A Lightweight Zero-Trust Architecture Implementation for Enhancing Cybersecurity in Small and Medium-Sized Enterprises
Main Article Content
Keywords
SMEs, Zero Trust, Cybersecurity, Digital Ecosystem, Authorization
Abstract
Confronted by resource limitations and sophisticated cyber threats, Small and Medium Enterprises (SMEs) require tailored cybersecurity solutions. This research introduces and validates a Lightweight Zero-Trust Architecture (LZTA) specifically designed for SMEs. The proposed LZTA effectively integrates contextual access verification, multi-factor authentication, and role-based access control to ensure robust security without imposing excessive costs. Crucially, rigorous benchmarking demonstrated that the LZTA manages high-concurrency loads while significantly outperforming conventional and open-source Zero-Trust baselines in both response time and throughput. This work delivers a practical and high-performance blueprint for SMEs to adopt Zero-Trust principles, effectively balancing robust security with the operational constraints of smaller organisations.
References
Al Mansur, A., & Zaman, T. (2023). User Behavior Analytics in Advanced Persistent Threats: A Comprehensive Review of Detection and Mitigation Strategies 2023 7th International Symposium on Innovative Approaches in Smart Technologies (ISAS), IEEE, 1-6. https://doi.org/10.1109/ISAS60782.2023.10391553
Alex, B., & Taylor, L. (2022). Spring Security. Sping.io. Retrieved May 30, 2025 from https://docs.spring.io/spring-security/site/docs/3.2.0.RC1/reference/pdf/spring-security-reference.pdf
Allianz. (2024a). Identifying the major business risks for 2024. Retrieved May 30, 2025 from https://commercial.allianz.com/content/dam/onemarketing/commercial/commercial/reports/Allianz-Risk-Barometer-2024.pdf
Allianz. (2024b). Leading risks for small enterprise companies worldwide from 2018 to 2024. Retrieved May 30, 2025 from https://www.statista.com/statistics/1018196/leading-small-business-risks-globally/
Bashir, T. (2024). Zero Trust Architecture: Enhancing cybersecurity in enterprise networks. Journal of Computer Science and Technology Studies, 6(4), 54-59. https://doi.org/10.32996/jcsts
Basta, N., Ikram, M., Kaafar, M. A., & Walker, A. (2022). Towards a zero-trust micro-segmentation network security strategy: an evaluation framework NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, IEEE, 1-7. https://doi.org/10.1109/NOMS54207.2022.9789888
Bellamkonda, S. (2022). Zero Trust Architecture Implementation: Strategies, Challenges, and Best Practices. International Journal of Communication Networks and Information Security, 14, 587-591.
Benjamin, L. B., Adegbola, A. E., Amajuoyi, P., Adegbola, M. D., & Adeusi, K. B. (2024). Digital transformation in SMEs: Identifying cybersecurity risks and developing effective mitigation strategies. Global Journal of Engineering and Technology Advances, 19(2), 134-153. https://doi.org/10.30574/gjeta.2024.19.2.0084
Buck, C., Olenberger, C., Schweizer, A., Völter, F., & Eymann, T. (2021). Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Computers & Security, 110, 102436. https://doi.org/10.1016/j.cose.2021.102436
Cisco. (2024a). Biggest cybersecurity risks for organizations worldwide as of February 2024, by type. Retrieved May 30, 2025 from https://www-statista-com.ezproxy.lib.uwstout.edu/statistics/1474901/companies-biggest-cyber-threats-by-type/
Cisco. (2024b). Most challenging areas for companies worldwide to protect against cyberattacks as of February 2024. Retrieved May 30, 2025 from https://www-statista-com.ezproxy.lib.uwstout.edu/statistics/1475088/companies-cybersecurity-challenge-areas/
Dave, D., Sawhney, G., Aggarwal, P., Silswal, N., & Khut, D. (2023). The new frontier of cybersecurity: emerging threats and innovations 2023 29th International Conference on Telecommunications (ICT), IEEE, 1-6. https://doi.org/10.1109/ICT60153.2023.10374044
Dikanski, A., Steinegger, R., & Abeck, S. (2012). Identification and implementation of authentication and authorization patterns in the spring security framework. The Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2012), 14-30.
