Literature Study: Migration Strategies and Zero Trust Authentication Methods to Secure Microservices Architecture in a Multi-Cloud Environment
Keywords:
Microservices, Multi-Cloud, System Migration, Zero Trust, Cybersecurity, Systematic Literature AnalysisAbstract
The massive adoption of microservices architecture has pushed many organizations to move from monolithic systems to distributed ecosystems running across multiple cloud providers (multi-cloud), in order to avoid reliance on a single vendor, boost resilience, and meet regional compliance requirements. However, this decentralization also greatly expands the attack surface, especially during the migration phase when legacy systems and new microservices run side by side in security conditions that aren’t fully mature, making them vulnerable to lateral movement and unauthorized access escalation.Traditional perimeter-based security models have proven to be no longer adequate for such dynamic and fragmented environments. This study uses a Systematic Literature Review (SLR) approach to identify, evaluate, and synthesize various migration strategies and security mechanisms relevant to securing microservices architectures in multi-cloud environments. By reviewing literature from reputable academic databases over the past five years, this study examines three main security mechanism domains: service mesh with mutual TLS (mTLS) encryption, token-based authorization through API gateways (OAuth2/JWT), and a Zero Trust architecture that applies continuous identity verification for every service request. The synthesis results indicate that there is no single mechanism that is optimal for all scenarios;Each approach comes with trade-offs between protection strength, communication latency between services, and cross-cloud operational complexity. This study also maps research gaps related to the lack of a migration framework that integrates security from the design stage (security-by-design), and proposes a development direction towards an adaptive hybrid architecture that combines the advantages of service mesh and Zero Trust to support secure, efficient, and scalable microservices migration in next-generation multi-cloud ecosystems.
Downloads
References
[1] A. D. Boursianis et al., “Internet of Things (IoT) and Agricultural Unmanned Aerial Vehicles (UAVs) in smart farming: A comprehensive review,” Internet of Things (Netherlands), vol. 18, no. xxxx, p. 100187, 2022, doi: 10.1016/j.iot.2020.100187.
[2] Fauzan Prasetyo Eka Putra, Maktsuful Ghummah, Moh. Amrullah, and Rafli Hidayatullah, “Studi Kinerja Mesh Network untuk Penerapan Internet of Things (IoT) di Lingkungan Perkotaan,” J. Inform. Dan Tekonologi Komput., vol. 5, no. 1, pp. 63–73, 2025, doi: 10.55606/jitek.v5i1.5895.
[3] K. L. G. Snider, R. Shandler, S. Zandani, and D. Canetti, “Cyberattacks, cyber threats, and attitudes toward cybersecurity policies,” J. Cybersecurity, vol. 7, no. 1, pp. 1–11, 2021, doi: 10.1093/cybsec/tyab019.
[4] A. Bagus Prakoso, M. Anugrah Putra, M. Hanif Hilmi, S. Yoma Patria Risky, and J. Maulindar, “Penerapan Algoritma Regresi Random Forest Untuk Prediksi Produksi Jagung Menggunakan Data Statistik Sistem Pertanian Cerdas Smart City,” Pros. Semin. Nas. Teknol. Inf. dan Bisnis, pp. 28–33, 2025, doi: 10.47701/19h5ny78.
[5] S. R. Jena, R. Shanmugam, K. Saini, and S. Kumar, “Cloud Computing Tools: Inside Views and Analysis,” Procedia Comput. Sci., vol. 173, no. 2019, pp. 382–391, 2020, doi: 10.1016/j.procs.2020.06.045.
[6] A. F. Rachman, F. P. E. Putra, S. Syirofi, and D. Wahid, “Case Study of Computer Network Development for the Internet Of Things (IoT) Industry in an Urban Environment,” Brill. Res. Artif. Intell., vol. 4, no. 1, pp. 399–407, 2024, doi: 10.47709/brilliance.v4i1.4302.
[7] M. M. Mijwil, O. J. Unogwu, Y. Filali, I. Bala, and H. Al-Shahwani, “Exploring the Top Five Evolving Threats in Cybersecurity: An In-Depth Overview,” Mesopotamian J. CyberSecurity, vol. 2023, no. 1, pp. 57–63, 2023, doi: 10.58496/MJCS/2023/010.
[8] L. A. Gordon, M. P. Loeb, W. Lucyshyn, and L. Zhou, “Increasing cybersecurity investments in private sector firms,” J. Cybersecurity, vol. 1, no. 1, pp. 3–17, 2015, doi: 10.1093/cybsec/tyv011.
[9] R. D. Gunawan, F. Ariany, and N. Novriyadi, “Implementasi Metode SAW Dalam Sistem Pendukung Keputusan Pemilihan Plano Kertas,” J. Artif. Intell. Technol. Inf., vol. 1, no. 1, pp. 29–38, 2023, doi: 10.58602/jaiti.v1i1.23.
