Integrating Zero-Trust Architectures into DevSecOps for Cloud Workloads

Abstract

Businesses continually adopt modern applications and architectures, accelerating the migration of traditional IT workloads like containers and serverless configurations to cloud platforms. However, the expanded attack surfaces and turning off key infrastructure protection controls inherent to these cloud platforms increase susceptibility to attacks. These unique characteristics result in complex operational processes, decreasing the effectiveness of traditional security approaches. Consequently, there is an upsurge in attacks on cloud workloads. Integrating Zero-Trust, continuous security validation, security policy automation, and automated remediation emerging in DevSecOps are paramount to protecting cloud workloads. This research develops a framework for embedding Zero-Trust architectures and corresponding mechanisms into DevSecOps to secure cloud workloads, validated through real-world case studies. Compliance with the integration objectives remains a formidable challenge.