit assessment approaches. Results are presented as descriptive analyses that connect mechanisms (for example, micro-segmentation at the workload and storage layer) to anticipated security outcomes (reduced lateral movement, stronger least-privilege enforcement) and operational trade-offs (latency, management complexity, and cost). The discussion deeply interrogates limitations, including maturity of identity fabric, interoperability across CSPs, tenant isolation guarantees, regulatory compliance impacts, and the challenge of balancing usability with strict verification. The article concludes with practical recommendations for phased adoption, research priorities to improve measurement and interoperability, and an argument for reframing security economics to account for ZTA’s systemic benefits in multi-tenant cloud storage. This synthesis aims to serve both as a theoretical blueprint and an applied roadmap for researchers, architects, and decision-makers seeking to transition storage infrastructures toward robust zero trust postures. (Keywords: Zero Trust Architecture, micro-segmentation, multi-tenant cloud, cloud storage security, identity and access management, continuous attestation)

pdf

References

  1. Ghani, A., Badshah, A., Jan, S., Alshdadi, A. A., & Daud, A. (2020). Issues and challenges in cloud storage architecture: a survey. arXiv preprint arXiv:2004.06809, 8.
  2. Sadeeq, M. M., Abdulkareem, N. M., Zeebaree, S. R., Ahmed, D. M., Sami, A. S., & Zebari, R. R. (2021). IoT and Cloud computing issues, challenges and opportunities: A review. Qubahan Academic Journal, 1(2), 1-7.
  3. Livera, L. (2023, October 11). Zero Trust - Modern Security Architecture. LinkedIn. https://www.linkedin.com/pulse/zero-trust-modern-security-architecture-lahiru-livera/
  4. Fernandez, E. B., & Brazhuk, A. (2024). A critical analysis of Zero Trust Architecture (ZTA). Computer Standards & Interfaces, 89, 103832.
  5. Hariharan, R. (2025). Zero trust security in multi-tenant cloud environments. Journal of Information Systems Engineering and Management, 10.
  6. Stafford, V. A. (2020). Zero trust architecture. NIST special publication, 800, 207.
  7. Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., & Doss, R. (2022). Zero trust architecture (zta): A comprehensive survey. IEEE Access, 10, 57143-57179.
  8. Xie, L., Hang, F., Guo, W., Lv, Y., & Chen, H. (2021). A micro-segmentation protection scheme based on zero trust architecture. 6th International Conference on Information Science, Computer Technology and Transportation, 1-4.
  9. Froehlich, A., & Shea, S. (2022). Why zero trust requires microsegmentation. TechTarget.
  10. Jalkh, R. (2023, February 17). Zero trust Security explained. The Chart Guru. https://thechart.guru/zerotrust-security-explained/
  11. Teerakanok, S., Uehara, T., & Inomata, A. (2021). Migrating to zero trust architecture: Reviews and challenges. Security and Communication Networks, 2021, 1-10.
  12. He, Y., Huang, D., Chen, L., Ni, Y., & Ma, X. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing, 2022.
  13. Adahman, Z., Malik, A. W., & Anwar, Z. (2022). An analysis of zero-trust architecture and its cost-effectiveness for organizational security. Computers & Security, 122, 102911.
  14. Shelton, C., Loo, S. M., Justice, C., & Hornung, L. (2022, June). ZTA: Never Trust, Always Verify. In European Conference on Cyber Warfare and Security (Vol. 21, No. 1, pp. 256-262).