增强云原生DevSecOps：金融部门的零信任方法

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces Pub Date : 2025-02-06 DOI:10.1016/j.csi.2025.103975

Daemin Shin , Jiyoon Kim , I Wayan Adi Juliawan Pawana , Ilsun You

{"title":"增强云原生DevSecOps：金融部门的零信任方法","authors":"Daemin Shin , Jiyoon Kim , I Wayan Adi Juliawan Pawana , Ilsun You","doi":"10.1016/j.csi.2025.103975","DOIUrl":null,"url":null,"abstract":"<div><div>Financial institutions increasingly adopt cloud-native environments and microservices architectures in response to digital transformation and application modernization, leading to a growing demand for cloud-native services. This transition accelerates the development of sophisticated Continuous Integration/Continuous Deployment (CI/CD) pipelines while simultaneously increasing the complexity of DevSecOps environments and expanding the attack surface. As a result, the financial sector is paying greater attention to the Zero Trust security model to overcome traditional perimeter-based security’s limitations and achieve automated, advanced cybersecurity capabilities. However, financial institutions need more concrete examples and foundational material to adopt Zero Trust. This study provides a foundational framework for financial institutions to evaluate and implement Zero Trust policies and technologies independently. It analyzes the relationship between cloud-native initiatives, microservices-based DevSecOps environments, and Zero Trust and identifies key considerations for implementing Zero Trust through a stage-by-stage analysis of the Software Development Life Cycle (SDLC). Furthermore, the study proposes a Zero Trust framework to enhance security and evaluates its applicability based on nine assessment criteria.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103975"},"PeriodicalIF":4.1000,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Enhancing cloud-native DevSecOps: A Zero Trust approach for the financial sector\",\"authors\":\"Daemin Shin , Jiyoon Kim , I Wayan Adi Juliawan Pawana , Ilsun You\",\"doi\":\"10.1016/j.csi.2025.103975\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Financial institutions increasingly adopt cloud-native environments and microservices architectures in response to digital transformation and application modernization, leading to a growing demand for cloud-native services. This transition accelerates the development of sophisticated Continuous Integration/Continuous Deployment (CI/CD) pipelines while simultaneously increasing the complexity of DevSecOps environments and expanding the attack surface. As a result, the financial sector is paying greater attention to the Zero Trust security model to overcome traditional perimeter-based security’s limitations and achieve automated, advanced cybersecurity capabilities. However, financial institutions need more concrete examples and foundational material to adopt Zero Trust. This study provides a foundational framework for financial institutions to evaluate and implement Zero Trust policies and technologies independently. It analyzes the relationship between cloud-native initiatives, microservices-based DevSecOps environments, and Zero Trust and identifies key considerations for implementing Zero Trust through a stage-by-stage analysis of the Software Development Life Cycle (SDLC). Furthermore, the study proposes a Zero Trust framework to enhance security and evaluates its applicability based on nine assessment criteria.</div></div>\",\"PeriodicalId\":50635,\"journal\":{\"name\":\"Computer Standards & Interfaces\",\"volume\":\"93 \",\"pages\":\"Article 103975\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2025-02-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Standards & Interfaces\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0920548925000042\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548925000042","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

金融机构越来越多地采用云原生环境和微服务架构，以应对数字化转型和应用程序现代化，从而导致对云原生服务的需求不断增长。这种转变加速了复杂的持续集成/持续部署（CI/CD）管道的开发，同时增加了DevSecOps环境的复杂性，并扩大了攻击面。因此，金融部门更加关注零信任安全模型，以克服传统基于边界的安全限制，实现自动化、先进的网络安全功能。然而，金融机构需要更多具体的例子和基础材料来采用零信任。本研究为金融机构独立评估和实施零信任政策和技术提供了基础框架。它分析了云原生计划、基于微服务的DevSecOps环境和零信任之间的关系，并通过对软件开发生命周期（SDLC）的分阶段分析确定了实现零信任的关键考虑因素。此外，研究提出了一个零信任框架来增强安全性，并基于9个评估标准评估其适用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Enhancing cloud-native DevSecOps: A Zero Trust approach for the financial sector

Financial institutions increasingly adopt cloud-native environments and microservices architectures in response to digital transformation and application modernization, leading to a growing demand for cloud-native services. This transition accelerates the development of sophisticated Continuous Integration/Continuous Deployment (CI/CD) pipelines while simultaneously increasing the complexity of DevSecOps environments and expanding the attack surface. As a result, the financial sector is paying greater attention to the Zero Trust security model to overcome traditional perimeter-based security’s limitations and achieve automated, advanced cybersecurity capabilities. However, financial institutions need more concrete examples and foundational material to adopt Zero Trust. This study provides a foundational framework for financial institutions to evaluate and implement Zero Trust policies and technologies independently. It analyzes the relationship between cloud-native initiatives, microservices-based DevSecOps environments, and Zero Trust and identifies key considerations for implementing Zero Trust through a stage-by-stage analysis of the Software Development Life Cycle (SDLC). Furthermore, the study proposes a Zero Trust framework to enhance security and evaluates its applicability based on nine assessment criteria.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computer Standards & Interfaces 工程技术-计算机：软件工程

CiteScore

11.90

自引率

16.00%

发文量

审稿时长

6 months

期刊介绍： The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.