Five indicators that the Zero Trust market is maturing fast

Zero Trust architectures (ZTAs) have been a hot topic for some years, thought to have originally been coined by Forrester back in 2009, and the skyrocketing demand for remote work spurred by the pandemic only served to throw the concept into even stronger relief. Perimeter-based security is a model that is obsolete now that has been showing its age in many other ways too, not least a seeming inability to mitigate many recent security threats such as the SolarWinds supply chain compromises. We’ll look at five different market areas and developments that shine a light on the wider Zero Trust market and demonstrate just how rapidly it is maturing.

1) Analysts continue to predict increasing interest in Zero Trust

Gartner outlined just how imminent the move towards Zero Trust is likely to be in a recent whitepaper, predicting that by 2023, 60% of enterprises will have phased out VPN use in favour of Zero Trust, and even more pressingly, that 80% of new digital business applications opened up to ecosystem partners in 2022 will be accessed via Zero Trust network access. A previous report from Forrester Research painted a similar picture, predicting that 71% of enterprise users will turn to Zero Trust solutions to replace overburdened VPNs. The Forrester survey found that the most important Zero Trust use cases to respondents were enhancing visibility into cloud workloads across workforce apps (87%), ensuring safe and fast developer access (83%), and starting or expanding bring-your-own-device (BYOD) programmes (81%). Finally, eponymous research firm Markets and Markets has projected that the global Zero Trust security market will grow from US$19.6bn in 2020 to US$51.6bn by 2026 - an enormous acceleration.

2) US Government continues to cement Zero Trust commitment

That predicted acceleration isn’t just analyst hype either, as the repeated US government commitments to Zero Trust architecture and principles are making crystal clear. There have been several connected announcements which make very clear the direction of travel, such as President Biden’s Executive Order in mid 2021 which decreed that Federal agencies must move towards Zero Trust Architecture. In response, the US Defense Information Systems Agency (DISA) in January awarded a US$6.8mn ‘Thunderdome Prototype’ contract to Booz Allen Hamilton, a six-month Zero Trust security platform trial based around implementing secure access service edge (SASE) and software-defined wide area networks (SD-WAN).

The executive order has also been built on by other US agencies, culminating recently in the National Security Telecommunications Advisory Committee’s (NSTAC’s) Zero Trust and Trusted Identity Management report, which draws on a wide range of Zero Trust architecture sources to deliver recommendations on Zero Trust  adoption - most tellingly, so that a short term focus does not result in an ‘incomplete experiment’.

So pertinent is this timeliness that the US Cybersecurity and Infrastructure Security Agency (CISA) has developed a maturity roadmap for agencies to reference as they transition towards a Zero Trust architecture. The maturity model, which includes five pillars and three cross-cutting capabilities, has specific examples of traditional, advanced, and optimal Zero Trust architectures so that agencies can plot their progress clearly.

3) UK and Europe follow a similar ZT trail

Here on the other side of the pond, the UK’s National Cyber Security Centre (NCSC) has published eight guidance principles for Zero Trust architecture in organisations, both public sector and private. In addition, a recent joint advisory with Australia and the US regarding ransomware mitigation specifically recommends implementing a Zero Trust architecture, as well as  multi-factor authentication and a comprehensive user training programme.

Across the channel, European businesses are also following the trend with interest, as research in late 2021 uncovered. Indeed, 82% of European organisations increased their Zero Trust budgets in 2021 - not a single business in Europe decreased ZT budgets.

Historically, the EMEA and ANZ regions have shown a proclivity to follow suit on both US policy and US private sector modernization, and the case of Zero Trust adoption seems to be no exception.

4) Zero Trust journey has been simplified, automated, and accelerated

While there is a wealth of best practice documentation on Zero Trust available - not least from the Government resources mentioned already - perceived complexity of the Zero Trust implementation journey had sparked some hesitation in the adoption curve. While there were many trailblazers and early adopters willing to take the plunge towards Zero Trust, a substantial proportion of the market chose to wait for advancements in implementation.

The wait is over, as modern Zero Trust platforms have massively raised the bar in ease of deployment and time to journey completion. Specifically, platform approaches, which address entire network with Zero Trust from end-to-end, for unprecedented scopes of visibility and control. And, by leveraging AI and machine learning, today’s modern Zero trust solutions are able to get and keep organisations in a Zero Trust state, autonomously and at scale.

5) Vendor partnerships begin to bear fruit

That level of consensus throughout the vendor community can also be created via homogenisation, via acquisition and partnerships. One recent example being an extended partnership between Cloudflare and CrowdStrike to help businesses adopt a Zero Trust security philosophy. The pair are integrating versions of their product offerings to simplify the integration task for businesses adopting Zero Trust.

Meanwhile, the burgeoning Secure Service Edge (SSE) market has been busy, with the recent unveiling of Skyhigh Security, an SSE and Zero Trust firm consolidated from parts of McAfee Enterprise and FireEye. Indeed, this complex corporate recombination indicates the direction of travel beyond the acceptance of Zero Trust, and into the nuts and bolts of SASE and SSE.

In fact, SASE alone is forecast to undergo a compound annual growth rate (CAGR) of 42% from 2019 to 2024, when it will approach US$11bn, according to Gartner, while revenue in the SSE market amounted to between US$2.4bn and US$2.6bn in fiscal 2020 and is growing by 19% to 21% year over year.

It is clear from these signs that Zero Trust adoption is steepening as interest continues to rise, thanks to a well-aligned set of market drivers including high-level government mandates. In tandem, industry alliances and partnerships are emerging to help guide enterprise and assuage any remaining doubts or queries - Zero Trust is certainly here to stay.