<![CDATA[Abstrak – Perkembangan teknologi informasi yang pesat telah meningkatkan risiko keamanan data, terutama pada sistem autentikasi dan manajemen akses. Untuk menghadapi ancaman tersebut, penelitian ini mengimplementasikan pendekatan keamanan berbasis Zero Trust Architecture (ZTA) pada sistem login dan manajemen data web. ZTA menerapkan prinsip “never trust, always verify” dengan menggabungkan beberapa mekanisme keamanan, antara lain Multi-factor authentication (MFA) melalui OTP via WhatsApp, autentikasi biometrik (sidik jari), Role-based access control (RBAC) untuk pembatasan hak akses, serta audit logging untuk pemantauan aktivitas pengguna. Metode pengembangan menggunakan pendekatan rekayasa sistem, dengan tahapan analisis kebutuhan, perancangan, implementasi, pengujian black box, dan evaluasi. Hasil pengujian menunjukkan bahwa seluruh fitur sistem berjalan sesuai fungsinya, termasuk deteksi login dari perangkat baru dan pengiriman OTP real time. Sistem mampu memberikan peringatan keamanan yang responsif serta mencatat setiap aktivitas pengguna secara akurat. Penerapan ZTA terbukti meningkatkan keamanan, keandalan autentikasi, serta kontrol akses terhadap data. Penelitian ini menunjukkan bahwa integrasi ZTA dalam sistem web dapat menjadi solusi efektif untuk memperkuat ketahanan keamanan siber.Kata kunci : Zero Trust Architecture; MFA; RBAC; OTP; Audit Logging; Abstract – The rapid development of information technology has increased the risk of data breaches, particularly in authentication and access management systems. To address these challenges, this research implements a security approach based on Zero Trust Architecture (ZTA) for web-based login and data management systems. ZTA applies the principle of “never trust, always verify” by integrating several security mechanisms, including Multi-factor authentication (MFA) using OTP via WhatsApp, biometric authentication (fingerprint), Role-based access control (RBAC) to regulate user permissions, and audit logging to monitor user activities.The development method follows a systematic engineering approach consisting of requirement analysis, system design, implementation, black box testing, and evaluation. The results show that all features function as intended, including real-time OTP delivery, fingerprint authentication, and detection of logins from new devices or IP addresses. The system provides responsive security alerts and records user activities accurately, enhancing accountability.The implementation of ZTA successfully strengthens authentication reliability and access control, making it an effective solution for improving cybersecurity in web applications.Keywords: Zero Trust Architecture; MFA; RBAC; OTP; Audit Logging;]]>
Copyrights © 2025
