Securing cloud infrastructure has become a crucial priority for or-
ganizations worldwide in the rapidly evolving technological landscape.
As businesses increasingly depend on cloud-based systems, safeguarding
sensitive information against potential threats is essential. AWS is one of
the public cloud providers offering various services for organizations. De-
spite its widespread adoption, AWS faces significant security challenges,
evidenced by notable breaches such as the Capital One and Imperva
incidents. These breaches underscore the need for proactive security
measures to address the security challenges in AWS.
Traditional security models, such as perimeter-based or trust-based,
are insufficient for protecting AWS environments due to the dynamic
nature of cloud resources and the porous network perimeters. ZTA pro-
vides a more robust approach by operating under the assumption that
threats can originate inside and outside the network. It advocates for
granular access controls, micro-segmentation, and continuous authentica-
tion and authorization to minimize the attack surface and prevent lateral
movement within the network.
This thesis focuses on enhancing the security of AWS using ZTA. It
comprehensively reviews the state-of-the-art techniques for implementing
ZTA tenets and addresses AWS security challenges. It offers insights
and solutions to enhance AWS security through the adoption of ZTA
principles. Furthermore, it presents a Proof-of-Concept (POC) imple-
mentation of a ZTA system to securely manage AWS resources. The
POC implementation was conducted in collaboration with Sikt - The
Norwegian Infrastructure Provider for Research and Education.