Identity as the New Security Perimeter: The Evolution of Identity and Access Management within Zero Trust Architecture

Main Article Content

Kevin Nehemiah Onchoka
Zachary Omariba Bosire
Peter Kiprono Kemei

Abstract

The rapid evolution of digital transformation, cloud computing, remote work environments, and mobile technologies has significantly weakened traditional perimeter-based cybersecurity models. Conventional security approaches relied heavily on securing organizational network boundaries while assuming that users and devices within the network could be trusted. However, increasing cyber threats, insider attacks, credential theft, and sophisticated attack vectors have demonstrated the limitations of this trust-based model. Consequently, Zero Trust Architecture (ZTA) has emerged as a modern cybersecurity paradigm founded on the principle of “never trust, always verify.” Within this framework, identity has become the central element of security enforcement, replacing the traditional network perimeter. This paper examines the evolution of Identity and Access Management (IAM) from traditional authentication systems to identity-centric security mechanisms that support Zero Trust principles. The paper discusses the role of IAM technologies such as Multi-Factor Authentication, Single Sign-On, Privileged Access Management, adaptive authentication, and behavioral analytics in enabling ZTA. Additionally, the paper explores the challenges associated with implementing IAM in Zero Trust environments, including complexity, privacy concerns, legacy systems integration, and usability issues. Finally, password less authentication, artificial intelligence-driven identity analytics, and decentralized identity systems as emerging trends are discussed which forms the future directions in identity-centric cybersecurity.

Downloads

Download data is not yet available.

Article Details

Nehemiah Onchoka, K., Omariba Bosire, Z., & Kiprono Kemei, P. (2026). Identity as the New Security Perimeter: The Evolution of Identity and Access Management within Zero Trust Architecture. Trends in Computer Science and Information Technology, 11(1), 68–79. https://doi.org/10.17352/tcsit.000112
Review Articles

Copyright (c) 2026 Onchoka KN, et al.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Ejiofor OE, Olusoga O, Akinsola A. Zero trust architecture: a paradigm shift in network security. Comput Sci IT Res J. 2025;6(3):104-124. Available from: https://doi.org/10.51594/csitrj.v6i3.1871

Hasan M. Enhancing enterprise security with zero trust architecture: mitigating vulnerabilities and insider threats through continuous verification and least privilege access. 2024. Available from: https://doi.org/10.48550/arXiv.2410.18291

Azad MA, Abdullah S, Arshad J, Lallie H, Ahmed YH. Verify and trust: a multidimensional survey of zero-trust security in the age of IoT. Internet Things (Neth). 2024;27. Available from: https://doi.org/10.1016/j.iot.2024.101227

Rose S, Borchert O, Mitchell S, Connelly S. Zero trust architecture [Internet]. Gaithersburg (MD): National Institute of Standards and Technology; 2020. Available from: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

Intazar M, Zohra T, Ansari NM, Iqbal R, Gul H. Beyond perimeter defenses: implementing zero-trust security models for cloud computing in the era of advanced cyber threats. Glob Res J Nat Sci Technol. 2025:3-5. Available from: https://doi.org/10.53762/grjnst.03.02.02

Filho WLR. The role of zero trust architecture in modern cybersecurity: integration with IAM and emerging technologies. Braz J Dev. 2025;11(1):e76836. Available from: https://doi.org/10.34117/bjdv11n1-060

Ruambo FA, Masanga EE, Lufyagila B, Ateya AA, Abd El-Latif AA, et al. Brute-force attack mitigation on remote access services via software-defined perimeter. Sci Rep. 2025;15(1). Available from: https://doi.org/10.1038/s41598-025-01080-5

Kang H, Liu G, Wang Q, Meng L, Liu J. Theory and application of zero trust security: a brief survey. Entropy (Basel). 2023. Available from: https://doi.org/10.3390/e25121595

He Y, Huang D, Chen L. A survey on zero trust architecture: challenges and future trends. Wirel Commun Mob Comput. 2022;2022. Available from: https://doi.org/10.1155/2022/6476274?urlappend=%3Futm_source%3Dresearchgate.net%26utm_medium%3Darticle

