Securing hybrid identity where cloud and on-premises directories form a single attack surface remains difficult because controls are enforced inconsistently across domains. This thesis proposes the Hybrid Identity Zero Trust–Risk Adaptive (HIZT-R) model, which merges Zero Trust’s continuous verification with risk-adaptive access control. Signals from user behavior, device posture, and context are fused into a unified score that can update authorization decisions mid-session. The design operationalizes bidirectional enforcement: cloud-side detections trigger on-premises controls, on-premises detections are escalated to the cloud, and peer-aware propagation re-evaluates accounts that share recent authentication context. A prototype validates the model across baseline and adversarial scenarios (brute force, lateral movement, pos- ture evasion, impossible travel). Evidence is taken from authoritative audit sources spanning identity, operating system events, network access, and SIEM correlation. Findings indicate that unified hybrid enforcement is feasible, with clear benefits for containment, but also surface practical tensions: latency asymmetries between domains, fragmented audit evidence, and reliance on custom automation where native hooks are absent. The approach can be aligned with common regulatory ex- pectations (NIS2, ISO/IEC 27001, GDPR) when paired with explicit governance for evidence retention, access reviews, and data protection.
Hybrid Identity, Zero Trust, Risk-Adaptive Access Control, Conditional Access , Compliance
© IACyC is conducted under the administration of the CyberMACS Erasmus-Mundus Masters Programme. cybermacs.org