Research Article

AN ANALYTICS-DRIVEN, METRICS-BASED FRAMEWORK FOR OPTIMISING SECURITY AND PERFORMANCE IN HYBRID ENTERPRISE ZERO TRUST DEPLOYMENTS

by  Joy Awoleye, Sarah Mavire, Tafirenyika Bonfrey Chatukuta, Enock Katenda
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Issue 16
Published: June 2025
Authors: Joy Awoleye, Sarah Mavire, Tafirenyika Bonfrey Chatukuta, Enock Katenda
10.5120/ijca2025925221
PDF

Joy Awoleye, Sarah Mavire, Tafirenyika Bonfrey Chatukuta, Enock Katenda . AN ANALYTICS-DRIVEN, METRICS-BASED FRAMEWORK FOR OPTIMISING SECURITY AND PERFORMANCE IN HYBRID ENTERPRISE ZERO TRUST DEPLOYMENTS. International Journal of Computer Applications. 187, 16 (June 2025), 42-56. DOI=10.5120/ijca2025925221

                        @article{ 10.5120/ijca2025925221,
                        author  = { Joy Awoleye,Sarah Mavire,Tafirenyika Bonfrey Chatukuta,Enock Katenda },
                        title   = { AN ANALYTICS-DRIVEN, METRICS-BASED FRAMEWORK FOR OPTIMISING SECURITY AND PERFORMANCE IN HYBRID ENTERPRISE ZERO TRUST DEPLOYMENTS },
                        journal = { International Journal of Computer Applications },
                        year    = { 2025 },
                        volume  = { 187 },
                        number  = { 16 },
                        pages   = { 42-56 },
                        doi     = { 10.5120/ijca2025925221 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2025
                        %A Joy Awoleye
                        %A Sarah Mavire
                        %A Tafirenyika Bonfrey Chatukuta
                        %A Enock Katenda
                        %T AN ANALYTICS-DRIVEN, METRICS-BASED FRAMEWORK FOR OPTIMISING SECURITY AND PERFORMANCE IN HYBRID ENTERPRISE ZERO TRUST DEPLOYMENTS%T 
                        %J International Journal of Computer Applications
                        %V 187
                        %N 16
                        %P 42-56
                        %R 10.5120/ijca2025925221
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

The recognition of ZTA as a burgeoning cybersecurity paradigm essentially means that protection is being shifted from static network perimeters to continuous, identity- and asset-centric controls. The rapid adoption of remote working, cloud services, and mobile telecommunications has effectively "collapsed" the traditional perimeters, making organizations vulnerable to attacks that exploit excessive implicit trust. Zero Trust attempts to solve these challenges by enforcing a rigorous implementation of identity verification, device compliance checks, and fine-grain access policies on every session. But implementing ZT in hybrid enterprises (on-premises, cloud, and remote elements) is complicated. This paper presents a generalized evaluation framework for assessing ZTA maturity in multiple dimensions (identity management, multi-factor authentication, network/app segmentation, endpoint detection/response, and behavioral analytics). To illustrate how layered ZT controls provide more vigorous access enforcement and risk mitigation, consider real-world scenarios such as a user of a SaaS application and an IT administrator. Evaluation of case studies and pilot deployments demonstrates that higher ZTA maturity enables tighter access control, reduced lateral movement, and improved incident response times. Performance observations (such as those shown by optimized ZTNA architectures) and comparisons to legacy baselines are provided in tabular formats. A discussion on the main benefits (centralized policy making, least-privilege, and containment of attacks) and challenges (compatibility with legacy systems, user friction, and policy drift) of ZTA was held, along with recommendations for a phased adoption approach that integrates analytics. This review draws on NIST/SP800-207, industry reports, vendor experiences, and case studies to derive a plausible maturity model and realistic guides for hybrid enterprise zero trust implementations.

