From VPNs to Zero-Trust and Confidential Computing: A Comparative Study of AWS and Azure
Session
Computer Science and Communication Engineering
Description
Cloud computing has transformed modern computing infrastructure, yet security remains a central concern for enterprises and researchers alike. For decades, Virtual Private Networks (VPNs) have been a cornerstone of cloud access, providing encrypted tunnels between users and resources. However, in an era of distributed workforces, sophisticated cyber threats, and multi-tenant cloud environments, VPNs alone are no longer sufficient. This research explores emerging paradigms in cloud security—Zero-Trust Architecture and Confidential Computing—through a comparative lens across Amazon Web Services (AWS) and Microsoft Azure.Zero-Trust Architecture operates under the principle of “never trust, always verify,” enforcing strict identity, policy, and continuous validation across every request. In practice, this shifts organizations away from perimeter-based defenses toward granular access control, leveraging services such as AWS Identity and Access Management (IAM) or Azure Entra ID. Complementing this approach, Confidential Computing secures data-in-use by isolating workloads within Trusted Execution Environments (TEEs), preventing unauthorized access even from cloud providers themselves. AWS Nitro Enclaves and Azure Confidential VMs exemplify this new layer of defense, offering verifiable attestation and hardware-based isolation.By comparing AWS and Azure implementations, this research highlights the technical trade-offs, performance considerations, and strategic implications of adopting Zero-Trust and Confidential Computing. The session argues that while VPNs retain utility, they must evolve into broader, layered strategies. Together, Zero-Trust and Confidential Computing provide a path forward for robust, scalable, and future-ready cloud security. Expected Results. The study is expected to demonstrate that integrating Zero-Trust Architecture with Confidential Computing significantly enhances security resilience beyond traditional VPN models. Comparative evaluation across AWS and Azure should reveal differences in implementation maturity, performance overhead, and usability, offering organizations practical guidance for adoption. Ultimately, the findings aim to provide a framework for enterprises seeking to balance strong data protection, compliance, and operational efficiency in cloud environments.
Keywords:
Cloud Computing, Cloud Security, Virtual Private Networks (VPNs), Zero-Trust Architecture, “Never trust, always verify”, Identity and Access Management (IAM), Azure Entra ID, Confidential Computing, Trusted Execution Environments (TEEs), AWS Nitro Enclaves, Azure Confidential VMs, Data-in-use security, Hardware-based isolation, Continuous validation, Multi-tenant environments, Scalability and performance, Comparative analysis, Future-ready cloud security
Proceedings Editor
Edmond Hajrizi
ISBN
978-9951-982-41-2
Location
UBT Kampus, Lipjan
Start Date
25-10-2025 9:00 AM
End Date
26-10-2025 6:00 PM
DOI
10.33107/ubt-ic.2025.81
Recommended Citation
Bytyqi, Rinor and Beqiri, Lavdim, "From VPNs to Zero-Trust and Confidential Computing: A Comparative Study of AWS and Azure" (2025). UBT International Conference. 13.
https://knowledgecenter.ubt-uni.net/conference/2025UBTIC/CS/13
From VPNs to Zero-Trust and Confidential Computing: A Comparative Study of AWS and Azure
UBT Kampus, Lipjan
Cloud computing has transformed modern computing infrastructure, yet security remains a central concern for enterprises and researchers alike. For decades, Virtual Private Networks (VPNs) have been a cornerstone of cloud access, providing encrypted tunnels between users and resources. However, in an era of distributed workforces, sophisticated cyber threats, and multi-tenant cloud environments, VPNs alone are no longer sufficient. This research explores emerging paradigms in cloud security—Zero-Trust Architecture and Confidential Computing—through a comparative lens across Amazon Web Services (AWS) and Microsoft Azure.Zero-Trust Architecture operates under the principle of “never trust, always verify,” enforcing strict identity, policy, and continuous validation across every request. In practice, this shifts organizations away from perimeter-based defenses toward granular access control, leveraging services such as AWS Identity and Access Management (IAM) or Azure Entra ID. Complementing this approach, Confidential Computing secures data-in-use by isolating workloads within Trusted Execution Environments (TEEs), preventing unauthorized access even from cloud providers themselves. AWS Nitro Enclaves and Azure Confidential VMs exemplify this new layer of defense, offering verifiable attestation and hardware-based isolation.By comparing AWS and Azure implementations, this research highlights the technical trade-offs, performance considerations, and strategic implications of adopting Zero-Trust and Confidential Computing. The session argues that while VPNs retain utility, they must evolve into broader, layered strategies. Together, Zero-Trust and Confidential Computing provide a path forward for robust, scalable, and future-ready cloud security. Expected Results. The study is expected to demonstrate that integrating Zero-Trust Architecture with Confidential Computing significantly enhances security resilience beyond traditional VPN models. Comparative evaluation across AWS and Azure should reveal differences in implementation maturity, performance overhead, and usability, offering organizations practical guidance for adoption. Ultimately, the findings aim to provide a framework for enterprises seeking to balance strong data protection, compliance, and operational efficiency in cloud environments.