The growing number of digital devices used in educational institutions combined with the rising frequency of data breaches, is revealing the shortcomings of traditional network security methods in the domain. These conventional security approaches are no longer sufficient to protect the ever evolving threats in today’s digital landscape. The Zero Trust model, with its principle of “never trust, always verify,” offers a dynamic and adaptive approach to network security. In network security terrain, the zero trust model can effectively improve the traditional role-based access control model in the public network using continuous trust evaluation and dynamic authorization. This research explores the application of the Zero Trust Framework in the Academic Domain. The concept zero trust is not a product as many think but rather how effective our security policies are; majority of universities and colleges have an attack surface that consists of various web-facing assets, including domains and sub-domains that lead to sensitive resources. If the network or internal resources have a known vulnerability, attackers can exploit it to move laterally within the system which enables them to gain access to more sensitive data, ultimately resulting in a data breach.

Authors: A.O. Oronti, B.K. Alese, O. Olabode, O.A. Akinsowon

Published in: International Conference for Internet Technology and Secured Transactions (ICITST-2024)

• Date of Conference: 4-6 November 2024
• DOI: 10.20533/ICITST.2024.0026
• ISBN: 978-1-913572-76-1
• Conference Location: St Anne’s College, Oxford University, UK