Impact of the Zero Trust Model on RESTful APIs for SMEs
DOI:
https://doi.org/10.61454/x42v5m50Keywords:
Zero Trust, RESTful APIs, cybersecurity, SMEs, performanceAbstract
This study analyzes the impact of implementing Zero Trust-based security policies on a functional RESTful API for SMEs. Using an empirical approach, a functional API was designed in Laravel 12 with traditional security controls and subsequently with Zero Trust policies (JWT authentication, RBAC, continuous monitoring). Automated tests with Postman showed an 85.7% reduction in critical vulnerabilities (OWASP ZAP) and 100% blocking of unauthorized access, with acceptable average latency (<500 ms). The results demonstrate that Zero Trust is viable for SMEs, balancing security and operability without requiring costly infrastructure. The study concludes that implementing the Zero Trust model in a RESTful service architecture has a positive impact on both system security and performance. The Zero Trust strategy is accessible not only to large organizations with high technological capabilities but also to medium-sized businesses, which can begin by protecting critical APIs or integrating them into CI/CD pipelines. Recommended for organizations seeking to strengthen their security posture without sacrificing operational efficiency or technological flexibility.
Downloads
References
Almeida, J., López, S., & García, M. (2021). Architectural patterns for RESTful APIs: A systematic review. Journal of Systems and Software, 176, 110944. https://doi.org/10.1016/j.jss.2021.110944
Association for Computing Machinery (ACM). (2018). ACM code of ethics and professional conduct. https://www.acm.org/code-of-ethics
CISA. (2021). Zero trust maturity model. U.S. Cybersecurity and Infrastructure Security Agency. https://www.cisa.gov/resources-tools/resources/zero-trust-maturity-model
Comisión Económica para América Latina y el Caribe (CEPAL). (2022). Panorama de las PyMEs en América Latina https://www.cepal.org/es/publicaciones y el Caribe. CEPAL.
Fielding, R. T. (2000). Architectural styles and the design of network-based software architectures (Doctoral dissertation, University of California, Irvine). https://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation.pdf
Hernández, R., Fernández, C., & Baptista, P. (2014). Metodología de la investigación (6.ª ed.). McGraw-Hill.
Institute of Electrical and Electronics Engineers (IEEE). (2020). IEEE code of ethics. https://www.ieee.org/about/corporate/governance/p7-8.html
Kindervag, J. (2010). No more chewy centers: Introducing the zero trust model of information security. Forrester Research.
NIST. (2020). Zero trust architecture (SP 800-207). U.S. Department of Commerce. https://doi.org/10.6028/NIST.SP.800-207 100 DOI: https://doi.org/10.6028/NIST.SP.800-207
OWASP Foundation. (2023). OWASP API security top 10 – 2023. https://owasp.org/www-project-api-security/
Pressman, R. S., & Maxim, B. R. (2020). Ingeniería del software: Un enfoque práctico (8.ª ed.). McGraw-Hill.
Rezaei Nasab, A., Shahin, M., Raviz, S. A. H., Liang, P., Mashmool, A., & Lenarduzzi, V. (2021). An empirical study of security practices for microservices systems. Journal of Systems and Software, 176, 110944. https://doi.org/10.1016/j.jss.2021.110944 DOI: https://doi.org/10.1016/j.jss.2021.110944
Rojas-Villalba, J. (2021). Implementación de un modelo de confianza cero (Zero Trust) en entornos empresariales: Un estudio de caso en una empresa tecnológica de Colombia [Tesis de maestría, Universidad EAN]. Repositorio institucional EAN. https://repository.ean.edu.co/handle/10882/10321
Salt Security. (2023). State of API security report – Q1 2023. Salt Security. https://content.salt.security/rs/352-UXR-417/images/SaltSecurity-Report-State_of_API_Security.pdf
Sampieri, R. H., Collado, C. F., & Lucio, M. P. B. (2014). Fundamentos de investigación (6.ª ed.). McGraw-Hill.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Espectro Investigativo Latinoamericano
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
