Architecting Large-Scale Identity Governance Frameworks for Zero Trust Enterprises
DOI:
https://doi.org/10.63282/3050-9416.IJAIBDCMS-V7I2P112Keywords:
Identity Governance and Administration, Zero Trust Architecture, Identity Lifecycle Management, Least Privilege, Privileged Access Management, NIST SP 800-207, Role-Based Access Control, Continuous Verification, Identity Threat Detection and Response, Policy-as-CodeAbstract
Identity governance has emerged as the foundational control plane of modern enterprise security. As organizations increasingly operate across hybrid and multi-cloud environments, traditional perimeter-based security models have proven inadequate. This paper examines the architectural principles, design patterns, and operational frameworks required to implement large-scale Identity Governance and Administration (IGA) within a Zero Trust paradigm. We analyze the convergence of identity lifecycle management, least-privilege enforcement, continuous verification, and AI-augmented risk intelligence. Drawing on current industry frameworks including NIST SP 800-207 and NIST SP 800-63 [8], we propose a five-layer reference architecture for scalable, policy-driven identity governance that spans human and non-human identities across enterprise-scale deployments. Empirical data from industry research underscores the urgency of this transition and informs our proposed design guidance.
References
1. Identity Defined Security Alliance, "2024 Trends in Securing Digital Identities," IDSA, Denver, CO, USA, 2024. [Online]. Available: https://www.idsalliance.org
2. IBM Security, "Cost of a Data Breach Report 2024," IBM Corporation, Armonk, NY, USA, 2024. [Online]. Available: https://www.ibm.com/reports/data-breach
3. National Institute of Standards and Technology, "Zero Trust Architecture," NIST Special Publication 800-207, Aug. 2020. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-207
4. Gartner, "Predicts 2025: Identity and Access Management," Gartner Research Note G00800432, Stamford, CT, USA, 2024.
5. R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, "Role-based access control models," IEEE Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996.
6. Avatier Corporation, "The ROI of AI-Augmented Identity Management," Avatier, Pleasanton, CA, USA, 2024.
7. SailPoint Technologies, "The Convergence of Identity Governance and Zero Trust," SailPoint White Paper, Austin, TX, USA, 2024.
8. National Institute of Standards and Technology, "Digital Identity Guidelines," NIST Special Publication 800-63-3, Jun. 2017. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-63-3
9. Open Policy Agent Project, "OPA Rego Language Reference," CNCF, 2024. [Online]. Available: https://www.openpolicyagent.org/docs/latest/policy-language/
10. M. Saltzer and M. Schroeder, "The protection of information in computer systems," Proceedings of the IEEE, vol. 63, no. 9, pp. 1278-1308, Sep. 1975.