Dissanayake, N., Jayatilaka, A., Zahedi, M., & Babar, M. A. (2022). Software security patch management-A systematic literature review of challenges, approaches, tools and practices. Information and Software Technology, 144, 106771. https://doi.org/10.1016/j.infsof.2021.106771
Gani, A. B. D., & Fernando, Y. (2023). Digital empathy and supply chain cybersecurity challenges: concept, framework and solutions for small-medium enterprises. International Journal of Management Concepts and Philosophy, 16(1), 1-10. https://doi.org/10.1504/IJMCP.2023.128777
Ghasemshirazi, S., Shirvani, G., & Alipour, M. A. (2023). Zero Trust: Applications, Challenges, and Opportunities. arXiv preprint arXiv:2309.03582.
Gierke, O., Darimont, T., & Strobl, C. (2012). Spring Data JPA-Reference Documentation. Retrieved May 30, 2025 from https://docs.spring.vmware.com/spring-data-jpa-distribution/docs/3.1.13/reference/html/index.html
Gokhale, A., & Kulkarni, S. (2023). Enhanced Zero Trust Implementation--a novel approach for effective network policy management and compliance tracking. Authorea Preprints. https://doi.org/10.22541/au.168517996.68474374/v1
Habash, R. M. (2023). Zero Trust Security Model for Enterprise Networks. Iraqi Journal of Information and Communication Technology, 6(2), 68-77. https://doi.org/10.31987/ijict.6.2.223
Hasan, M. (2024). Enhancing Enterprise Security with Zero Trust Architecture. arXiv preprint arXiv:2410.18291.
He, Y., Huang, D., Chen, L., Ni, Y., & Ma, X. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing, 2022(1), 1-13. https://doi.org/10.1155/2022/6476274
Hong, S., Xu, L., Huang, J., Li, H., Hu, H., & Gu, G. (2023). SysFlow: Toward a programmable zero trust framework for system security. IEEE Transactions on Information Forensics and Security, 18, 2794-2809. https://doi.org/10.1109/TIFS.2023.3264152
IBM. (2024). Cost of a Data Breach Report 2024. Retrieved May 30, 2025 from https://www.ibm.com/downloads/documents/us-en/107a02e94948f4ec
Instillery, T. (2023). Zero Trust vs Traditional Security Models: How Do They Compare? Retrieved May 30, 2025 from https://tinyurl.com/InstilleryZeroTrust
Jayapradha, J., & Singh, J. (2024). A Geo-Fencing Approach for a Location-Based Alert System. In Applications of New Technology in Operations and Supply Chain Management (pp. 1-14). IGI Global. https://doi.org/10.4018/979-8-3693-1578-1.ch001
Jones, M. (2015). JSON web token (JWT). Internet Engineering Task Force (IETF) RFC, 7519.
Kang, H., Liu, G., Wang, Q., Meng, L., & Liu, J. (2023). Theory and application of zero trust security: A brief survey. Entropy, 25(12), 1595. https://doi.org/10.3390/e25121595
Kavitha, D., & Thejas, S. (2024). AI Enabled Threat Detection: Leveraging Artificial Intelligence for Advanced Security and Cyber Threat Mitigation. IEEE access, 12, 173127 - 173136. https://doi.org/10.1109/ACCESS.2024.3493957
Keith, M., Schnicariol, M., Keith, M., & Schnicariol, M. (2010). Object-relational mapping. Pro JPA 2: Mastering the Java™ Persistence API, 69-106.
Khan, M. J. (2023). Zero trust architecture: Redefining network security paradigms in the digital age. World Journal of Advanced Research and Reviews, 19(3), 105-116. https://doi.org/10.30574/wjarr.2023.19.3.1785
Kocksch, L., & Jensen, T. E. (2024). The Mundane Art of Cybersecurity: Living with Insecure IT in Danish Small-and Medium-Sized Enterprises. Proceedings of the ACM on Human-Computer Interaction, 8(CSCW2), 1-17. https://doi.org/10.1145/3686893
Lake, K. (2022). The Benefits of Zero Trust Security to Small and Medium Enterprises. Jumpcloud. Retrieved May 30, 2025 from https://jumpcloud.com/blog/zero-trust-benefits-smes
Luckett, J. (2024). A Zero Trust Roadmap for Consumers and Small Businesses Marymount University]. https://www.proquest.com/docview/3051318191
Lund, B. D., Lee, T.-H., Wang, Z., Wang, T., & Mannuru, N. R. (2024). Zero Trust Cybersecurity: Procedures and Considerations in Context. Encyclopedia, 4(4), 1520-1533. https://doi.org/10.3390/encyclopedia4040099
Manzoor, J., Waleed, A., Jamali, A. F., & Masood, A. (2024). Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs. Plos one, 19(3), e0301183. https://doi.org/10.1371/journal.pone.0301183
Metin, B., Özhan, F. G., & Wynn, M. (2024). Digitalisation and Cybersecurity: Towards an Operational Framework. Electronics, 13(21), 4226. https://doi.org/10.3390/electronics13214226
Mmango, N., & Gundu, T. (2024). Cultivating Collective Armor: Towards a Collaborative Cybersecurity Resilience Framework for SMEs. European Conference on Innovation and Entrepreneurship, 523-531.
