DOI: https://doi.org/10.36347/sjet.2026.v14i01.004

Pages: 48-56

Cyber threats in hybrid cloud infrastructure are especially vulnerable to small and medium-sized businesses (SMEs), which are faced with significant barriers to the implementation of an effective security model like Zero Trust Architecture (ZTA) due to resource constraints. This gap should be addressed in the current research which attempts to develop a pragmatic, light blueprint to ZTA that is explicitly designed to be within the capabilities of SMEs. Based on the design-science research paradigm, the study integrates available literature on SME cyber-security, the principles of ZTA and the specifics of hybrid cloud defense, defining the essential conditions and creating a viable artefact. The subsequent blueprint includes five main components, namely identity-based access control, micro-segmentation (lightweight), data protection, ongoing monitoring, and policy automation, which is further supported by a roadmap of the implementation stages and a resource-alignment matrix. The discussion explains how the blueprint balances the rigor of ZTA with the practicalities of the SMEs in terms of prioritizing high-impact and cost-effective controls and quantifying the potential reduction in risks relative to the salient threats, such as credential theft and ransomware. As a result, the work provides SMEs with a practical roadmap to the gradual development of cyber resilience. Future research should focus on the empirical testing of the blueprint through case studies and pilot applications that are carried out in operational SME situations.