Abstract

The rapid adoption of hybrid cloud computing has enabled organizations to combine the scalability and flexibility of public cloud services with the control and customization of on-premises infrastructure. However, this architectural model introduces complex security challenges due to increased attack surfaces, heterogeneous environments, and dynamic resource provisioning. Traditional perimeter-based security approaches are inadequate for protecting hybrid cloud environments, as they rely on implicit trust and static boundaries that no longer exist in modern, distributed systems. Consequently, there is a growing need for security architectures that are automated, identity-centric, and resilient to evolving threats. This research presents the design and implementation of a secure hybrid cloud infrastructure that integrates Infrastructure-as-Code (IaC) with Zero Trust Architecture (ZTA) principles. IaC enables automated, repeatable, and auditable infrastructure provisioning through declarative configuration files, reducing human error and configuration drift while improving security consistency. Zero Trust principles enforce continuous verification of identities, devices, and workloads, ensuring that no entity is implicitly trusted regardless of its network location. By combining these two paradigms, the proposed approach embeds security directly into the infrastructure lifecycle, aligning with modern DevSecOps practices. The proposed architecture leverages policy-as-code, automated identity and access management, micro-segmentation, and continuous monitoring to secure communication across on-premises and cloud resources. A secure deployment workflow is implemented using widely adopted IaC and cloud security tools, demonstrating how Zero Trust controls can be enforced consistently across hybrid environments. The effectiveness of the approach is evaluated through security analysis, deployment efficiency metrics, and compliance alignment with established standards such as NIST Zero Trust guidelines. The results indicate that integrating IaC with Zero Trust principles significantly enhances security posture, reduces misconfiguration risks, and improves scalability and manageability of hybrid cloud infrastructures. This research contributes a practical, reproducible framework for organizations seeking to implement secure hybrid cloud environments and provides insights into the benefits and challenges of adopting Zero Trust and IaC in real-world scenarios.