Zero Trust Security Models in AI-Integrated ERP Platforms for Defense-Grade Business Continuity
DOI:
https://doi.org/10.63282/3050-9416.IJAIBDCMS-V6I2P109Keywords:
Zero Trust, ERP security, AI-integrated ERP, Business Continuity, Service Mesh, Policy-As-CodeAbstract
ERP systems based on AI concentrate mission-critical information, models, and processes, increasing the attack field and increasing the impact of interference. This paper also presents a Zero Trust Security Model that has been designed to provide defense-grade business continuity in this kind of environment. Propose a vendor-neutral reference architecture based on four planes Access and Identity, Application/ API and Service Mesh, Data and Model, and Automation and Continuity and implement them with never trust, always verify controls. MFA phishing resistant, posture checks, device/workload, identity-based micro-segmentation, purpose-bound least privilege using ABAC/PBAC with short-lived tokens and just-in-time elevation are some of the core mechanisms. In an effort to ensure the AI supply chain, recommend artifact signing, SBOM/MLSBOM and attestation, model/data lineage, confidential-computing enclaves and privacy-preserving training, as well as defenses against poisoning, drift and adversarial inputs. Unified observability combines ERP, identity, network and model telemetry to UEBA/graph analytics, policy-as-code risk-telemetry-driven adaptive authorization, SIEM/SOAR playbooks coordinate isolation, key rotation and policy repair. One ensures continuity with some backups that are immutable, cross-cloud failover, segmented replicas and chaos-engineering tests that are optimized to RTO/RPO targets. A comparative analysis with perimeter-centric baselines has shown a material improvement in detection fidelity, faster recovery and response and large improvements in false positives/negatives with reasonable latency overheads enhancing uptime and recovery guarantees
References
1. Ten, C. W., Manimaran, G., & Liu, C. C. (2010). Cybersecurity for critical infrastructures: Attack and defense modeling. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, 40(4), 853-865.
2. Stafford, V. (2020). Zero trust architecture. NIST special publication, 800(207), 800-207.
3. Makrakis, G. M., Kolias, C., Kambourakis, G., Rieger, C., & Benjamin, J. (2021). Industrial and critical infrastructure security: Technical analysis of real-life security incidents. Ieee Access, 9, 165295-165325.
4. ERP security in a cybercrime world, SAP, 2024. Online. https://www.sap.com/resources/erp-security
5. Dhiman, P., Saini, N., Gulzar, Y., Turaev, S., Kaur, A., Nisa, K. U., & Hamid, Y. (2024). A review and comparative analysis of relevant approaches of zero trust network model. Sensors, 24(4), 1328.
6. Ali, B., Gregory, M. A., Li, S., & Dib, O. A. (2024). Implementing zero trust security with dual fuzzy methodology for trust-aware authentication and task offloading in multi-access edge computing. Computer Networks, 241, 110197.
7. GOPALAKRISHNA, K. (2024). Zero trust and AI: A synergistic approach to next-generation cyber threat mitigation. WORLD, 24(3), 3374-3387.
8. Gadkari, B. R. (2024). AI Integration in Zero Trust Security Architecture: A Technical Overview.
9. He, Y., Huang, D., Chen, L., Ni, Y., & Ma, X. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing, 2022(1), 6476274.
10. John Kindervag, “Build Security into Your Network's DNA: The Zero Trust Network Architecture,” Forrester Research, 2010. (Often cited as the origin of the “Zero Trust” term.)
11. AI-based Zero-Trust Architectures for Corporate Security,” Ali Khan, “Solid Access Management: AI based zero-trust architectures for corporate security,” Newark Journal of Human-Centric AI and Robotics Interaction.
12. Secure and Compatible Integration of Cloud-Based ERP Solution: A Review,” Udita Malhotra, Ritu & Amandeep, International Journal of Intelligent Systems and Applications in Engineering (IJISAE)
13. Rishit Mishra, “Evolution of ERP Cybersecurity,” International Journal of Engineering Research & Technology (IJERT), Vol 9 Issue 04, April 2020.
14. “The Zero Trust Security Model and Cybersecurity in the Industries,” S. Mylavarapu. Journal of Student Research, 2023.
15. “STORE: Security Threat Oriented Requirements Engineering Methodology … a case study of an ERP System,” Ansari, Pandey & Alenezi, arXiv January 2019.
