Identity as the New Security Perimeter: The Evolution of Identity and Access Management within Zero Trust Architecture
Main Article Content
Abstract
The rapid evolution of digital transformation, cloud computing, remote work environments, and mobile technologies has significantly weakened traditional perimeter-based cybersecurity models. Conventional security approaches relied heavily on securing organizational network boundaries while assuming that users and devices within the network could be trusted. However, increasing cyber threats, insider attacks, credential theft, and sophisticated attack vectors have demonstrated the limitations of this trust-based model. Consequently, Zero Trust Architecture (ZTA) has emerged as a modern cybersecurity paradigm founded on the principle of “never trust, always verify.” Within this framework, identity has become the central element of security enforcement, replacing the traditional network perimeter. This paper examines the evolution of Identity and Access Management (IAM) from traditional authentication systems to identity-centric security mechanisms that support Zero Trust principles. The paper discusses the role of IAM technologies such as Multi-Factor Authentication, Single Sign-On, Privileged Access Management, adaptive authentication, and behavioral analytics in enabling ZTA. Additionally, the paper explores the challenges associated with implementing IAM in Zero Trust environments, including complexity, privacy concerns, legacy systems integration, and usability issues. Finally, password less authentication, artificial intelligence-driven identity analytics, and decentralized identity systems as emerging trends are discussed which forms the future directions in identity-centric cybersecurity.
Downloads
Article Details
Copyright (c) 2026 Onchoka KN, et al.

This work is licensed under a Creative Commons Attribution 4.0 International License.
Ejiofor OE, Olusoga O, Akinsola A. Zero trust architecture: a paradigm shift in network security. Comput Sci IT Res J. 2025;6(3):104-124. Available from: https://doi.org/10.51594/csitrj.v6i3.1871
Hasan M. Enhancing enterprise security with zero trust architecture: mitigating vulnerabilities and insider threats through continuous verification and least privilege access. 2024. Available from: https://doi.org/10.48550/arXiv.2410.18291
Azad MA, Abdullah S, Arshad J, Lallie H, Ahmed YH. Verify and trust: a multidimensional survey of zero-trust security in the age of IoT. Internet Things (Neth). 2024;27. Available from: https://doi.org/10.1016/j.iot.2024.101227
Rose S, Borchert O, Mitchell S, Connelly S. Zero trust architecture [Internet]. Gaithersburg (MD): National Institute of Standards and Technology; 2020. Available from: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
Intazar M, Zohra T, Ansari NM, Iqbal R, Gul H. Beyond perimeter defenses: implementing zero-trust security models for cloud computing in the era of advanced cyber threats. Glob Res J Nat Sci Technol. 2025:3-5. Available from: https://doi.org/10.53762/grjnst.03.02.02
Filho WLR. The role of zero trust architecture in modern cybersecurity: integration with IAM and emerging technologies. Braz J Dev. 2025;11(1):e76836. Available from: https://doi.org/10.34117/bjdv11n1-060
Ruambo FA, Masanga EE, Lufyagila B, Ateya AA, Abd El-Latif AA, et al. Brute-force attack mitigation on remote access services via software-defined perimeter. Sci Rep. 2025;15(1). Available from: https://doi.org/10.1038/s41598-025-01080-5
