Implementación de Arquitecturas Zero Trust: Revisión sistemática de beneficios y desventajas

Alex Fidel Gil Villa; Sebastián Alberto Espinoza Dávalos; Alberto Carlos Mendoza de los Santos

doi:10.47796/ing.v8i00.1331

Authors

Alex Fidel Gil Villa Escuela de Ingeniería de Sistemas, Universidad Nacional de Trujillo, La Libertad, Perú https://orcid.org/0009-0002-9869-9325
Sebastián Alberto Espinoza Dávalos Escuela de Ingeniería de Sistemas, Universidad Nacional de Trujillo, La Libertad, Perú https://orcid.org/0009-0004-2946-7760
Alberto Carlos Mendoza de los Santos Escuela de Ingeniería de Sistemas, Universidad Nacional de Trujillo, La Libertad, Perú https://orcid.org/0000-0002-0469-915X

DOI:

https://doi.org/10.47796/ing.v8i00.1331

Keywords:

Zero Trust Architecture, Cybersecurity, Information security

Abstract

Given the constant evolution of digital threats and the inherent limitations of traditional security approaches, Zero Trust Architectures (ZTA) have been developed as an alternative aimed at strengthening the protection of digital environments through continuous verification and contextual access control. This study systematically synthesizes and analyzes the quantifiable benefits, technical limitations, organizational challenges, proposed solutions, and evaluation metrics associated with the implementation of ZTA, considering the technical, cultural, and structural factors that influence its adoption. Through a systematic review conducted in specialized academic databases, twenty articles were analyzed following a rigorous filtering process. The results reveal significant improvements in security posture and a reduction in attack risk, driven by microsegmentation and continuous authentication; however, limitations were identified related to insufficient training, operational complexity in multicloud environments, and organizational resistance to change. It is concluded that the effectiveness of ZTA depends on its strategic integration with standardized frameworks and adequate change management within organizations.

Downloads

Download data is not yet available.

References

Ahmad, I., Gimhana, S., Ahmad, I., y Harjula, E. (2025). Adaptive Trust Architecture for Secure IoT Communication in 6G. IEEE Networking Letters, 7(2), 113–116. https://doi.org/10.1109/lnet.2025.3566909

Ahmadi, S. (2025). Autonomous identity-based threat segmentation for zero trust architecture. Cyber Security and Applications, 100106, 100106. https://doi.org/10.1016/j.csa.2025.100106

Ahmed, S., Shihab, I. F., y Khokhar, A. (2025). Quantum-driven zero trust architecture with dynamic anomaly detection in 7G technology: A neural network approach. Measurement: Digitalization, 2–3(100005), 100005. https://doi.org/10.1016/j.meadig.2025.100005

Ali, B., Gregory, M. A., Li, S., y Dib, O. A. (2024). Implementing zero trust security with dual fuzzy methodology for trust-aware authentication and task offloading in Multi-access Edge Computing. Computer Networks, 241(110197), 110197. https://doi.org/10.1016/j.comnet.2024.110197

Al-Zewairi, M., Almajali, S., Ayyash, M., Rahouti, M., Martinez, F., y Quadar, N. (2025). Multi-stage enhanced zero trust intrusion detection system for unknown attack detection in Internet of Things and traditional networks. ACM Transactions on Privacy and Security, 28(3), 1–28. https://doi.org/10.1145/3725216

Cao, Y., Pokhrel, S. R., Zhu, Y., Doss, R., y Li, G. (2024). Automation and orchestration of Zero trust architecture: Potential solutions and challenges. Machine Intelligence Research, 21(2), 294–317. https://doi.org/10.1007/s11633-023-1456-2

DeCusatis, C., Liengtiraphan, P., Sager, A., y Pinelli, M. (2016, 18 al 20 de noviembre). Implementing zero trust cloud networks with transport access control and first packet authentication [conferencias]. 2016 IEEE International Conference on Smart Cloud (SmartCloud), New York, Estados Unidos. https://doi.org/10.1109/SmartCloud.2016.22

Federici, F., Martintoni, D., y Senni, V. (2023). A zero-trust architecture for remote access in industrial IoT infrastructures. Electronics, 12(3), 566. https://doi.org/10.3390/electronics12030566

Ferretti, L., Magnanini, F., Andreolini, M., y Colajanni, M. (2021). Survivable zero trust for cloud computing environments. Computers & Security, 110(102419), 102419. https://doi.org/10.1016/j.cose.2021.102419

Hasan, S., Amundson, I., y Hardin, D. (2024). Zero-trust design and assurance patterns for cyber–physical systems. Journal of Systems Architecture, 155(103261), 103261. https://doi.org/10.1016/j.sysarc.2024.103261

He, Y., Huang, D., Chen, L., Ni, Y., y Ma, X. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing, 2022(1), 1–13. https://doi.org/10.1155/2022/6476274

