Use this link to cite:
https://hdl.handle.net/2183/48291 Arquitectura Zero Trust: Diseño e implementación de un modelo de seguridad basado en verificación continua
Loading...
Identifiers
Publication date
Authors
Lago Pardo, Pablo
Advisors
Other responsabilities
Universidade da Coruña. Facultade de Informática
Journal Title
Bibliographic citation
Type of academic work
Academic degree
Abstract
[Resumen]: El entorno de la ciberseguridad ha superado el modelo tradicional de defensa perimetral, conocido como ”castillo y foso”. La expansión de la infraestructura a la nube, el auge del trabajo híbrido y la sofisticación de los ataques han demostrado la vulnerabilidad sistémica de la confianza implícita, exponiendo especialmente al sector financiero a amenazas de movimiento lateral. Este proyecto aborda dicho desafío mediante el diseño de una Arquitectura de Confianza Cero (ZTA) para el caso de estudio de una entidad bancaria, FinSecure Bank. El diseño se fundamenta en los principios del marco NIST SP 800-207, enfocándose en la Identidad como el nuevo perímetro, la Microsegmentación y la aplicación estricta del principio del Menor Privilegio (PoLP). Se analiza la implicación de ZTA en el cumplimiento de regulaciones específicas del sector, como GDPR y PCI DSS. El trabajo termina con la implementación práctica de un prototipo funcional que valida el diseño arquitectónico. Utilizando exclusivamente tecnologías de código abierto (OpenZiti como plano de control ZT, Keycloak para la gestión de identidad y un stack de observabilidad con Prometheus/Grafana), se demuestra la viabilidad de construir una solución robusta y costo-efectiva. El prototipo prueba empíricamente la invisibilidad de los servicios y la verificación continua del acceso en un entorno bancario híbrido (infraestructura on-premise y contenedores Kubernetes). Se concluye que la ZTA es la hoja de ruta estratégica para que las organizaciones del sector financiero moderno puedan gestionar el riesgo, eliminar vulnerabilidades sistémicas y operar con resiliencia en un mundo digital sin fronteras.
[Abstract]: The cybersecurity landscape has moved beyond the traditional perimeter-based defense model, known as “castle-and-moat” approach. The expansion of infrastructure to the cloud, the rise of hybrid work, and the increasing sophistication of attacks have have exposed the systemic vulnerability of implicit trust, particularly exposing the financial sector to lateralmovement threats. This project addresses thas challenge by designing a Zero Trust Architecture (ZTA) for the case study of a banking institution, FinSecure Bank. The design is based on the principles of the NIST SP 800-207 framework, focusing on Identity as the new perimeter, Microsegmentation, and the strict application of the Principle of Least Privilege (PoLP). The implication of ZTA in compliance with specific industry regulations, such as GDPR and PCI DSS, is analyzed. The work concludes with the practical implementation of a functional prototype that validates the architectural design. Using exclusively open-source technologies (OpenZiti as the ZT control plane, Keycloak for identity management, and an observability stack with Prometheus/Grafana), it demonstrates the feasibility of building a robust and cost-effective solution. The prototype empirically tests the invisibility of services and continuous access verification in a hybrid banking environment (on-premises infrastructure and Kubernetes containers). It is concluded that the ZTA is the strategic roadmap for modern financial sector organizations to manage risk, eliminate systemic vulnerabilities, and operate with resilience in a borderless digital world.
[Abstract]: The cybersecurity landscape has moved beyond the traditional perimeter-based defense model, known as “castle-and-moat” approach. The expansion of infrastructure to the cloud, the rise of hybrid work, and the increasing sophistication of attacks have have exposed the systemic vulnerability of implicit trust, particularly exposing the financial sector to lateralmovement threats. This project addresses thas challenge by designing a Zero Trust Architecture (ZTA) for the case study of a banking institution, FinSecure Bank. The design is based on the principles of the NIST SP 800-207 framework, focusing on Identity as the new perimeter, Microsegmentation, and the strict application of the Principle of Least Privilege (PoLP). The implication of ZTA in compliance with specific industry regulations, such as GDPR and PCI DSS, is analyzed. The work concludes with the practical implementation of a functional prototype that validates the architectural design. Using exclusively open-source technologies (OpenZiti as the ZT control plane, Keycloak for identity management, and an observability stack with Prometheus/Grafana), it demonstrates the feasibility of building a robust and cost-effective solution. The prototype empirically tests the invisibility of services and continuous access verification in a hybrid banking environment (on-premises infrastructure and Kubernetes containers). It is concluded that the ZTA is the strategic roadmap for modern financial sector organizations to manage risk, eliminate systemic vulnerabilities, and operate with resilience in a borderless digital world.
Description
Editor version
Rights
Attribution 4.0 International
Collections
Except where otherwise noted, this item's license is described as Attribution 4.0 International