Adaptive Risk Based Access Control in Cloud Native Banking Platforms: A Zero Trust Framework for Dynamic Identity Enforcement

Article Sidebar

PDF
Published: 2024-10-10
DOI: https://doi.org/10.15662/IJRPETM.2024.0705016
Keywords:
Adaptive Risk-Based Access Control, Cloud-Native Banking Security, Zero Trust Architecture, Identity and Access Management (IAM)

Main Article Content

Raja Mohan Dhanushkodi
Assistant Vice President, USA

Abstract

Conventional access control systems used in the banking sector are based on unchanging roles and cannot work in the dynamic cloud settings. An Adaptive Risk Based Access Control framework of cloud-native banking platforms based on Zero Trust principles is suggested. The system considers real-time identity signals, like device, behavior, network, and transaction risk to decide on continuous access. Findings indicate that the performance of the system is significantly better than that of RBAC as there is a drop-in false acceptance rate (8.6% to 2.1%), over-privileged access (18.4% to 5.7%) and an increase in detection rate (61.3% to 91.8%). The completion of audits increased to 96.7% and there were enhanced adherence and protection in financial systems

Article Details

Issue

Vol. 7 No. 5 (2024): International Journal of Research Publications in Engineering, Technology and Management

Section

Articles

How to Cite

Adaptive Risk Based Access Control in Cloud Native Banking Platforms: A Zero Trust Framework for Dynamic Identity Enforcement. (2024). International Journal of Research Publications in Engineering, Technology and Management (IJRPETM), 7(5), 11289-11296. https://doi.org/10.15662/IJRPETM.2024.0705016

References

[1] R. Nawaz and W. Jack, “Zero Trust and Cloud Security: An Integrated Approach to Cyber Risk Management,” Zero Trust and Cloud Security: An Integrated Approach to Cyber Risk Management, Jan. 2023, doi: 10.13140/rg.2.2.26866.62406.

[2] S. R. Thumala, “Zero Trust Architecture in the Cloud: A technical Overview,” 2022. https://journal.esrgroups.org/jes/article/view/7752

[3] S. Sarkar, G. Choudhary, S. K. Shandilya, A. Hussain, and H. Kim, “Security of zero trust networks in Cloud Computing: A Comparative review,” Sustainability, vol. 14, no. 18, p. 11213, Sep. 2022, doi: 10.3390/su141811213.

[4] S. Mandal, D. A. Khan, and S. Jain, “Cloud-Based Zero Trust Access Control Policy: An approach to support Work-From-Home driven by COVID-19 pandemic,” New Generation Computing, vol. 39, no. 3–4, pp. 599–622, Jun. 2021, doi: 10.1007/s00354-021-00130-6.

[5] S. Mandal, D. A. Khan, and S. Jain, “Cloud-Based Zero Trust Access Control Policy: An approach to support Work-From-Home driven by COVID-19 pandemic,” New Generation Computing, vol. 39, no. 3–4, pp. 599–622, Jun. 2021, doi: 10.1007/s00354-021-00130-6.

[6] P. Paidy, “Zero trust in cloud environments: enforcing identity and access control,” Apr. 14, 2021. https://ajasre.org/index.php/publication/article/view/62

[7] L. Ferretti, F. Magnanini, M. Andreolini, and M. Colajanni, “Survivable zero trust for cloud computing environments,” Computers & Security, vol. 110, p. 102419, Aug. 2021, doi: 10.1016/j.cose.2021.102419.

[8] A. A. Rasheed, R. N. Mahapatra, and F. G. Hamza-Lup, “Adaptive Group-Based Zero Knowledge Proof-Authentication protocol in vehicular ad hoc networks,” IEEE Transactions on Intelligent Transportation Systems, vol. 21, no. 2, pp. 867–881, Mar. 2019, doi: 10.1109/tits.2019.2899321.

[9] H. F. Atlam, M. A. Azad, M. O. Alassafi, A. A. Alshdadi, and A. Alenezi, “Risk-Based Access Control Model: A Systematic Literature review,” Future Internet, vol. 12, no. 6, p. 103, Jun. 2020, doi: 10.3390/fi12060103.

[10] B. Lee, R. Vanickis, F. Rogelio, and P. Jacob, “Situational Awareness based Risk-adaptable Access Control in Enterprise Networks,” Situational Awareness Based Risk-adaptable Access Control in Enterprise Networks, pp. 400–405, Jan. 2017, doi: 10.5220/0006363404000405.