Kang H, Liu G, Wang Q, Meng L, Liu J. Theory and application of zero trust security: a brief survey. Entropy (Basel). 2023. Available from: https://doi.org/10.3390/e25121595
He Y, Huang D, Chen L. A survey on zero trust architecture: challenges and future trends. Wirel Commun Mob Comput. 2022;2022. Available from: https://doi.org/10.1155/2022/6476274?urlappend=%3Futm_source%3Dresearchgate.net%26utm_medium%3Darticle
Nahar N, Anderson K, Scheele O. A survey on zero trust architecture: applications and challenges of 6G networks. IEEE Access. 2024;12:94753-94764. Available from: https://doi.org/10.1109/ACCESS.2024.3425350
Dhiman P, Saini N, Gulzar Y, Turaev S, Kaur A, Nisa KU, et al. A review and comparative analysis of relevant approaches of zero trust network model. Sensors (Basel). 2024. Available from: https://doi.org/10.3390/s24041328
Tyler D, Viana T. Trust no one? A framework for assisting healthcare organizations in transitioning to a zero-trust network architecture. Appl Sci (Basel). 2021;11(16). Available from: https://doi.org/10.3390/app11167499
Alibis JAJ, Anadozie CC, Ayodele GTA. Zero trust architecture: beyond perimeter security—implementing continuous authentication and least privilege access. Int J Adv Eng Manag. 2025;7(4):829-841. Available from: https://doi.org/10.35629/5252-0704829841
Premsai R. Cybersecurity risks in identity and access management using an adaptive trust authenticate protocol. Int J Sci Res Eng Manag. 2023. Available from: https://doi.org/10.55041/IJSREM25645
Mushtaq S, Mohsin M, Mushtaq MM. A systematic literature review on the implementation and challenges of zero trust architecture across domains. Sensors (Basel). 2025. Available from: https://doi.org/10.3390/s25196118
Premsai R. Cybersecurity risks in identity and access management using an adaptive trust authenticate protocol. Int J Sci Res Eng Manag. 2024;8(12):1-5. Available from: https://doi.org/10.55041/IJSREM25645
Pal B, Daniel T, Chatterjee R, et al. Beyond credential stuffing: password similarity models using neural networks. 2019. Available from: https://doi.org/10.1109/SP.2019.00056
Hatunic-Webster E, Mtenzi F. Password-based authentication and phishing. Comput Sci. 2011. Available from: https://scholar.google.co.in/citations?view_op=view_citation&hl=vi&user=4mChFLoAAAAJ&citation_for_view=4mChFLoAAAAJ:9yKSN-GCB0IC
Thomas K, Pullman J, Yeo K, Raghunathan A, Kelley PG, Invernizzi L, et al. Protecting accounts from credential stuffing with password breach alerting. 2019. Available from: https://www.usenix.org/conference/usenixsecurity19/presentation/thomas
Konduru SS, Mishra S. Detection of password reuse and credential stuffing: a server-side approach. 2023. Available from: https://scholar.google.com/citations?view_op=view_citation&hl=en&user=WURdJmMAAAAJ&citation_for_view=WURdJmMAAAAJ:u-x6o8ySG0sC
Vinay RM. Decoding role-based access control (RBAC). Int J Sci Res Comput Sci Eng Inf Technol. 2025;11(1):2082-2090. Available from: https://doi.org/10.32628/CSEIT251112211
Oluoha OM, Odeshina A, Reis O, Okpeke I, Attipoe V, Orieno OH. A unified framework for risk-based access control and identity management in compliance-critical environments. J Front Multidiscip Res. 2022;3(1):23-34. Available from: https://www.multidisciplinaryfrontiers.com/uploads/archives/20250408184820_FMR-2025-1-041.1.pdf
Naik N, Jenkins P. Identity management and access control trends in cloud computing. In: Proceedings of the 11th International Conference on Research Challenges in Information Science. IEEE; 2017.