[10] R. A. Prasetyo, “Mengoptimalkan Irigasi Pertanian Cerdas Melalui Internet of Multimedia Things (IoMT) dengan Deteksi Kebutuhan Air Tanaman Berbasis Deep Learning,” J. Inform., vol. 11, no. 1, pp. 1–10, 2020, [Online]. Available: https://www.researchgate.net/publication/376415558
[11] F. P. E. Putra, U. Ubaidi, R. N. Saputra, F. M. Haris, and S. N. R. Barokah, “Application of Internet of Things Technology in Monitoring Water Quality in Fishponds,” Brill. Res. Artif. Intell., vol. 4, no. 1, pp. 356–361, 2024, doi: 10.47709/brilliance.v4i1.4231.
[12] B. Nofrianti, R. S. Hadikusuma, and L. Nurpulaela, “Implementasi Antena Wajanbolic Sebagai Penguat Sinyal Untuk Konsep Pertanian Cerdas Di Pasaman Sumatera Barat Implementation of Wokbolic Antenna As Signal Amplifier for Smart Agriculture Concept in Pasaman, West Sumatera,” Univ. Bunda Mulia, vol. 6, no. 2, pp. 1049–1059, 2021, [Online]. Available: https://doi.org/10.25124/jett.v8i2.4210
[13] P. Asnur, R. Apriyanti, D. Hertinsyana, V. Widi Prabawasari, T. Yuni Gunarto, and B. Haryadi, “Implementasi Pertanian Cerdas Berbasis Internet of Things Di Desa Wisata Mucila-Munjul, Jakarta Timur Implementation of a Smart Farm Based on the Internet of Things in the Village of Wisata Mucila-Munjul, East Jakarta,” J. Pengabdi. Kpd. Masy., vol. 4, pp. 1–7, 2024.
[14] M. F. P. Nugraha, M. Sudiarsa, and E. Y. Setyono, “Analisis Optimasi Waktu Dan Biaya Proyek DenganPenambahan Sumber Daya Menggunakan Metode Time Cost Trade Off,” Jur. Tek. Sipil-PNB, vol. 2, pp. 235–244, 2023.
[15] F. P. E. Putra, M. A. Mahmud, and I. S. Maqom, “Pengembangan Sistem Pemantauan Lingkungan Berbasis Internet of Things (IoT) di Kampus,” Digit. Transform. Technol., vol. 3, no. 2, pp. 996–1001, 2024, doi: 10.47709/digitech.v3i2.3457.
[16] N. Rahmansyah and S. A. Lusinia, Buku Ajar Sistem Pendukung Keputusan. 2016. doi: 10.1063/1.1935433.
[17] S. Savaş and S. Karataş, “Cyber governance studies in ensuring cybersecurity: an overview of cybersecurity governance,” Int. Cybersecurity Law Rev., vol. 3, no. 1, pp. 7–34, 2022, doi: 10.1365/s43439-021-00045-4.
[18] M. Bravetti et al., “A Formal Approach to Microservice Architecture Deployment * To cite this version : HAL Id : hal-03077047 A Formal Approach to Microservice Architecture Deployment ∗,” 2020.
[19] G. De Palma, S. Giallorenzo, M. Trentin, and · Gejsi Vjerdha, “A Framework for Bridging the Gap between Monolithic and Serverless Programming,” 2023, [Online]. Available: https://www.github.com/Gejsi/fenrir.
[20] E. Bobrov et al., “DevOps and its philosophy: Education matters!,” Microservices Sci. Eng., pp. 349–361, 2019, doi: 10.1007/978-3-030-31646-4_14.
[21] H. Song, F. Chauvel, and P. H. Nguyen, “Using microservices to customize multi-tenant software-as-a-service,” Microservices Sci. Eng., no. 1, pp. 299–331, 2019, doi: 10.1007/978-3-030-31646-4_12.
[22] L. Wang and J. Zhao, Architecture of advanced numerical analysis systems: Designing a scientific computing system using OCaml. 2022. doi: 10.1007/978-1-4842-8853-5.
[23] B. Benson and G. Dorai, “Grey Areas of Digital Forensic Tools and a Framework to Solve the IoT Data Forensic Analysis Problems,” pp. 1–4.
[24] D. Taibi, V. Lenarduzzi, and C. Pahl, “Microservices Anti-Patterns : A Taxonomy”.
[25] M. Mazzara, A. Bucchiarone, N. Dragoni, and V. Rivera, “Size matters: Microservices research and applications,” Microservices Sci. Eng., pp. 29–42, 2019, doi: 10.1007/978-3-030-31646-4_2.
[26] H. Monfleur et al., “Towards Concern-Oriented Microservice Architecture To cite this version : HAL Id : hal-04201189 Towards Concern-Oriented Microservice Architecture,” 2023.
