Multivocal literature review on zero-trust security implementation

The sudden shift from physical office location to a fully remote or hybrid work model accelerated by the COVID- 19 pandemic, is a phenomenon that changed how organizations traditionally operated and thereby introduced new vulnerabilities and consequently changed sthe cyber threat landscape. This has led organizations around the globe to seek new approaches to protect their network. One such approach is the adoption of the Zero Trust security approach due to its many advantages over the traditional/perimeter security approach. Although zero trust presents a stronger defense approach over the perimeter security model, organizations are hesitant to fully embrace it. This is partly due to the lack of a unified zero-trust implementation framework that can be used to guide its adoption. As such, we conducted a multivocal review that included literature from both academic and non-academic sources to consolidate knowledge on the state-of-the-art of zero-trust implementation and identify gaps in literature. Our result shows that existing papers tend to have a narrow viewpoint on the approach of implementing zero trust, rather than an encompassing viewpoint that can provide a more holistic view on the topic. We developed a conceptual framework that articulates the five core components involved in the implementation of zero trust security, guided by key questions designed to guide the implementation process.