Nadella, G. S., Gonaygunta, H., Kumar, D., & Pawar, P. P. (2024). Exploring the impact of AI-driven solutions on cybersecurity adoption in small and medium enterprises. World Journal of Advanced Research and Reviews, 22(1), 1190-1197. https://doi.org/10.30574/wjarr.2024.22.1.1185
NAVEX. (2024). The State of Cybersecurity for Small and Medium Businesses. Retrieved May 30, 2025 from https://www.navex.com/en-us/blog/article/the-state-of-cybersecurity-for-small-and-medium-businesses/
Oluokun, A., Idemudia, C., & Iyelolu, T. (2024). Enhancing digital access and inclusion for SMEs in the financial services industry through cybersecurity GRC: A pathway to safer digital ecosystems. Computer Science & IT Research Journal, 5(7), 1576-1604. https://doi.org/10.51594/csitrj.v5i7.1277
Peffers, K., Tuunanen, T., Rothenberger, M. A., & Chatterjee, S. (2007). A design science research methodology for information systems research. Journal of management information systems, 24(3), 45-77. https://doi.org/10.2753/MIS0742-1222240302
Proofpoint. (2024). Most significant cybersecurity threats in organizations worldwide according to Chief Information Security Officers (CISO) as of February 2024. Retrieved May 30, 2025 from https://www.statista.com/statistics/1350460/cybersecurity-threats-at-companies-worldwide-cisos/
Rahman, A., Indrajit, E., Unggul, A., & Dazki, E. (2024). Implementation of Zero Trust Security in MSME Enterprise Architecture: Challenges and Solutions. Sinkron: jurnal dan penelitian teknik informatika, 8(3), 2077-2087. https://doi.org/10.33395/sinkron.v8i3.13949
Ramesh Chidirala, D. P., Henrique Trevisan, and Yeswanth Narra. (2024). Implementing Zero Trust Security: A Practical Approach for SMBs. AWS. Retrieved May 30, 2025 from https://aws.amazon.com/blogs/smb/implementing-zero-trust-security-a-practical-approach-for-smbs/
Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture. In NIST Special Publication 800-207: National Institute of Standards and Technology.
S-RM. (2023). What were the biggest cyber security challenges for organizations in the United States and the United Kingdom in 2023? Retrieved May 30, 2025 from https://www-statista-com.ezproxy.lib.uwstout.edu/statistics/1430256/top-cyber-security-challenges-for-organizations-in-the-us-and-uk/
Saleem, M., Warsi, M., & Islam, S. (2023). Secure information processing for multimedia forensics using zero-trust security model for large scale data analytics in SaaS cloud computing environment. Journal of Information Security and Applications, 72, 103389. https://doi.org/10.1016/j.jisa.2022.103389
Samira, Z., Wondaferew, Y., Osundare, O. S., Ekpobimi, H. O., & Kandekere, R. C. (2024). Comprehensive data security and compliance framework for SMEs. Magna Scientia Advanced Research and Reviews, 12(1), 043-055. https://doi.org/10.30574/msarr.2024.12.1.0146
Sandhu, R. S. (1998). Role-based access control. In Advances in computers (Vol. 46, pp. 237-286). Elsevier. https://doi.org/10.1016/S0065-2458(08)60206-5
Shojaifar, A., & Järvinen, H. (2021). Classifying SMEs for approaching cybersecurity competence and awareness Proceedings of the 16th International Conference on Availability, Reliability and Security, ACM, 1-7. https://doi.org/10.1145/3465481.3469200
Skanda, C., Srivatsa, B., & Premananda, B. (2022). Secure Hashing using BCrypt for Cryptographic Applications 2022 IEEE North Karnataka Subsection Flagship International Conference (NKCon), IEEE, 1-5. https://doi.org/10.1109/NKCon56289.2022.10126956
Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., & Doss, R. (2022). Zero trust architecture (zta): A comprehensive survey. IEEE access, 10, 57143-57179. https://doi.org/10.1109/ACCESS.2022.3174679
Syrotynskyi, R., Tyshyk, I., Kochan, O., Sokolov, V., & Skladannyi, P. (2024). Methodology of network infrastructure analysis as part of migration to zero-trust architecture. Cyber Security and Data Protection 2024(3800), 97-105.
