Enhancing cloud-native DevSecOps: A Zero Trust approach for the financial sector

Abstract

Financial institutions increasingly adopt cloud-native environments and microservices architectures in response to digital transformation and application modernization, leading to a growing demand for cloud-native services. This transition accelerates the development of sophisticated Continuous Integration/Continuous Deployment (CI/CD) pipelines while simultaneously increasing the complexity of DevSecOps environments and expanding the attack surface. As a result, the financial sector is paying greater attention to the Zero Trust security model to overcome traditional perimeter-based security's limitations and achieve automated, advanced cybersecurity capabilities. However, financial institutions need more concrete examples and foundational material to adopt Zero Trust. This study provides a foundational framework for financial institutions to evaluate and implement Zero Trust policies and technologies independently. It analyzes the relationship between cloud-native initiatives, microservices-based DevSecOps environments, and Zero Trust and identifies key considerations for implementing Zero Trust through a stage-by-stage analysis of the Software Development Life Cycle (SDLC). Furthermore, the study proposes a Zero Trust framework to enhance security and evaluates its applicability based on nine assessment criteria. © 2025 Elsevier B.V.