Nahar N, Anderson K, Scheele O. A survey on zero trust architecture: applications and challenges of 6G networks. IEEE Access. 2024;12:94753-94764. Available from: https://doi.org/10.1109/ACCESS.2024.3425350

Dhiman P, Saini N, Gulzar Y, Turaev S, Kaur A, Nisa KU, et al. A review and comparative analysis of relevant approaches of zero trust network model. Sensors (Basel). 2024. Available from: https://doi.org/10.3390/s24041328

Tyler D, Viana T. Trust no one? A framework for assisting healthcare organizations in transitioning to a zero-trust network architecture. Appl Sci (Basel). 2021;11(16). Available from: https://doi.org/10.3390/app11167499

Alibis JAJ, Anadozie CC, Ayodele GTA. Zero trust architecture: beyond perimeter security—implementing continuous authentication and least privilege access. Int J Adv Eng Manag. 2025;7(4):829-841. Available from: https://doi.org/10.35629/5252-0704829841

Premsai R. Cybersecurity risks in identity and access management using an adaptive trust authenticate protocol. Int J Sci Res Eng Manag. 2023. Available from: https://doi.org/10.55041/IJSREM25645

Mushtaq S, Mohsin M, Mushtaq MM. A systematic literature review on the implementation and challenges of zero trust architecture across domains. Sensors (Basel). 2025. Available from: https://doi.org/10.3390/s25196118

Premsai R. Cybersecurity risks in identity and access management using an adaptive trust authenticate protocol. Int J Sci Res Eng Manag. 2024;8(12):1-5. Available from: https://doi.org/10.55041/IJSREM25645

Pal B, Daniel T, Chatterjee R, et al. Beyond credential stuffing: password similarity models using neural networks. 2019. Available from: https://doi.org/10.1109/SP.2019.00056

Hatunic-Webster E, Mtenzi F. Password-based authentication and phishing. Comput Sci. 2011. Available from: https://scholar.google.co.in/citations?view_op=view_citation&hl=vi&user=4mChFLoAAAAJ&citation_for_view=4mChFLoAAAAJ:9yKSN-GCB0IC

Thomas K, Pullman J, Yeo K, Raghunathan A, Kelley PG, Invernizzi L, et al. Protecting accounts from credential stuffing with password breach alerting. 2019. Available from: https://www.usenix.org/conference/usenixsecurity19/presentation/thomas

Konduru SS, Mishra S. Detection of password reuse and credential stuffing: a server-side approach. 2023. Available from: https://scholar.google.com/citations?view_op=view_citation&hl=en&user=WURdJmMAAAAJ&citation_for_view=WURdJmMAAAAJ:u-x6o8ySG0sC

Vinay RM. Decoding role-based access control (RBAC). Int J Sci Res Comput Sci Eng Inf Technol. 2025;11(1):2082-2090. Available from: https://doi.org/10.32628/CSEIT251112211

Oluoha OM, Odeshina A, Reis O, Okpeke I, Attipoe V, Orieno OH. A unified framework for risk-based access control and identity management in compliance-critical environments. J Front Multidiscip Res. 2022;3(1):23-34. Available from: https://www.multidisciplinaryfrontiers.com/uploads/archives/20250408184820_FMR-2025-1-041.1.pdf

Naik N, Jenkins P. Identity management and access control trends in cloud computing. In: Proceedings of the 11th International Conference on Research Challenges in Information Science. IEEE; 2017.

Dammalapati PK. Understanding federated identity management: architecture, protocols and implementation. World J Adv Eng Technol Sci. 2025;15(3):401-411. Available from: https://wjaets.com/sites/default/files/fulltext_pdf/WJAETS-2025-0919.pdf

Pohn D, Hommel W. New directions and challenges within identity and access management. IEEE Commun Stand Mag. 2023;7(2):84-90. Available from: https://doi.org/10.1109/MCOMSTD.0006.2200077

Akpe OE, Kisina D, Owoade S, Uzoka IC, Ubanadu BC, Daraojimba AI. Advances in federated authentication and identity management for scalable digital platforms. J Front Multidiscip Res. 2021;2(1):87-93. Available from: https://www.multidisciplinaryfrontiers.com/uploads/archives/20250509191753_FMR-2025-1-100.1.pdf