Thomas, J., & Galligher, G. (2018). Improving backup system evaluations in information security risk assessments to combat ransomware. Computer and Information Science, 11(1), 14. https://doi.org/10.5539/cis.v11n1p14
Wang, X., Mansour, S., & El-Said, M. (2022). Introducing Zero Trust in a Cybersecurity Course Proceedings of the 23rd Annual Conference on Information Technology Education, ACM, 118-120. https://doi.org/10.1145/3537674.3555779
Worldbank. (2019). Improving SMEs’ access to finance and finding innovative solutions to unlock sources of capital. Retrieved May 30, 2025 from https://www.worldbank.org/en/topic/smefinance
Xie, L., Hang, F., Guo, W., Lv, Y., & Chen, H. (2021). A micro-segmentation protection scheme based on zero trust architecture. ISCTT 2021; 6th International Conference on Information Science, Computer Technology and Transportation, VDE, 1-4.
Xu, W., Xie, Y., Lv, M., Sun, H., Li, A., & Zhao, H. (2022). SDP Security Control Technology Based on Zero Trust 2022 IEEE 4th International Conference on Civil Aviation Safety and Information Technology (ICCASIT), IEEE, 611-616. https://doi.org/10.1109/ICCASIT55263.2022.9986934
Zhang, K., Xu, S., & Shin, B. (2023). Towards Adaptive Zero Trust Model for Secure AI 2023 IEEE Conference on Communications and Network Security (CNS), IEEE, 1-2. https://doi.org/10.1109/CNS59707.2023.10288810
Alex, B., & Taylor, L. (2022). Spring Security. Sping.io. Retrieved May 30, 2025 from https://docs.spring.io/spring-security/site/docs/3.2.0.RC1/reference/pdf/spring-security-reference.pdf
Allianz. (2024a). Identifying the major business risks for 2024. Retrieved May 30, 2025 from https://commercial.allianz.com/content/dam/onemarketing/commercial/commercial/reports/Allianz-Risk-Barometer-2024.pdf
Allianz. (2024b). Leading risks for small enterprise companies worldwide from 2018 to 2024. Retrieved May 30, 2025 from https://www.statista.com/statistics/1018196/leading-small-business-risks-globally/
Bashir, T. (2024). Zero Trust Architecture: Enhancing cybersecurity in enterprise networks. Journal of Computer Science and Technology Studies, 6(4), 54-59. https://doi.org/10.32996/jcsts
Basta, N., Ikram, M., Kaafar, M. A., & Walker, A. (2022). Towards a zero-trust micro-segmentation network security strategy: an evaluation framework NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, IEEE, 1-7. https://doi.org/10.1109/NOMS54207.2022.9789888
Bellamkonda, S. (2022). Zero Trust Architecture Implementation: Strategies, Challenges, and Best Practices. International Journal of Communication Networks and Information Security, 14, 587-591.
