Authors : Whenume O. Hundeyin

Volume/Issue : Volume 10 - 2025, Issue 10 - October

Google Scholar : https://tinyurl.com/bddye6hv

Scribd : https://tinyurl.com/27af6uyp

DOI : https://doi.org/10.38124/ijisrt/25oct056

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Note : Google Scholar may take 30 to 40 days to display the article.

Abstract : Aim: This study aims to examine how IT audit functions can be modernised to effectively support Zero Trust and cloud security frameworks in contemporary organisations.  Methods: A systematic review was conducted following the PRISMA 2020 guidelines. Peer-reviewed studies published between 2015 and 2024 were retrieved from databases including Google Scholar, OpenAlex, Crossref, and Semantic Scholar. The review included qualitative, quantitative, and mixed-method studies that focused on Zero Trust and cloud security implementation within IT audit functions. Thematic analysis was used to synthesise data from twelve included studies.  Results (Findings/Discussion): The findings highlight major challenges such as integration complexity, lack of centralised visibility, compliance burdens, and high implementation costs. Core implementation strategies include robust Identity and Access Management (IAM) practices—such as Multi-Factor Authentication (MFA), Single Sign-On (SSO), and federated identity protocols— alongside micro-segmentation, continuous monitoring using SIEM and UEBA, and automation through Policy-as-Code. Cloud-agnostic architectures and phased deployment approaches were found to enhance adaptability and audit alignment across single-cloud, hybrid, and multi-cloud environments.  Conclusion: The review reveals that despite persistent technical and organisational challenges, a set of consistent, security-aligned audit practices can serve as a strategic foundation for modernising IT audit functions. These findings provide a basis for developing resilient audit frameworks aligned with evolving cloud infrastructures.

Keywords : IT Audit, Zero Trust, Cloud Security, Continuous Assurance, Policy-as-Code, Identity and Access Management.

References :

