An Adaptive Data Security Architecture for Large-Scale Web and Mobile Application Workloads
DOI:
https://doi.org/10.15662/IJEETR.2022.0406011Keywords:
Adaptive security, zero trust, context-aware access control, cloud security, web applications, mobile applications, microservices, data privacy, risk-based securityAbstract
Consumer-scale web and mobile applications now routinely serve hundreds of millions of users across heterogeneous devices, networks, and jurisdictions. Their data security posture must therefore deal with elastic microservices, multi-cloud storage, and fast-changing threat models, while preserving low latency and user experience. Traditional perimeter-centric or static policy-based security mechanisms are inadequate in such environments, as they cannot continuously adapt to contextual changes in user risk, data sensitivity, or infrastructure health. Building on recent work in risk-based adaptive security, context-aware access control, and zero trust architectures, this article proposes an adaptive data security architecture tailored to large-scale web and mobile workloads. The architecture integrates (1) a risk- and context-aware policy decision fabric, (2) a microservices-oriented zero trust enforcement layer, (3) data-centric protection services, and (4) continuous monitoring and feedback loops that realize a MAPE (Monitor–Analyze–Plan–Execute) cycle over security controls. We outline how this architecture supports fine-grained, policy-driven protection for identity, data-in-transit, and data-at-rest while maintaining performance and scalability requirements typical of global consumer applications. We also discuss design trade-offs, evaluation metrics, and open research challenges such as explainable adaptive controls and cross-jurisdictional data governance.
References
1. Beer Mohamed, M. I., Hassan, M. F., Safdar, S., & Saleem, M. Q. (2021). Adaptive security architectural model for protecting identity federation in service oriented computing. Journal of King Saud University – Computer and Information Sciences, 33(5), 580–592. https://doi.org/10.1016/j.jksuci.2019.03.004
2. Butt, U. A., Amin, R., Mehmood, M., Aldabbas, H., Alharbi, M. T., & Albaqami, N. (2022). Cloud security threats and solutions: A survey. Wireless Personal Communications. https://doi.org/10.1007/s11277-022-09960-z
3. Kolla, S. (2022). Effects of OpenAI on Databases. International Journal Of Multidisciplinary Research In Science, Engineering and Technology, 05(10), 1531-1535. https://doi.org/10.15680/IJMRSET.2022.0510001
4. Calvo, M., & Beltrán, M. (2022). A model for risk-based adaptive security controls. Computers & Security, 115, 102612. https://doi.org/10.1016/j.cose.2022.102612
5. Chandramouli, R. (2019). Security strategies for microservices-based application systems (NIST Special Publication 800-204). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-204 NIST CSRC
6. Herrera, J. L., Chen, H., Berrocal, J., Murillo, J. M., & Julien, C. (2022). Context-aware privacy-preserving access control for mobile computing. Pervasive and Mobile Computing, 87, 101725. https://doi.org/10.1016/j.pmcj.2022.101725
7. Vangavolu, S. V. (2022). IMPLEMENTING MICROSERVICES ARCHITECTURE WITH NODE.JS AND EXPRESS IN MEAN APPLICATIONS. International Journal of Advanced Research in Engineering and Technology (IJARET), 13(08), 56-65. https://doi.org/10.34218/IJARET_13_08_007
8. Jiang, B., Seif, M., Tandon, R., & Li, M. (2021). Context-aware local information privacy. IEEE Transactions on Information Forensics and Security. https://doi.org/10.1109/TIFS.2021.3087350
9. Kayes, A. S. M., Kalaria, R., Sarker, I. H., Islam, M. S., Watters, P. A., Ng, A., Hammoudeh, M., Badsha, S., & Kumara, I. (2020). A survey of context-aware access control mechanisms for cloud and fog networks: Taxonomy and open research issues. Sensors, 20(9), 2464. https://doi.org/10.3390/s20092464
10. Kumar, R., & Goyal, R. (2019). On cloud security requirements, threats, vulnerabilities and countermeasures: A survey. Computer Science Review, 33, 1–48. https://doi.org/10.1016/j.cosrev.2019.05.002
11. Pericherla, S. (2022). Cloud computing threats, vulnerabilities and countermeasures: A state-of-the-art. ISeCure. https://doi.org/10.22042/ISECURE.2022.312328.718
12. Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero trust architecture (NIST Special Publication 800-207). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207 NIST CSRC
13. Sun, P. (2020). Security and privacy protection in cloud computing: Discussions and challenges. Journal of Network and Computer Applications, 160, 102642. https://doi.org/10.1016/j.jnca.2020.102642
