Configuration Drift and Continuous Validation in Zero-Trust Enterprise Networks

Zero-trust architectures are increasingly adopted to replace perimeter-based security models in distributed enterprise environments. In practice, however, frequent policy updates and heterogeneous access controls introduce configuration drift that undermines intended security guarantees. This study examines access control logs and policy repositories from a multi-tenant enterprise network over a three-year period. More than 14,000 rule changes and exception requests were analyzed. Approximately 19% of authorization failures were traced to outdated device profiles or inconsistent identity mappings. A continuous validation framework based on automated policy simulation and dependency tracking was introduced. After deployment, misconfiguration-related incidents declined noticeably, and incident response time was shortened. Long-term security effectiveness proved dependent on governance processes rather than static architecture design.