1. Ajani, S. N. (2024). Cloud Security: Implementing Zero Trust Architecture in Distributed Environments. Computer Fraud and Security, 176–184. https://doi.org/10.52710/cfs.75
2. Aldossary, S., & Allen, W. (2016). Data Security, Privacy, Availability and Integrity in Cloud Computing: Issues and Current Solutions. International Journal of Advanced Computer Science and Applications, 7(4). https://doi.org/https://dx.doi.org/10.14569/ijacsa.2016.070464
3. Aljohani, A. (2023). Zero-trust architecture: Implementing and evaluating security measures in modern enterprise networks. Shifra. https://peninsula-press.ae/Journals/index.php/SHIFRA/article/view/35
4. Ashish, T., & Manne, K. (2023). Implementing Zero Trust Architecture in Multi-Cloud Environments. In International Journal of Computing and Engineering (Vol. 4, Issue 3). www.carijournals.orgwww.carijournals.orgwww.carijournals.org
5. Bee, P., Brooks, H., Fraser, C., & Lovell, K. (2015). Professional perspectives on service user and carer involvement in mental health care planning: A qualitative study. International Journal of Nursing Studies, 52(12), 1834–1845. https://doi.org/10.1016/j.ijnurstu.2015.07.008
6. Bell, C., Broklyn, P., & Egon, A. (2024). ZERO-TRUST SECURITY MODEL FOR ENHANCED CLOUD SECURITY AND DATA PRIVACY. SSRN Electronic Journal. https://doi.org/https://doi.org/10.2139/ssrn.4904958
7. Brignardello-Petersen, R., Santesso, N., & Guyatt, G. H. (2024). Systematic reviews of the literature: an introduction to current methods. American Journal of Epidemiology. https://doi.org/10.1093/aje/kwae232
8. Brooks, H., Sanders, C., Lovell, K., Fraser, C., & Rogers, A. (2015). Re-inventing care planning in mental health: Stakeholder accounts of the imagined implementation of a user/carer involved intervention. BMC Health Services Research, 15(1), 1–12. https://doi.org/10.1186/s12913-015-1154-z
9. Coker, D. C. (2021). Making Thematic Analysis Systematic: The Seven Deadly Sins. Journal of Studies in Education, 11(3), 126. https://doi.org/10.5296/jse.v11i3.18882
10. Cree, L., Brooks, H. L., Berzins, K., Fraser, C., Lovell, K., & Bee, P. (2015). Carers’ experiences of involvement in care planning: A qualitative exploration of the facilitators and barriers to engagement with mental health services. BMC Psychiatry, 15(1), 1–11. https://doi.org/10.1186/s12888-015-0590-y
11. Damaraju, A. (2022a). Integrating Zero Trust with Cloud Security: A Comprehensive Approach. Journal Environmental Sciences And Technology. https://www.researchgate.net/profile/Dash-Karan/publication/388497339_Integrating_Zero_Trust_with_Cloud_Security_A_Comprehensive_Approach/links/679b02c84c479b26c9c1df7a/Integrating-Zero-Trust-with-Cloud-Security-A-Comprehensive-Approach.pdf
12. Damaraju, A. (2022b). Integrating Zero Trust with Cloud Security: A Comprehensive Approach. In International Journal of Machine Learning Research in Cybersecurity and Artificial Intelligence.
13. Dommari, S., & Khan, S. (2023). Implementing Zero Trust Architecture in Cloud-Native Environments: Challenges and Best Practices. In International Journal of All Research Education and Scientific Methods (IJARESM) (Vol. 11, Issue 8). www.ijaresm.com
14. Elston, D. M. (2019). Mendeley. In Journal of the American Academy of Dermatology (Vol. 81, Issue 5, p. 1071). Mosby Inc. https://doi.org/10.1016/j.jaad.2019.06.1291
15. Ghasemshirazi, S., Shirvani, G., & Alipour, M. A. (2023). Zero Trust: Applications, Challenges, and Opportunities. http://arxiv.org/abs/2309.03582
16. Godwin Nzeako, & Rahman Akorede Shittu. (2024). Implementing zero trust security models in cloud computing environments. World Journal of Advanced Research and Reviews, 24(3), 1647–1660. https://doi.org/10.30574/wjarr.2024.24.3.3500
17. Harzing, A.-W. (2010). The Publish or Perish Book: Your guide to effective and responsible citation analysis (1st ed.). Tarma Software Reserach Pty Ltd.
18. Johnny, R. (n.d.). Implementing Zero Trust for Hybrid Cloud Models: A Strategic Approach to Secure Digital Transformation. https://www.researchgate.net/publication/388105685
19. Kahale, L. A., Elkhoury, R., El Mikati, I., Pardo-Hernandez, H., Khamis, A. M., Schünemann, H. J., Haddaway, N. R., & Akl, E. A. (2021). PRISMA flow diagrams for living systematic reviews: a methodological survey and a proposal. F1000Research, 10, 192. https://doi.org/10.12688/f1000research.51723.1
20. Khedkar, A. (2014). SYSTEMATIC REVIEW: AN APPROACH FOR TRANSPARENT RESEARCH SYNTHESIS. South American Journal of Clinical Research, 1(2), 121–131.
21. Lund, B. D., Lee, T.-H., Wang, Z., Wang, T., & Mannuru, N. R. (2024). Zero Trust Cybersecurity: Procedures and Considerations in Context. Encyclopedia, 4(4), 1520–1533. https://doi.org/10.3390/encyclopedia4040099
22. Manne, T. A. K. (2023). Implementing Zero Trust Architecture in Multi-Cloud Environments. International Journal of Computing and Engineering. https://doi.org/10.47941/ijce.2753
23. Muralidhara, P., & Janardhan, V. (2016a). Enhancing Cloud Security: Implementing Zero Trust Architectures in Multi-Cloud Environments. International Journal of Scientific Research and Management (IJSRM), 4(9), 4636–4664. https://doi.org/10.18535/ijsrm/v4i9.22
24. Nicholson, E., Murphy, T., Larkin, P., Normand, C., & Guerin, S. (2016). Protocol for a thematic synthesis to identify key themes and messages from a palliative care research network. BMC Research Notes, 9(1). https://doi.org/10.1186/s13104-016-2282-1
25. Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., Shamseer, L., Tetzlaff, J. M., Akl, E. A., Brennan, S. E., Chou, R., Glanville, J., Grimshaw, J. M., Hróbjartsson, A., Lalu, M. M., Li, T., Loder, E. W., Mayo-Wilson, E., McDonald, S., … Moher, D. (2021). The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. The BMJ, 372. https://doi.org/10.1136/bmj.n71
26. Pochu, S., Nersu, S. R. K., & Kathram, S. R. (2024). Zero Trust Principles in Cloud Security: A DevOps Perspective. Journal of Artificial Intelligence General Science (JAIGS) ISSN:3006-4023, 6(1), 660–671. https://doi.org/10.60087/jaigs.v6i1.302
27. Sarkar, S., Choudhary, G., Shandilya, S. K., Hussain, A., & ... (2022). Security of zero trust networks in cloud computing: A comparative review. Sustainability. https://www.mdpi.com/2071-1050/14/18/11213
28. Segun, Adanigbo O., Iyanu, Adekunle B., Ogbuefi, E., Timothy, Odofin O., Aderemi, Agboola O., & Kisina, D. (2024). Implementing Zero Trust Security in Multi-Cloud Microservices Platforms: A Review and Architectural Framework. International Journal of Advanced Multidisciplinary Research and Studies, 4(6), 2402–2409. https://doi.org/10.62225/2583049X.2024.4.6.4357
29. Sharma, H. (2022). Zero Trust in the Cloud: Implementing Zero Trust Architecture for Enhanced Cloud Security. ESP Journal of Engineering &Technology …. https://www.researchgate.net/profile/Himanshu-Sharma-197/publication/383822594_Zero_Trust_in_the_Cloud_Implementing_Zero_Trust_Architecture_for_Enhanced_Cloud_Security/links/66db35fcfa5e11512ca3b69a/Zero-Trust-in-the-Cloud-Implementing-Zero-Trust-Architecture-for-Enhanced-Cloud-Security.pdf
30. Suri, H. (2019). Ethical Considerations of Conducting Systematic Reviews in Educational Research. In Systematic Reviews in Educational Research: Methodology, Perspectives and Application (pp. 41–54). Springer Fachmedien Wiesbaden. https://doi.org/10.1007/978-3-658-27602-7_3
31. Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., & Doss, R. (2022). Zero Trust Architecture (ZTA): A Comprehensive Survey. IEEE Access, 10, 57143–57179. https://doi.org/10.1109/ACCESS.2022.3174679
32. Yeoh, W., Liu, M., Shore, M., & Jiang, F. (2023). Zero trust cybersecurity: Critical success factors and A maturity assessment framework. Computers &Security. https://www.sciencedirect.com/science/article/pii/S016740482300322X