Using the Zero Trust Five-Step Implementation Process with Smart Environments: State-of-the-Art Review and Future Directions

Shruti Kulkarni (), Alexios Mylonas and Stilianos Vidalis
Additional contact information
Shruti Kulkarni: Cybersecurity Research Lab, School of Physics, Engineering and Computer Science, University of Hertfordshire, Hatfield AL10 9AB, UK
Alexios Mylonas: Cybersecurity Research Lab, School of Physics, Engineering and Computer Science, University of Hertfordshire, Hatfield AL10 9AB, UK
Stilianos Vidalis: Cybersecurity Research Lab, School of Physics, Engineering and Computer Science, University of Hertfordshire, Hatfield AL10 9AB, UK

Future Internet, 2025, vol. 17, issue 7, 1-35

Abstract: There is a growing pressure on industry to secure environments and demonstrate their commitment in taking right steps to secure their products. This is because of the growing number of security compromises in the IT industry, Operational Technology environment, Internet of Things environment and smart home devices. These compromises are not just about data breaches or data exfiltration, but also about unauthorised access to devices that are not configured correctly and vulnerabilities in software components, which usually lead to insecure authentication and authorisation. Incorrect configurations are usually in the form of devices being made available on the Internet (public domain), reusable credentials, access granted without verifying the requestor, and easily available credentials like default credentials. Organisations seeking to address the dual pressure of demonstrating steps in the right direction and addressing unauthorised access to resources can find a viable approach in the form of the zero trust concept. Zero trust principles are about moving security controls closer to the data, applications, assets and services and are based on the principle of “never trust, always verify”. As it stands today, zero trust research has advanced far beyond the concept of “never trust, always verify”. This paper provides the culmination of a literature review of research conducted in the space of smart home devices and IoT and the applicability of the zero trust five-step implementation process to secure them. We discuss the history of zero trust, the tenets of zero trust, the five-step implementation process for zero trust, and its adoption for smart home devices and Internet of Things, and we provide suggestions for future research.

Keywords: zero trust; smart home; authentication; authorisation; IoT; zero trust five-step implementation process; protect surface; transaction flows; zero trust architecture; zero trust policy (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/17/7/313/pdf (application/pdf)
https://www.mdpi.com/1999-5903/17/7/313/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:17:y:2025:i:7:p:313-:d:1704717

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().