References
  • Chiodi, M. 2023. "Cybersecurity Awareness Month 2023: The shift to an identity-first world." SC Media, October. Accessed June 27, 2025. https://www.scmagazine.com/perspective/cybersecurity-awareness-month-2023-the-shift-to-an-identity-first-world.
  • Gartner. 2022. "Continuous Adaptive Risk and Trust Assessment (CARTA)." Gartner. https://www.gartner.com/en/documents/4000295.
  • Kindervag, J. 2010. "Build Security Into Your Network’s DNA: The Zero Trust Network Architecture." Forrester Research, Inc. https://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf.
  • Rose, S., O. Borchert, S. Mitchell, and S. Connelly. 2020. Zero Trust Architecture (NIST Special Publication 800-207). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207.
  • Okta, Inc. 2024. "Enabling Zero Trust through the Okta Security Identity Commitment." White paper. Okta. Accessed June 27, 2025. https://www.okta.com.
  • SentinelOne. 2022. "What is Zero Trust Architecture (ZTA)?" SentinelOne Cybersecurity Resource. Accessed June 27, 2025. https://www.sentinelone.com/cybersecurity-101/identity-security/zero-trust-architecture/.
  • Hassan, M. 2024. "Enhancing Enterprise Security with Zero Trust Architecture." arXiv. https://arxiv.org/abs/2410.18291.
  • Palo Alto Networks. 2025. "Zero Trust Network Access (ZTNA)." Palo Alto Networks. https://www.paloaltonetworks.com/sase/ztna.
  • Akamai Technologies. 2025. "Enterprise Application Access." Akamai Technologies. https://www.akamai.com/products/enterprise-application-access. * Note: The URL provided had extra characters Cloud Security Solutions+2Akamai+2Akamai+2 which I removed, assuming it was a copy-paste error. Please verify the exact URL if this is not correct.
  • Zscaler. 2025. "What Is the Zero Trust Exchange?" Zscaler. https://www.zscaler.com/resources/security-terms-glossary/what-is-zero-trust-exchange.
  • Cloudflare. 2025. "Cloudflare One vs Zscaler Zero Trust Exchange." Cloudflare Blog. https://blog.cloudflare.com/cloudflare-one-vs-zscaler-zero-trust-exchange/.
  • Cybersecurity and Infrastructure Security Agency (CISA). 2021. Zero Trust Maturity Model (Version 1.0). U.S. Department of Homeland Security. https://www.cisa.gov/sites/default/files/publications/cisa-zero-trust-maturity-model.pdf.
  • SecureSky. 2022. The Modern Enterprise-Level Security Stack (Version 6.0). SecureSky. https://securesky.com/wp-content/uploads/2022/03/Modern-Enterprise-Level-Security-Stack-eBook-v6.0.pdf.
  • NordLayer. 2023. "Benefits & Challenges of Zero Trust: What businesses need to know." NordLayer. Accessed June 27, 2025. https://nordlayer.com/learn/zero-trust/benefits/.
  • ISACA. 2023. "Where does Zero Trust fall short?" ISACA. https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2023/volume-39/where-does-zero-trust-fall-short.
  • Microsoft. n.d. "Identity: The first pillar of a Zero Trust security architecture." Microsoft Learn. Accessed June 27, 2025. https://learn.microsoft.com/en-us/security/zero-trust/deploy/identity.
  • Cao, Y., S. R. Pokhrel, Y. Zhu, R. Doss, and G. Li. 2024. "Automation and orchestration of Zero Trust architecture: Potential solutions and challenges." Machine Intelligence Research 21, no. 1: 294–317. https://doi.org/10.1007/s11633-023-1456-2.
  • Forrester. 2023. "The Secrets of Successful Zero Trust Deployments." Accessed June 27, 2025. https://www.forrester.com/report/the-secrets-of-successful-zero-trust-deployments/RES179667.
  • Cloud Security Alliance. 2024. "Zero Trust automation & orchestration and visibility & analytics overview." Cloud Security Alliance. https://cloudsecurityalliance.org/artifacts/zero-trust-automation-orchestration-and-visibility-analytics-overview.