Benjamin, L. B., Adegbola, A. E., Amajuoyi, P., Adegbola, M. D., & Adeusi, K. B. (2024). Digital transformation in SMEs: Identifying cybersecurity risks and developing effective mitigation strategies. Global Journal of Engineering and Technology Advances, 19(2), 134-153. https://doi.org/10.30574/gjeta.2024.19.2.0084
Buck, C., Olenberger, C., Schweizer, A., Völter, F., & Eymann, T. (2021). Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Computers & Security, 110, 102436. https://doi.org/10.1016/j.cose.2021.102436
Cisco. (2024a). Biggest cybersecurity risks for organizations worldwide as of February 2024, by type. Retrieved May 30, 2025 from https://www-statista-com.ezproxy.lib.uwstout.edu/statistics/1474901/companies-biggest-cyber-threats-by-type/
Cisco. (2024b). Most challenging areas for companies worldwide to protect against cyberattacks as of February 2024. Retrieved May 30, 2025 from https://www-statista-com.ezproxy.lib.uwstout.edu/statistics/1475088/companies-cybersecurity-challenge-areas/
Dave, D., Sawhney, G., Aggarwal, P., Silswal, N., & Khut, D. (2023). The new frontier of cybersecurity: emerging threats and innovations 2023 29th International Conference on Telecommunications (ICT), IEEE, 1-6. https://doi.org/10.1109/ICT60153.2023.10374044
Dikanski, A., Steinegger, R., & Abeck, S. (2012). Identification and implementation of authentication and authorization patterns in the spring security framework. The Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2012), 14-30.
Dissanayake, N., Jayatilaka, A., Zahedi, M., & Babar, M. A. (2022). Software security patch management-A systematic literature review of challenges, approaches, tools and practices. Information and Software Technology, 144, 106771. https://doi.org/10.1016/j.infsof.2021.106771
Gani, A. B. D., & Fernando, Y. (2023). Digital empathy and supply chain cybersecurity challenges: concept, framework and solutions for small-medium enterprises. International Journal of Management Concepts and Philosophy, 16(1), 1-10. https://doi.org/10.1504/IJMCP.2023.128777
Ghasemshirazi, S., Shirvani, G., & Alipour, M. A. (2023). Zero Trust: Applications, Challenges, and Opportunities. arXiv preprint arXiv:2309.03582.
Gierke, O., Darimont, T., & Strobl, C. (2012). Spring Data JPA-Reference Documentation. Retrieved May 30, 2025 from https://docs.spring.vmware.com/spring-data-jpa-distribution/docs/3.1.13/reference/html/index.html
Gokhale, A., & Kulkarni, S. (2023). Enhanced Zero Trust Implementation--a novel approach for effective network policy management and compliance tracking. Authorea Preprints. https://doi.org/10.22541/au.168517996.68474374/v1
Habash, R. M. (2023). Zero Trust Security Model for Enterprise Networks. Iraqi Journal of Information and Communication Technology, 6(2), 68-77. https://doi.org/10.31987/ijict.6.2.223
Hasan, M. (2024). Enhancing Enterprise Security with Zero Trust Architecture. arXiv preprint arXiv:2410.18291.
He, Y., Huang, D., Chen, L., Ni, Y., & Ma, X. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing, 2022(1), 1-13. https://doi.org/10.1155/2022/6476274
Hong, S., Xu, L., Huang, J., Li, H., Hu, H., & Gu, G. (2023). SysFlow: Toward a programmable zero trust framework for system security. IEEE Transactions on Information Forensics and Security, 18, 2794-2809. https://doi.org/10.1109/TIFS.2023.3264152
IBM. (2024). Cost of a Data Breach Report 2024. Retrieved May 30, 2025 from https://www.ibm.com/downloads/documents/us-en/107a02e94948f4ec
Instillery, T. (2023). Zero Trust vs Traditional Security Models: How Do They Compare? Retrieved May 30, 2025 from https://tinyurl.com/InstilleryZeroTrust
Jayapradha, J., & Singh, J. (2024). A Geo-Fencing Approach for a Location-Based Alert System. In Applications of New Technology in Operations and Supply Chain Management (pp. 1-14). IGI Global. https://doi.org/10.4018/979-8-3693-1578-1.ch001
Jones, M. (2015). JSON web token (JWT). Internet Engineering Task Force (IETF) RFC, 7519.
Kang, H., Liu, G., Wang, Q., Meng, L., & Liu, J. (2023). Theory and application of zero trust security: A brief survey. Entropy, 25(12), 1595. https://doi.org/10.3390/e25121595
Kavitha, D., & Thejas, S. (2024). AI Enabled Threat Detection: Leveraging Artificial Intelligence for Advanced Security and Cyber Threat Mitigation. IEEE access, 12, 173127 - 173136. https://doi.org/10.1109/ACCESS.2024.3493957
Keith, M., Schnicariol, M., Keith, M., & Schnicariol, M. (2010). Object-relational mapping. Pro JPA 2: Mastering the Java™ Persistence API, 69-106.
