Zero Trust Segmentation for Cloud-Native and AI Service Architectures: An Intelligent Policy Enforcement Framework to Minimize Lateral Movement
Authors/Creators
Description
Cloud-native architectures break the concept of a perimeter, making lateral movement a focus of concern for distributed enterprise systems. AI services add to the attack surface via east-west traffic. As every workload, every pipeline, and every model-serving endpoint is a potential attack pivot point, layering zero-trust segmentation controls across identity, network, workload, and data planes provides a complementary strategy that restricts lateral movement in modern cloud-native and AI environments. The paper proposes a micro-segmentation model, disassociating policy decision and policy enforcement components in the context of securing data flow networks. The proposed model leverages workload identity, explicit allow-listing of communication patterns, anda service mesh to achieve micro-segmentation. Another AI-specific segmentation model addresses the introduction of the LLM tool chain‚ vector databases‚ and agentic services into a system's trust boundaries. This model adopts operational governance‚ evidence generation‚ and alignment with the NIST SP 800-207 and AI Risk Management Framework as early design requirements for the implementation and operation of zero trust segmentation in regulated and critical services contexts. It allows security architects and platform leaders to implement solutions through structured evidence generation.
Files
document (43).pdf
Files
(383.6 kB)
| Name | Size | Download all |
|---|---|---|
|
md5:37b64ddc1c1e7da1f3b6af2f025c4a82
|
383.6 kB | Preview Download |