Adopting Zero Trust Security in Cloud: A Comparative Study

Landy Jimenez

Co-Presenters: Individual Presentation

College: Hennings College of Science Mathematics and Technology

Major: BS.COMPSCI/CYBERS

Faculty Research Mentor: Lei, Jiaxin  

Abstract:

Adopting Zero Trust Security in Cloud: A Comparative StudyLandy Jimenez, Dr. Jiaxin LeiDepartment of Computer Science & Technology, Kean UniversityAbstract:As organizations transition to cloud-native environments, ensuring security across distributed systems has become more difficult. Modern cyberthreats like insider breaches and lateral movement attacks have shown that traditional perimeter-based security strategies, which rely on implicit trust within internal networks, are inadequate. Zero Trust Architecture (ZTA) addresses these challenges by requiring continuous authentication, authorization, and encryption for every access request, regardless of network location. However, cloud native Zero Trust presents concerns about scalability, latency, and resource overhead.This study evaluates Zero Trust at the Kubernetes network plugin layer by measuring the performance implications of enabling WireGuard encryption across four widely used plugins: Calico, Cilium, Antrea, and Kube-Router. Experiments were conducted on three Dell PowerEdge R740XD servers interconnected via 40 Gbps Mellanox ConnectX-4 Ethernet adapters running Ubuntu 22.04 Kubernetes v1.33. One node served as the control plane, one hosted application pods, and one generated client traffic. Each plugin was tested in baseline and encrypted modes using iPerf3 for bandwidth and system tools for resource usage.Results showed that without encryption, TCP bandwidth approached bare-metal performance (~34 Gbps), with plugins achieving 20-23 Gbps and UDP reaching 7-9 Gbps. With WireGuard enabled, all plugins experienced performance reductions. Calico, Cilium, and Antrea dropped to 7-8 Gbps TCP and ~5 Gbps UDP, whereas Kube-Router retained higher throughput (~11 Gbps TCP and ~8 Gbps UDP). Resource analysis showed increased CPU and memory usage across all cases, with Kube-Router demonstrating the highest efficiency per bandwidth unit.These findings indicate that Zero Trust security impacts network performance, but the magnitude depends on implementation. Kube-Router achieved the best balance of throughput and efficiency, making it a strong candidate for small and medium-scale Zero Trust Kubernetes deployments.Keywords: Zero Trust, Cloud Security, Kubernetes, Network Performance, WireGuard