Khan, M. J. (2023). Zero trust architecture: Redefining network security paradigms in the digital age. World Journal of Advanced Research and Reviews, 19(3), 105-116. https://doi.org/10.30574/wjarr.2023.19.3.1785
Kocksch, L., & Jensen, T. E. (2024). The Mundane Art of Cybersecurity: Living with Insecure IT in Danish Small-and Medium-Sized Enterprises. Proceedings of the ACM on Human-Computer Interaction, 8(CSCW2), 1-17. https://doi.org/10.1145/3686893
Lake, K. (2022). The Benefits of Zero Trust Security to Small and Medium Enterprises. Jumpcloud. Retrieved May 30, 2025 from https://jumpcloud.com/blog/zero-trust-benefits-smes
Luckett, J. (2024). A Zero Trust Roadmap for Consumers and Small Businesses Marymount University]. https://www.proquest.com/docview/3051318191
Lund, B. D., Lee, T.-H., Wang, Z., Wang, T., & Mannuru, N. R. (2024). Zero Trust Cybersecurity: Procedures and Considerations in Context. Encyclopedia, 4(4), 1520-1533. https://doi.org/10.3390/encyclopedia4040099
Manzoor, J., Waleed, A., Jamali, A. F., & Masood, A. (2024). Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs. Plos one, 19(3), e0301183. https://doi.org/10.1371/journal.pone.0301183
Metin, B., Özhan, F. G., & Wynn, M. (2024). Digitalisation and Cybersecurity: Towards an Operational Framework. Electronics, 13(21), 4226. https://doi.org/10.3390/electronics13214226
Mmango, N., & Gundu, T. (2024). Cultivating Collective Armor: Towards a Collaborative Cybersecurity Resilience Framework for SMEs. European Conference on Innovation and Entrepreneurship, 523-531.
Nadella, G. S., Gonaygunta, H., Kumar, D., & Pawar, P. P. (2024). Exploring the impact of AI-driven solutions on cybersecurity adoption in small and medium enterprises. World Journal of Advanced Research and Reviews, 22(1), 1190-1197. https://doi.org/10.30574/wjarr.2024.22.1.1185
NAVEX. (2024). The State of Cybersecurity for Small and Medium Businesses. Retrieved May 30, 2025 from https://www.navex.com/en-us/blog/article/the-state-of-cybersecurity-for-small-and-medium-businesses/
Oluokun, A., Idemudia, C., & Iyelolu, T. (2024). Enhancing digital access and inclusion for SMEs in the financial services industry through cybersecurity GRC: A pathway to safer digital ecosystems. Computer Science & IT Research Journal, 5(7), 1576-1604. https://doi.org/10.51594/csitrj.v5i7.1277
Peffers, K., Tuunanen, T., Rothenberger, M. A., & Chatterjee, S. (2007). A design science research methodology for information systems research. Journal of management information systems, 24(3), 45-77. https://doi.org/10.2753/MIS0742-1222240302
Proofpoint. (2024). Most significant cybersecurity threats in organizations worldwide according to Chief Information Security Officers (CISO) as of February 2024. Retrieved May 30, 2025 from https://www.statista.com/statistics/1350460/cybersecurity-threats-at-companies-worldwide-cisos/
Rahman, A., Indrajit, E., Unggul, A., & Dazki, E. (2024). Implementation of Zero Trust Security in MSME Enterprise Architecture: Challenges and Solutions. Sinkron: jurnal dan penelitian teknik informatika, 8(3), 2077-2087. https://doi.org/10.33395/sinkron.v8i3.13949
Ramesh Chidirala, D. P., Henrique Trevisan, and Yeswanth Narra. (2024). Implementing Zero Trust Security: A Practical Approach for SMBs. AWS. Retrieved May 30, 2025 from https://aws.amazon.com/blogs/smb/implementing-zero-trust-security-a-practical-approach-for-smbs/
Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture. In NIST Special Publication 800-207: National Institute of Standards and Technology.