Ugbaja US, Nwabekee US, Owobu WO, et al. Conceptual framework for role-based network access management to minimize unauthorized data exposure across IT environments. Int J Soc Sci Except Res. 2023;2(1):211-221. Available from: https://www.allsocialsciencejournal.com/uploads/archives/20250425152138_SER-2025-2-042.1.pdf

Kendyala SH, Byri A, Kumar A. Implementing adaptive authentication using risk-based analysis in federated systems. 2025;12:430. Available from: https://doi.org/10.2139/ssrn.5074862

Dasu LS, Dhamija M, Dishitha G. Defending against identity threats using risk-based authentication. Cybern Inf Technol. 2023;23(2):105-123. Available from: https://doi.org/10.2478/cait-2023-0016

Vikas P. Role of identity and access management in zero trust architecture for cloud security: challenges and solutions. Int J Adv Res Sci Commun Technol. 2025:6-18. Available from: https://doi.org/10.48175/IJARSCT-23902

Guntaka NYR. Zero trust and cloud identity: building a resilient security framework. Int J Sci Res Comput Sci Eng Inf Technol. 2025;11(1):3450-3460. Available from: https://doi.org/10.32628/CSEIT251112368

Agarwal S, Mehra S, Sathar S. CHEZ PL: a hyper-extensible AI-integrated zero-trust CIAM-PAM framework for enterprise security modernization. 2025. Available from: https://arxiv.org/pdf/2501.01732

Rivera JD, Muhammad A, Song WC. Securing digital identity in the zero trust architecture: a blockchain approach to privacy-focused multi-factor authentication. IEEE Open J Commun Soc. 2024;5:2792-2814. Available from:

Ganapathi A. Zero trust evolution: advanced architectures for resilient cloud-native IAM systems. Int J Sci Res Comput Sci Eng Inf Technol. 2025;11(1):679-685. Available from: https://doi.org/10.1109/OJCOMS.2024.3391728

Yusop MIM, Kamarudin NH, Suhaimi NHS, et al. Advancing passwordless authentication: a systematic review of methods, challenges, and future directions for secure user identity. IEEE Access. 2025;13:13919-13943. Available from: https://doi.org/10.1109/ACCESS.2025.3528960

Kabanda R, Ajayi R, Michael PO. Defending against AI-driven phishing and malicious URLs. Int J Sci Res Comput Sci Eng Inf Technol. 2026;12(1):410-425. Available from: https://doi.org/10.32628/CSEIT26121314

Bicakci K, Varli FM, Korkmaz ME. QES-backed virtual FIDO2 authenticators: architectural options for secure, synchronizable WebAuthn credentials. 2026. Available from: https://doi.org/10.48550/arXiv.2601.06554

Bicakci K, Drobi A. QRAuth: a secure and accessible Web authentication alternative to FIDO2. In: Proc 16th Int Conf Information Security and Cryptology (ISCTURKEY). 2023. Available from: https://research.itu.edu.tr/en/publications/qrauth-a-secure-and-accessible-web-authentication-alternative-to-/

Bindel N, Cremers C, Zhao M. FIDO2, CTAP 2.1, and WebAuthn 2: provable security and post-quantum instantiation. 2023. Available from: https://doi.org/10.1109/SP46215.2023.10179454

Barbosa M, Boldyreva A, Chen S. Provable security analysis of FIDO2. Lect Notes Comput Sci. 2021:125-156. Available from: https://par.nsf.gov/servlets/purl/10319868

Jimmy F. Zero trust security: reimagining cyber defense for modern organizations. Int J Sci Res Manag. 2022;10(4):887-905. Available from: https://doi.org/10.18535/ijsrm/v10i4.ec11

Phanireddy S. AI-driven identity access management (IAM). Int J Sci Res Eng Manag. 2021;5(6):1-9. Available from: https://doi.org/10.55041/IJSREM8931

Vitla S. The future of identity and access management: leveraging AI for enhanced security and efficiency. 2024. Available from: https://doi.org/10.32996/jcsts.2024.6.3.12

