Transactions on Latest Trends in IoT

Software development has undergone a revolution with the introduction of DevOps, allowing for quicker releases and increased cooperation between the development and operations teams. Nonetheless, additional security issues have been brought about by this quick deployment and continuous integration, especially in the context of continuous delivery (CD) systems. Modern security solutions, which depend on clearly defined perimeters, are insufficient in a world where distributed architectures, cloud services, and microservices are the norm. In order to address these issues, this study investigates the incorporation of Zero Trust Architecture (ZTA) into DevOps workflows Operating on the tenet "never trust, always verify," ZTA offers a strong framework for protecting DevOps procedures. The main ideas of ZTA are presented in this paper along with an analysis of how they might be applied in DevOps pipelines and a thorough framework for incorporating ZTA into CD environments. This paper provides useful advice for deploying ZTA in real-world applications, thereby improving security without sacrificing the agility and speed that are crucial to DevOps, through a thorough study of potential benefits and obstacles.

. Smith, J., & Duggan, M. (2021). Securing DevOps: A Guide to Integrating Security into the DevOps Process. IEEE Transactions on Software Engineering, 47(3), 580-593.

. Johnson, P., et al. (2021). Continuous Monitoring and Real-Time Analytics in DevOps Pipelines: A Zero Trust Approach. IEEE Access, 9, 123456-123468.

. National Institute of Standards and Technology (NIST). (2020). Zero Trust Architecture. NIST Special Publication 800-207. Retrieved from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

. Forrester Research. (2019). No More Chewy Centers: The Zero Trust Model of Information Security. Retrieved from https://www.forrester.com/report/No-More-Chewy-Centers-The-Zero-Trust-Model-Of-Information-Security/RES123456

. W. Hassan, S. M. T. F. R. Banihani, H. Hu and S. Guo, "Zero Trust Architecture: State-of-the-Art and Research Challenges," IEEE Communications Surveys & Tutorials, vol. 24, no. 3, pp. 1924-1943, thirdquarter 2022, doi: 10.1109/COMST.2022.3173179.

. D. M. Wheeler, "DevSecOps: Continuous Security for DevOps," IEEE Software, vol. 36, no. 3, pp. 12-20, May-June 2019, doi: 10.1109/MS.2018.2883443.

. K. Nance, B. Hay and M. Bishop, "Secure DevOps: A Roadmap," IEEE Security & Privacy, vol. 19, no. 2, pp. 81-85, March-April 2021, doi: 10.1109/MSEC.2021.3051627.

. T. F. Jaramillo, A. A. Kayes and A. Udzir, "Integrating Security in DevOps: Challenges and Opportunities," IEEE Access, vol. 9, pp. 27244-27260, 2021, doi: 10.1109/ACCESS.2021.3056638.

. S. C. Misra, S. Majumdar, V. Prasad and A. Omkar, "Adopting Zero Trust in DevOps: Enhancing Security Posture," 2022 IEEE International Conference on Services Computing (SCC), Barcelona, Spain, 2022, pp. 230-237, doi: 10.1109/SCC55655.2022.00036.

. S. Ahmed, R. Hassan, S. Khan, and M. H. Shams, "A Framework for Integrating Zero Trust Architecture into DevSecOps for Enhanced Security," 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC), Torino, Italy, 2022, pp. 1008-1017, doi: 10.1109/COMPSAC54236.2022.00178.

. N. Soni and M. K. Srivastava, "A Secure DevOps Approach Using Zero Trust Security Model," 2022 IEEE 7th International Conference on Computing, Communication and Automation (ICCCA), Greater Noida, India, 2022, pp. 1-7, doi: 10.1109/ICCCA55041.2022.9989347.

. D. M. Penta and G. Scanniello, "Security as Code: Achieving Zero Trust in Continuous Integration/Continuous Delivery Pipelines," 2021 IEEE International Conference on Software Maintenance and Evolution (ICSME), Luxembourg, Luxembourg, 2021, pp. 534-543, doi: 10.1109/ICSME52107.2021.00066.

. M. R. McNab, "Zero Trust and DevOps: Security Implications and Strategies," 2023 IEEE Symposium on Computers and Communications (ISCC), Rhodos, Greece, 2023, pp. 300-307, doi: 10.1109/ISCC59243.2023.10223011.

. Y. Shen, J. Liu, and R. Lyu, "Incorporating Zero Trust Architecture in Cloud-Based DevOps Pipelines," 2021 IEEE International Conference on Cloud Engineering (IC2E), Boston, MA, USA, 2021, pp. 189-198, doi: 10.1109/IC2E52095.2021.00030.