S-RM. (2023). What were the biggest cyber security challenges for organizations in the United States and the United Kingdom in 2023? Retrieved May 30, 2025 from https://www-statista-com.ezproxy.lib.uwstout.edu/statistics/1430256/top-cyber-security-challenges-for-organizations-in-the-us-and-uk/
Saleem, M., Warsi, M., & Islam, S. (2023). Secure information processing for multimedia forensics using zero-trust security model for large scale data analytics in SaaS cloud computing environment. Journal of Information Security and Applications, 72, 103389. https://doi.org/10.1016/j.jisa.2022.103389
Samira, Z., Wondaferew, Y., Osundare, O. S., Ekpobimi, H. O., & Kandekere, R. C. (2024). Comprehensive data security and compliance framework for SMEs. Magna Scientia Advanced Research and Reviews, 12(1), 043-055. https://doi.org/10.30574/msarr.2024.12.1.0146
Sandhu, R. S. (1998). Role-based access control. In Advances in computers (Vol. 46, pp. 237-286). Elsevier. https://doi.org/10.1016/S0065-2458(08)60206-5
Shojaifar, A., & Järvinen, H. (2021). Classifying SMEs for approaching cybersecurity competence and awareness Proceedings of the 16th International Conference on Availability, Reliability and Security, ACM, 1-7. https://doi.org/10.1145/3465481.3469200
Skanda, C., Srivatsa, B., & Premananda, B. (2022). Secure Hashing using BCrypt for Cryptographic Applications 2022 IEEE North Karnataka Subsection Flagship International Conference (NKCon), IEEE, 1-5. https://doi.org/10.1109/NKCon56289.2022.10126956
Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., & Doss, R. (2022). Zero trust architecture (zta): A comprehensive survey. IEEE access, 10, 57143-57179. https://doi.org/10.1109/ACCESS.2022.3174679
Syrotynskyi, R., Tyshyk, I., Kochan, O., Sokolov, V., & Skladannyi, P. (2024). Methodology of network infrastructure analysis as part of migration to zero-trust architecture. Cyber Security and Data Protection 2024(3800), 97-105.
Thomas, J., & Galligher, G. (2018). Improving backup system evaluations in information security risk assessments to combat ransomware. Computer and Information Science, 11(1), 14. https://doi.org/10.5539/cis.v11n1p14
Wang, X., Mansour, S., & El-Said, M. (2022). Introducing Zero Trust in a Cybersecurity Course Proceedings of the 23rd Annual Conference on Information Technology Education, ACM, 118-120. https://doi.org/10.1145/3537674.3555779
Worldbank. (2019). Improving SMEs’ access to finance and finding innovative solutions to unlock sources of capital. Retrieved May 30, 2025 from https://www.worldbank.org/en/topic/smefinance
Xie, L., Hang, F., Guo, W., Lv, Y., & Chen, H. (2021). A micro-segmentation protection scheme based on zero trust architecture. ISCTT 2021; 6th International Conference on Information Science, Computer Technology and Transportation, VDE, 1-4.
Xu, W., Xie, Y., Lv, M., Sun, H., Li, A., & Zhao, H. (2022). SDP Security Control Technology Based on Zero Trust 2022 IEEE 4th International Conference on Civil Aviation Safety and Information Technology (ICCASIT), IEEE, 611-616. https://doi.org/10.1109/ICCASIT55263.2022.9986934
Zhang, K., Xu, S., & Shin, B. (2023). Towards Adaptive Zero Trust Model for Secure AI 2023 IEEE Conference on Communications and Network Security (CNS), IEEE, 1-2. https://doi.org/10.1109/CNS59707.2023.10288810
Article Sidebar
Published
2025-10-15
Article Details
How to Cite
Dinh, T. D., Le, T. D., Nguyen, T. T. H., & Do, H. G. (2025). A Lightweight Zero-Trust Architecture Implementation for Enhancing Cybersecurity in Small and Medium-Sized Enterprises. Journal of Telecommunications and the Digital Economy, 13(3), 106-144. https://doi.org/10.18080/jtde.v13n3.1284
Issue
Section
Digital Economy & Society
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Copyright Telecommunications Association Inc.
How to Cite
Dinh, T. D., Le, T. D., Nguyen, T. T. H., & Do, H. G. (2025). A Lightweight Zero-Trust Architecture Implementation for Enhancing Cybersecurity in Small and Medium-Sized Enterprises. Journal of Telecommunications and the Digital Economy, 13(3), 106-144. https://doi.org/10.18080/jtde.v13n3.1284
