A Governance-Driven Zero-Trust Architecture for Enterprise Multi-Cloud Kubernetes Platforms

Container orchestration platform adoption across heterogeneous cloud providers has expanded enterprise attack surfaces and exposed perimeter-based security model limitations. Multi-cloud Kubernetes deployments face security governance challenges from inconsistent identity enforcement, excessive service account privileges, east-west network exposure, and Infrastructure-as-Code drift. While Zero-Trust Architecture has been widely discussed, limited empirical validation exists for large-scale multi-cloud Kubernetes environments.

This article presents a governance-driven Zero-Trust framework implemented within an enterprise multi-cloud platform spanning AWS and Azure. The framework integrates identity-centric workload authentication, network policy-based micro-segmentation, CI/CD-embedded policy-as-code validation, and automated drift detection. Security posture improvements were evaluated using privilege reduction ratios, network communication constraints, policy violation frequency, and configuration drift incidents. Performance impact was assessed through latency and throughput benchmarking.

Results demonstrate significant reductions in excessive privilege assignments and unauthorized east-west communication while maintaining acceptable performance overhead within service-level objectives. The Enterprise Zero-Trust Implementation Model (EZTIM) provides practical guidance for governance-automated Zero-Trust enforcement in complex multi-cloud Kubernetes ecosystems.