[27] F. Jrad, J. Tao, and A. Streit, “A broker-based framework for multi-cloud workflows,” MultiCloud 2013 - Proc. Int. Work. Multi-Cloud Appl. Fed. Clouds, pp. 61–68, 2013, doi: 10.1145/2462326.2462339.
[28] S. S. Gill, “A Manifesto for Modern Fog and Edge Computing: Vision, New Paradigms, Opportunities, and Future Directions,” EAI/Springer Innov. Commun. Comput., no. 2022, pp. 237–253, 2022, doi: 10.1007/978-3-030-74402-1_13.
[29] K. Jeffery, G. Horn, and L. Schubert, “A vision for better cloud applications,” MultiCloud 2013 - Proc. Int. Work. Multi-Cloud Appl. Fed. Clouds, no. 3, pp. 7–12, 2013, doi: 10.1145/2462326.2462329.
[30] C. Canali and R. Lancellotti, “Automatic Virtual Machine Clustering based on Bhattacharyya Distance for Multi-Cloud Systems,” MultiCloud 2013 - Proc. Int. Work. Multi-Cloud Appl. Fed. Clouds, pp. 45–52, 2013, doi: 10.1145/2462326.2462337.
[31] G. Baryannis et al., “Lifecycle management of service-based applications on multi-clouds: A research roadmap,” MultiCloud 2013 - Proc. Int. Work. Multi-Cloud Appl. Fed. Clouds, pp. 13–20, 2013, doi: 10.1145/2462326.2462331.
[32] A. kumar Polinati, “Hybrid Cloud Security: Balancing Performance, Cost, and Compliance in Multi-Cloud Deployments,” Cornell Univ., pp. 1–24, 2025.
[33] F. Paraiso, P. Merle, and L. Seinturier, “Managing elasticity across multiple cloud providers,” MultiCloud 2013 - Proc. Int. Work. Multi-Cloud Appl. Fed. Clouds, pp. 53–60, 2013, doi: 10.1145/2462326.2462338.
[34] A. Gunka, S. Seycek, and H. Kühn, “Moving an application to the cloud - An evolutionary approach,” MultiCloud 2013 - Proc. Int. Work. Multi-Cloud Appl. Fed. Clouds, pp. 35–42, 2013, doi: 10.1145/2462326.2462334.
[35] D. Petcu, “Multi-cloud: Expectations and current approaches,” MultiCloud 2013 - Proc. Int. Work. Multi-Cloud Appl. Fed. Clouds, pp. 1–6, 2013, doi: 10.1145/2462326.2462328.
[36] D. Franceschelli, D. Ardagna, M. Ciavotta, and E. Di Nitto, “SPACE4CLOUD: A tool for system performance and cost evaluation of CLOUD systems,” MultiCloud 2013 - Proc. Int. Work. Multi-Cloud Appl. Fed. Clouds, pp. 27–34, 2013, doi: 10.1145/2462326.2462333.
[37] P. Bar et al., “Towards a monitoring feedback loop for cloud applications,” MultiCloud 2013 - Proc. Int. Work. Multi-Cloud Appl. Fed. Clouds, pp. 43–44, 2013, doi: 10.1145/2462326.2462336.
[38] C. Quinton, N. Haderer, R. Rouvoy, and L. Duchien, “Towards multi-cloud configurations using feature models and ontologies,” MultiCloud 2013 - Proc. Int. Work. Multi-Cloud Appl. Fed. Clouds, pp. 21–26, 2013, doi: 10.1145/2462326.2462332.
[39] K. Delbene, M. Medin, and R. Murray, “The Road to Zero Trust (Security),” Def. Innov. Board, pp. 1–10, 2019, [Online]. Available: https://media.defense.gov/2019/Jul/09/2002155219/-1/-1/0/DIB_THE_ROAD_TO_ZERO_TRUST_(SECURITY)_07.08.2019.PDF
[40] S. Rose, “Planning for a Zero Trust Architecture,” no. December, 2022, [Online]. Available: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.20.pdf
[41] J. Uddoh, D. Ajiga, B. Okare, T. A.-J. Z. T. Bank, and undefined 2022, “Zero trust architecture models for preventing insider attacks and enhancing digital resilience in banking systems,” Gisrrj.Com, vol. 5, no. 4, pp. 213–230, 2022, [Online]. Available: https://gisrrj.com/paper/GISRRJ225417.pdf
[42] M. M. Mijwil, M. Aljanabi, and A. H. Ali, “ChatGPT: Exploring the Role of Cybersecurity in the Protection of Medical Information,” Mesopotamian J. CyberSecurity, vol. 2023, pp. 18–21, 2023, doi: 10.58496/MJCS/2023/004.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Giovani sapta purnama A, Radhitya Dwi Akmal Purnomo (Penulis)

This work is licensed under a Creative Commons Attribution 4.0 International License.








