A Minimal Overlay-Based Framework for Transitioning Legacy Infrastructure to Zero Trust
Conference
Wang, W, Sadjadi, SM, Rishe, N et al. (2025). A Minimal Overlay-Based Framework for Transitioning Legacy Infrastructure to Zero Trust
. 10.1109/CNS66487.2025.11195028
Wang, W, Sadjadi, SM, Rishe, N et al. (2025). A Minimal Overlay-Based Framework for Transitioning Legacy Infrastructure to Zero Trust
. 10.1109/CNS66487.2025.11195028
Traditional perimeter-based security models struggle to secure legacy systems against evolving threats posed by remote work, IoT adoption, and cloud migration. Yet most Zero Trust (ZT) roadmaps demand disruptive refactoring that many organizations cannot afford. We present a lightweight, identity-centric transition model that overlays, rather than replaces, existing networks, relying on just three open-source components: Identity & Access Management, Public Key Infrastructure, and Continuous Diagnostics & Mitigation. A three-node Azure prototype using StrongSwan mutual TLS tunnels demonstrates that the full control-plane bundle idles at approximately 8% CPU and 320 MB RAM, each endpoint agent under 1% CPU and 30 MB RAM, and encrypted throughput remains within 2.5% of underlay performance while certificate revocation propagates in 8 min 14 s. These results show that meaningful ZT protections can be deployed immediately-no new hardware, rewiring, or licensing-offering a practical path to deeper ZT maturity.