Dammalapati PK. Understanding federated identity management: architecture, protocols and implementation. World J Adv Eng Technol Sci. 2025;15(3):401-411. Available from: https://wjaets.com/sites/default/files/fulltext_pdf/WJAETS-2025-0919.pdf
Pohn D, Hommel W. New directions and challenges within identity and access management. IEEE Commun Stand Mag. 2023;7(2):84-90. Available from: https://doi.org/10.1109/MCOMSTD.0006.2200077
Akpe OE, Kisina D, Owoade S, Uzoka IC, Ubanadu BC, Daraojimba AI. Advances in federated authentication and identity management for scalable digital platforms. J Front Multidiscip Res. 2021;2(1):87-93. Available from: https://www.multidisciplinaryfrontiers.com/uploads/archives/20250509191753_FMR-2025-1-100.1.pdf
Ugbaja US, Nwabekee US, Owobu WO, et al. Conceptual framework for role-based network access management to minimize unauthorized data exposure across IT environments. Int J Soc Sci Except Res. 2023;2(1):211-221. Available from: https://www.allsocialsciencejournal.com/uploads/archives/20250425152138_SER-2025-2-042.1.pdf
Kendyala SH, Byri A, Kumar A. Implementing adaptive authentication using risk-based analysis in federated systems. 2025;12:430. Available from: https://doi.org/10.2139/ssrn.5074862
Dasu LS, Dhamija M, Dishitha G. Defending against identity threats using risk-based authentication. Cybern Inf Technol. 2023;23(2):105-123. Available from: https://doi.org/10.2478/cait-2023-0016
Vikas P. Role of identity and access management in zero trust architecture for cloud security: challenges and solutions. Int J Adv Res Sci Commun Technol. 2025:6-18. Available from: https://doi.org/10.48175/IJARSCT-23902
Guntaka NYR. Zero trust and cloud identity: building a resilient security framework. Int J Sci Res Comput Sci Eng Inf Technol. 2025;11(1):3450-3460. Available from: https://doi.org/10.32628/CSEIT251112368
Agarwal S, Mehra S, Sathar S. CHEZ PL: a hyper-extensible AI-integrated zero-trust CIAM-PAM framework for enterprise security modernization. 2025. Available from: https://arxiv.org/pdf/2501.01732
Rivera JD, Muhammad A, Song WC. Securing digital identity in the zero trust architecture: a blockchain approach to privacy-focused multi-factor authentication. IEEE Open J Commun Soc. 2024;5:2792-2814. Available from:
Ganapathi A. Zero trust evolution: advanced architectures for resilient cloud-native IAM systems. Int J Sci Res Comput Sci Eng Inf Technol. 2025;11(1):679-685. Available from: https://doi.org/10.1109/OJCOMS.2024.3391728
Yusop MIM, Kamarudin NH, Suhaimi NHS, et al. Advancing passwordless authentication: a systematic review of methods, challenges, and future directions for secure user identity. IEEE Access. 2025;13:13919-13943. Available from: https://doi.org/10.1109/ACCESS.2025.3528960
Kabanda R, Ajayi R, Michael PO. Defending against AI-driven phishing and malicious URLs. Int J Sci Res Comput Sci Eng Inf Technol. 2026;12(1):410-425. Available from: https://doi.org/10.32628/CSEIT26121314
Bicakci K, Varli FM, Korkmaz ME. QES-backed virtual FIDO2 authenticators: architectural options for secure, synchronizable WebAuthn credentials. 2026. Available from: https://doi.org/10.48550/arXiv.2601.06554
Bicakci K, Drobi A. QRAuth: a secure and accessible Web authentication alternative to FIDO2. In: Proc 16th Int Conf Information Security and Cryptology (ISCTURKEY). 2023. Available from: https://research.itu.edu.tr/en/publications/qrauth-a-secure-and-accessible-web-authentication-alternative-to-/
Bindel N, Cremers C, Zhao M. FIDO2, CTAP 2.1, and WebAuthn 2: provable security and post-quantum instantiation. 2023. Available from: https://doi.org/10.1109/SP46215.2023.10179454
Barbosa M, Boldyreva A, Chen S. Provable security analysis of FIDO2. Lect Notes Comput Sci. 2021:125-156. Available from: https://par.nsf.gov/servlets/purl/10319868
Jimmy F. Zero trust security: reimagining cyber defense for modern organizations. Int J Sci Res Manag. 2022;10(4):887-905. Available from: https://doi.org/10.18535/ijsrm/v10i4.ec11
Phanireddy S. AI-driven identity access management (IAM). Int J Sci Res Eng Manag. 2021;5(6):1-9. Available from: https://doi.org/10.55041/IJSREM8931
Vitla S. The future of identity and access management: leveraging AI for enhanced security and efficiency. 2024. Available from: https://doi.org/10.32996/jcsts.2024.6.3.12
Oyebode O. Explainable deep learning integrated with decentralized identity systems to combat bias, enhance trust, and ensure fairness in algorithmic governance. World J Adv Res Rev. 2024;21(2):2146-2166. Available from: https://doi.org/10.30574/wjarr.2024.21.2.0595
Aboukadri S, Ouaddah A, Mezrioui A. Machine learning in identity and access management systems: survey and deep dive. Comput Secur. 2024;139:103729. Available from: https://doi.org/10.1016/j.cose.2024.103729
Sunil V, Grandhi K. Identity and access management transformation in large enterprises: a case study analysis. 2025. Available from: https://doi.org/10.32996/jcsts.2025.7.5.42
Bommareddy AR. Strengthening cybersecurity resilience in federal financial systems through zero-trust architectures. 2025.
