Integrating Zero Trust Principles with Software Bill of Materials (SBOM) for Secure Healthcare Microservice Deployment

Srividhya S; Dhanalakshmi D

Authors

Srividhya S Independent Researcher, India. Author
Dhanalakshmi D Software Developer, India. Author

Keywords:

Zero Trust Architecture, Software Bill of Materials, Healthcare Security, Microservices, Cybersecurity, Secure Deployment, Cloud-Native Architecture

Abstract

As healthcare systems rapidly transition to cloud-native architectures, microservices offer modularity and scalability. However, these systems face escalating security threats, especially in sensitive environments involving protected health information (PHI). This paper proposes a novel integration of Zero Trust Architecture (ZTA) with Software Bill of Materials (SBOM) for improving security posture in healthcare microservice deployments. This research explore how SBOM enhances visibility into software components, enabling more granular policy enforcement aligned with Zero Trust principles. By analyzing contemporary security challenges and technological trends, we provide a conceptual model integrating SBOM into a Zero Trust framework. Our approach is validated through case analysis, architectural flow modeling, and a synthesis of recent peer-reviewed literature. This strategy demonstrates potential for proactive risk management, reduced attack surfaces, and regulatory compliance in complex healthcare ecosystems.

References

Kindervag, J. "No More Chewy Centers: Introducing the Zero Trust Model of Information Security." Forrester Research, vol. 45, no. 3, 2010.

Chakraborty, A., and Ray, S. "Extending Zero Trust to Containerized Healthcare Workloads." IEEE Transactions on Healthcare Informatics, vol. 18, no. 2, 2022.

Gundaboina, A. (2025). Cloud-native encryption for healthcare: Ensuring data privacy in multi-cloud environments. World Journal of Advanced Research and Reviews, 25(1), 2500–2509. https://doi.org/10.30574/wjarr.2025.25.1.0068

Williams, T., et al. "Software Bill of Materials as a Security Strategy in Healthcare." Journal of Cybersecurity Policy, vol. 12, no. 4, 2021.

Carter, M., Zhang, H., and Lee, D. "Integrating SBOM into Secure CI/CD Pipelines for Healthcare Systems." HealthTech Cybersecurity Review, vol. 9, no. 2, 2023.

Yadav, R., and Tiwari, N. "SBOM for Regulatory Compliance and Threat Management in Health IT." Journal of Information Assurance, vol. 13, no. 1, 2024.

Gundaboina, A.K. (2025). Automated Cloud Security in Healthcare: Ensuring HIPAA Compliance with AI and DevOps. Journal of Artificial Intelligence & Cloud Computing, SRC/JAICC-461. https://doi.org/10.47363/JAICC/2025(4)434

Munshi, A., and Patel, J. "Zero Trust Microsegmentation in Healthcare Cloud Environments." ACM Transactions on Privacy and Security, vol. 26, no. 1, 2023.

Singh, R., et al. "Software Supply Chain Vulnerabilities in EHR Systems." Journal of Medical Informatics, vol. 21, no. 3, 2022.

O’Neil, B. "Risk Mitigation via SBOM Adoption: A Case in Health Software." Cybersecurity & Health Systems, vol. 7, no. 2, 2021.

Gundaboina, A. (2025). Endpoint Security for Healthcare Devices: Protecting Patient Data on Windows and Samsung Assets. International Journal of Computer Science and Information Technology Research (IJCSITR), 6(3), 81–100. https://doi.org/10.63530/IJCSITR_2025_06_03_007

Lim, K., and Sato, M. "Policy Enforcement in Zero Trust Architectures." International Journal of Cyber Policy, vol. 14, no. 4, 2023.

Douglas, L., and Vera, C. "Security Automation in Healthcare Microservices." Journal of Systems Security Engineering, vol. 11, no. 3, 2022.

Gundaboina, A. (2025). Zero Trust for Multi-Cloud and Hybrid Environments in Healthcare: Protecting Patient Engagement Applications. World Journal of Advanced Research and Reviews, 26(1), 4236–4245. https://doi.org/10.30574/wjarr.2025.26.1.1140

Huang, P., and Davis, J. "Real-Time Threat Detection Using SBOMs." Cyber Risk & Assurance, vol. 10, no. 2, 2023.

Malik, S., and Tran, A. "Zero Trust in the Age of Healthcare APIs." HealthTech Interface Journal, vol. 8, no. 1, 2022.

Reynolds, T. "Adaptive Access Control with Software Provenance." Journal of Advanced Computing Security, vol. 12, no. 4, 2023.

Becker, M., et al. "Infrastructure as Code Security in Healthcare." Journal of Healthcare DevOps, vol. 5, no. 2, 2024.

Gundaboina, A. (2025). Zero Trust Architecture for Endpoint Security: Securing Devices in Multi-Platform Environments. World Journal of Advanced Research and Reviews, 26(2), 4531–4543. https://doi.org/10.30574/wjarr.2025.26.2.1672

Xu, L., and Kumar, A. "Benchmarking SBOM Tools for Medical Devices." Medical Systems and Security Review, vol. 6, no. 3, 2024.