Joshi, H. (2025). Emerging technologies driving zero trust maturity across industries. IEEE Open Journal of the Computer Society, 6, 25–36. https://doi.org/10.1109/ojcs.2024.3505056

Katsis, C., Cicala, F., Thomsen, D., Ringo, N., y Bertino, E. (2022, 24 al 27 de abril). Neutron: A graph-based pipeline for zero-trust network architectures [conferencia]. Proceedings of the Twelveth ACM Conference on Data and Application Security and Privacy. Baltimore, Estados Unidos. https://doi.org/10.1145/3508398.3511499

Khurshid, K., Usman Hadi, M., Al Bataineh, M., y Saeed, N. (2025). Securing AIoT Surveillance: Techniques, Challenges, and Solutions. IEEE Open Journal of the Communications Society, 6, 6517–6550. https://doi.org/10.1109/ojcoms.2025.3593311

Nasiruzzaman, Ali, M., Salam, I., y Miraz, M. H. (2025). The evolution of zero Trust Architecture (ZTA) from concept to implementation. En arXiv [cs.CR]. https://doi.org/10.48550/ARXIV.2504.11984

Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., Shamseer, L., Tetzlaff, J. M., Akl, E. A., … (2021). Declaración PRISMA 2020: una guía actualizada para la publicación de revisiones sistemáticas. Revista española de cardiología, 74(9), 790–799. https://doi.org/10.1016/j.recesp.2021.06.016

Peepliwal, A. K., Pandey, H. M., Prakash, S., Chowhan, S. S., Kumar, V., Sharma, R., y Mahajan, A. (2024). A prototype model of zero trust architecture blockchain with EigenTrust-based practical byzantine fault tolerance protocol to manage decentralized clinical trials. Blockchain: Research and Applications, 100232, 100232. https://doi.org/10.1016/j.bcra.2024.100232

Phiayura, P., y Teerakanok, S. (2023). A comprehensive framework for migrating to zero trust architecture. IEEE access: practical innovations, open solutions, 11, 19487–19511. https://doi.org/10.1109/access.2023.3248622

Polinati, A. K. (2025). Hybrid cloud security: Balancing performance, cost, and compliance in multi-cloud deployments. En arXiv [cs.CR]. https://doi.org/10.48550/ARXIV.2506.00426

Ramachandran, H., Smith, R., Awuson K., Al-Hadhrami, T., y Acharya, P. (2025). Towards net zero resilience: A futuristic architectural strategy for cyber-attack defence in industrial control systems (ICS) and operational technology (OT). Computers, Materials & Continua, 82(2), 3619–3641. https://doi.org/10.32604/cmc.2024.054802

Sasada, T., Kawai, M., Masuda, Y., Taenaka, Y., y Kadobayashi, Y. (2023). Factor analysis of learning motivation difference on cybersecurity training with zero trust architecture. IEEE access: practical innovations, open solutions, 11, 141358–141374. https://doi.org/10.1109/access.2023.3341093

Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., y Doss, R. (2022). Zero trust architecture (ZTA): A comprehensive survey. IEEE access: practical innovations, open solutions, 10, 57143–57179. https://doi.org/10.1109/access.2022.3174679

Verma, P. K., Singh, B., Shubham, P., Sharma, K., y Prasad Joshi, R. (2024). Evaluating the effectiveness of Zero Trust Architecture in protecting against advanced persistent threats. ADCAIJ Advances in Distributed Computing and Artificial Intelligence Journal, 13, e31611. https://doi.org/10.14201/adcaij.31611

Wan, T., Shi, B., y Wang, H. (2025). A continuous authentication scheme for zero-trust architecture in industrial internet of things. Alexandria Engineering Journal, 122, 555–563. https://doi.org/10.1016/j.aej.2025.03.012

Yeoh, W., Liu, M., Shore, M., y Jiang, F. (2023). Zero trust cybersecurity: Critical success factors and A maturity assessment framework. Computers & Security, 133(103412), 103412. https://doi.org/10.1016/j.cose.2023.103412

Zanasi, C., Russo, S., y Colajanni, M. (2024). Flexible zero trust architecture for the cybersecurity of industrial IoT infrastructures. Ad Hoc Networks, 156(103414), 103414. https://doi.org/10.1016/j.adhoc.2024.103414

Zyoud, B., y Lebai, S. (2024). The role of information security culture in zero trust adoption: Insights from UAE organizations. IEEE access: practical innovations, open solutions, 12, 72420–72444. https://doi.org/10.1109/access.2024.3402341

Implementing Zero Trust Architectures: A Systematic Review of Benefits and Drawbacks

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Most read articles by the same author(s)

Make a Submission

Language

Information

vicerectorado

VICERRECTORADO DE INVESTIGACIÓN

indices

Keywords

siguenos

Síguenos