Sunkara G. Implementing zero trust architecture in modern enterprise networks. SAMRIDDHI. 2025;17(3):1-11.
Owobu WO, Abieba OA, Gbenle P. Review of enterprise communication security architectures for improving confidentiality, integrity and availability in digital workflows. Int J Adv Multidiscip Res Stud. 2024;4(6):1417-1426. Available from: https://doi.org/10.62225/2583049X.2024.4.6.4024
Dakić V, Morić Z, Kapulica A. Analysis of Azure zero trust architecture implementation for mid-size organizations. J Cybersecur Priv. 2025;5(1). Available from: https://doi.org/10.20944/preprints202407.1454.v1
Fadare KO. Optimizing data center security with zero trust architecture. Int J Eng Adv Technol Stud. 2025;13(3):71-96. Available from: https://doi.org/10.37745/ijeats.13/vol13n37196
Dotse SK, Sebuabe SY, Obeng A. Zero trust architecture implementation in enterprise networks: evaluating effectiveness against cyber threats. Int J Comput Appl. 2025. Available from: https://doi.org/10.5120/ijca2025925740
Srinivas K, Rasveen, Kavitha. Evaluating the effectiveness of zero-trust architectures in modern cyber security. In: Proceedings of the Institute of Electrical and Electronics Engineers (IEEE). 2025. p. 1-5. Available from: https://doi.org/10.1109/ICSIT65336.2025.11294850
Adahman Z, Malik AW, Anwar Z. An analysis of zero-trust architecture and its cost-effectiveness for organizational security. Comput Secur. 2022;122:102911. Available from: https://doi.org/10.1016/j.cose.2022.102911
Chiagozie UV. From legacy to zero-trust: migration strategies, cost-benefit analysis, and security gains in mid-sized enterprises. 2024. Available from: https://orcid.org/0009-0005-7719-723X
Rajesh RN. Zero-trust architecture: redefining enterprise security paradigms. World J Adv Res Rev. 2025;26(2):968-977. Available from: https://doi.org/10.30574/wjarr.2025.26.2.1684
Raza MdA, Hossain MA, Mahjabeen F. Evaluating the human factor in bank cybersecurity: strategies for improving employee awareness and reducing insider threats. Indones J Adv Res. 2025;4(1):1-20. Available from: https://doi.org/10.55927/ijar.v4i1.13399
Ayanbode N, Abieba OA, Chukwurah N. Human factors in fintech cybersecurity: addressing insider threats and behavioral risks. Int J Multidiscip Res Growth Eval. 2024;5(1):1350-1356. Available from: https://doi.org/10.54660/.IJMRGE.2024.5.1.1350-1356
Jimmy F. AI-driven identity and access management: opportunities, challenges, and future directions. Journal. 2025;8:2. Available from: https://doi.org/10.60087/jaigs.v8i02.418
Ghafir I, Saleem J, Hammoudeh M. Security threats to critical infrastructure: the human factor. J Supercomput. 2018;74(10):4986-5002. Available from: https://doi.org/10.1007/s11227-018-2337-2?urlappend=%3Futm_source%3Dresearchgate.net%26utm_medium%3Darticle
Čučko Š, Turkanović M. Decentralized and self-sovereign identity: systematic mapping study. IEEE Access. 2021;9:139009-139027. Available from: https://doi.org/10.1109/ACCESS.2021.3117588