Best Practices for Securing Cloud-Native Payment Architectures: A Practical Guide for Financial Institutions
DOI:
https://doi.org/10.22399/ijcesen.4231Keywords:
Zero-Trust Security, Containerized Payment Applications, Microservice Vulnerabilities, Regulatory Compliance, Cloud-Native ArchitectureAbstract
This article examines the security challenges and compliance requirements facing financial institutions transitioning to cloud-native payment architectures. It explores the expanded attack surface created by distributed microservices, containerization vulnerabilities, and multi-cloud complexity while providing actionable guidance for implementing zero-trust security frameworks specifically designed for payment environments. The article addresses practical implementation of least-privilege policies, continuous authentication, and service mesh technologies to secure distributed payment systems. Additionally, it outlines regulatory compliance strategies for containerized payment applications, with particular focus on PCI DSS requirements, data sovereignty considerations, strong customer authentication mandates, and operational resilience frameworks. Through examination of real-world implementation cases and emerging technologies, the article establishes a comprehensive security model balancing innovation with appropriate risk management for cloud-native payment infrastructures.
References
[1] VMR, "Cloud Native Software Market Valuation – 2026-2032," 2025. https://www.verifiedmarketresearch.com/product/cloud-native-software-market/
[2] Michał Trojanowski, "API Security Best Practices," Curity, 2024. https://curity.io/resources/learn/api-security-best-practices/
[3] Paloalton Networks, "2024 State of Cloud Native Security Report," 2025. https://www.paloaltonetworks.com/resources/research/state-of-cloud-native-security-2024
[4] Saikishor, "Securing Containerized Applications with Application Gateway for Containers and Azure WAF," Azure Network Security Blog, 2025. https://techcommunity.microsoft.com/blog/azurenetworksecurityblog/securing-containerized-applications-with-application-gateway-for-containers-and-/4436751
[5] Arun Dhanaraj, "Putting Zero Trust Architecture into Financial Institutions," CSA, 2023. https://cloudsecurityalliance.org/blog/2023/09/27/putting-zero-trust-architecture-into-financial-institutions
[6] Red Hat, "What is a service mesh?" 2023. https://www.redhat.com/en/topics/microservices/what-is-a-service-mesh
[7] Onespan, "What is Continuous Authentication?" https://www.onespan.com/topics/continuous-authentication
[8] Cloud Special Interest Group PCI Security Standards Council, "Information Supplement: PCI DSS Cloud Computing Guidelines," 2013. https://listings.pcisecuritystandards.org/pdfs/PCI_DSS_v2_Cloud_Guidelines.pdf
[9] Kalyan Chakravarthy Thatikonda, "Automating Regulatory Compliance in Cloud-Native Architectures: A Deep Learning Perspective," ResearchGate, 2025. https://www.researchgate.net/publication/389550950_AUTOMATING_REGULATORY_COMPLIANCE_IN_CLOUD-NATIVE_ARCHITECTURES_A_DEEP_LEARNING_PERSPECTIVE
[10] Jinying Li, et al., "Features and Scope of Regulatory Technologies: Challenges and Opportunities with Industrial Internet of Things," MDPI, 2023. https://www.mdpi.com/1999-5903/15/8/256
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Computational and Experimental Science and Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