Oyebode O. Explainable deep learning integrated with decentralized identity systems to combat bias, enhance trust, and ensure fairness in algorithmic governance. World J Adv Res Rev. 2024;21(2):2146-2166. Available from: https://doi.org/10.30574/wjarr.2024.21.2.0595

Aboukadri S, Ouaddah A, Mezrioui A. Machine learning in identity and access management systems: survey and deep dive. Comput Secur. 2024;139:103729. Available from: https://doi.org/10.1016/j.cose.2024.103729

Sunil V, Grandhi K. Identity and access management transformation in large enterprises: a case study analysis. 2025. Available from: https://doi.org/10.32996/jcsts.2025.7.5.42

Bommareddy AR. Strengthening cybersecurity resilience in federal financial systems through zero-trust architectures. 2025.

Sunkara G. Implementing zero trust architecture in modern enterprise networks. SAMRIDDHI. 2025;17(3):1-11.

Owobu WO, Abieba OA, Gbenle P. Review of enterprise communication security architectures for improving confidentiality, integrity and availability in digital workflows. Int J Adv Multidiscip Res Stud. 2024;4(6):1417-1426. Available from: https://doi.org/10.62225/2583049X.2024.4.6.4024

Dakić V, Morić Z, Kapulica A. Analysis of Azure zero trust architecture implementation for mid-size organizations. J Cybersecur Priv. 2025;5(1). Available from: https://doi.org/10.20944/preprints202407.1454.v1

Fadare KO. Optimizing data center security with zero trust architecture. Int J Eng Adv Technol Stud. 2025;13(3):71-96. Available from: https://doi.org/10.37745/ijeats.13/vol13n37196

Dotse SK, Sebuabe SY, Obeng A. Zero trust architecture implementation in enterprise networks: evaluating effectiveness against cyber threats. Int J Comput Appl. 2025. Available from: https://doi.org/10.5120/ijca2025925740

Srinivas K, Rasveen, Kavitha. Evaluating the effectiveness of zero-trust architectures in modern cyber security. In: Proceedings of the Institute of Electrical and Electronics Engineers (IEEE). 2025. p. 1-5. Available from: https://doi.org/10.1109/ICSIT65336.2025.11294850

Adahman Z, Malik AW, Anwar Z. An analysis of zero-trust architecture and its cost-effectiveness for organizational security. Comput Secur. 2022;122:102911. Available from: https://doi.org/10.1016/j.cose.2022.102911

Chiagozie UV. From legacy to zero-trust: migration strategies, cost-benefit analysis, and security gains in mid-sized enterprises. 2024. Available from: https://orcid.org/0009-0005-7719-723X

Rajesh RN. Zero-trust architecture: redefining enterprise security paradigms. World J Adv Res Rev. 2025;26(2):968-977. Available from: https://doi.org/10.30574/wjarr.2025.26.2.1684

Raza MdA, Hossain MA, Mahjabeen F. Evaluating the human factor in bank cybersecurity: strategies for improving employee awareness and reducing insider threats. Indones J Adv Res. 2025;4(1):1-20. Available from: https://doi.org/10.55927/ijar.v4i1.13399

Ayanbode N, Abieba OA, Chukwurah N. Human factors in fintech cybersecurity: addressing insider threats and behavioral risks. Int J Multidiscip Res Growth Eval. 2024;5(1):1350-1356. Available from: https://doi.org/10.54660/.IJMRGE.2024.5.1.1350-1356

Jimmy F. AI-driven identity and access management: opportunities, challenges, and future directions. Journal. 2025;8:2. Available from: https://doi.org/10.60087/jaigs.v8i02.418

Ghafir I, Saleem J, Hammoudeh M. Security threats to critical infrastructure: the human factor. J Supercomput. 2018;74(10):4986-5002. Available from: https://doi.org/10.1007/s11227-018-2337-2?urlappend=%3Futm_source%3Dresearchgate.net%26utm_medium%3Darticle

Čučko Š, Turkanović M. Decentralized and self-sovereign identity: systematic mapping study. IEEE Access. 2021;9:139009-139027. Available from: https://doi.org/10.1109/ACCESS.2021.3117588