  • National Institute of Standards and Technology. n.d. "Implementing a Zero Trust architecture: Project overview." NIST. https://pages.nist.gov/zero-trust-architecture/VolumeA/ProjectOverview.html.
  • Microsoft. 2024. "Integrate SaaS apps for Zero Trust with Microsoft 365." Microsoft Learn. https://learn.microsoft.com/en-us/security/zero-trust/integrate-saas-apps.
  • Cloudflare. 2023. "Cloudflare’s Zero Trust integrations brief." Cloudflare. https://www.cloudflare.com/static/ebd4212dd4a06fce0077892af5cb1abd/Cloudflare_Zero_Trust_Integrations_Brief.pdf.
  • Ping Identity. 2023. "Three breaches that Zero Trust could have prevented." Ping Identity Blog. https://www.pingidentity.com/en/resources/blog/post/three-breaches-zero-trust-could-have-been-prevented.html.
  • Business Insider. 2025. "A company that helped build SoFi Stadium and the Burj Khalifa started using AR headsets and a zero-trust network. It cut costs by thousands." Business Insider, April 9. https://www.businessinsider.com/manufacturer-augmented-reality-vpn-zero-trust-network-for-connection-collaboration-2025-4.
  • Acronis. 2023. "Securing legacy OT systems without disrupting operations." Acronis Blog, March 10. https://www.acronis.com/en-us/blog/posts/securing-legacy-ot-systems-without-disrupting-operations/.
  • Fortinet. 2023. "Zero Trust for OT environments: A practical approach." Fortinet. https://www.fortinet.com/content/dam/fortinet/assets/white-papers/pov-zero-trust-for-ot.pdf.
  • Platview. 2022. "Zero Trust for legacy systems: Challenges and fixes." Platview, October 5. https://platview.com/zero-trust-for-legacy-systems-challenges-and-fixes/.
  • Murphy, S. 2025. "Six common pitfalls to avoid when implementing a Zero Trust model." WEI Tech Exchange. https://blog.wei.com/six-common-pitfalls-to-avoid-when-implementing-a-zero-trust-model.
  • Murphy, S. 2025. "Six common pitfalls to avoid when implementing a Zero Trust model." WEI Tech Exchange. https://blog.wei.com/six-common-pitfalls-to-avoid-when-implementing-a-zero-trust-model.
  • Cybersecurity and Infrastructure Security Agency (CISA). 2023. "Implementing phishing-resistant MFA." CISA. Accessed June 27, 2025. https://www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf. * Note: This entry seems distinct from the CISA 2023 Zero Trust Maturity Model.
  • Microsoft. 2023. "Plan a phishing-resistant passwordless authentication deployment in Microsoft Entra ID." Microsoft Learn. Accessed June 27, 2025. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-deploy-phishing-resistant-passwordless-authentication.
  • Cisco Systems, Inc. 2020. "Zero Trust 101." Cisco. https://www.cisco.com/c/en/us/products/collateral/security/white-paper-c11-743532.pdf.
  • Gupta, D. 2025. "SSO protocols: SAML, OAuth & SCIM enterprise identity management." Accessed June 27, 2025. https://guptadeepak.com/sso-deep-dive-saml-oauth-and-scim-in-enterprise-identity-management/.
  • Microsoft. 2024a. "Zero Trust for identity integration overview." Microsoft Learn, February 15. https://learn.microsoft.com/en-us/security/zero-trust/integrate/identity.
  • ManageEngine. 2023. "Integrating UEBA with Zero Trust to secure business." ManageEngine. https://download.manageengine.com/log-management/ebooks/integrating-ueba-with-zero-trust-to-secure-business.pdf.
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Zero Trust Architecture (ZTA) Hybrid Enterprise Maturity Model; Identity and Access Management (IAM); Multi-Factor Authentication (MFA); Network Segmentation; Endpoint Detection and Response (EDR); Behavioral Analytics; Zero Trust Network Access (ZTNA)

Powered by PhDFocusTM