Zero‑trust market forecast

A market press release says cloud-based Zero Trust Network Access is set for years of growth as companies keep moving security controls out of the office and into the cloud. (foriio.com) The release, summarizing a 2026–2032 report from QYResearch, says the market was about $4.58 billion in 2025 and could reach $14.61 billion by 2032, with an 18.3% compound annual growth rate. (foriio.com) Other market trackers are also projecting fast expansion, but with very different totals: MarketsandMarkets pegs the broader Zero Trust Network Access market at $1.34 billion in 2025 and $4.18 billion in 2030, while Grand View Research estimates $1.97 billion in 2025 and $11.03 billion in 2033. (marketsandmarkets.com) (grandviewresearch.com) Zero trust is a security model that treats every login like a fresh badge check, not a free pass for being “inside” a company network. NIST said in Special Publication 800-207 that zero trust shifts defenses away from static network perimeters and toward users, assets, and resources. (csrc.nist.gov) Zero Trust Network Access is the piece that controls who gets into a specific app or service, often replacing broad virtual private network access with narrower, identity-based access. Google said its BeyondCorp model was built to let employees work from untrusted networks without using a traditional VPN. (cloud.google.com) U.S. policy helped turn the concept into a procurement category. The White House’s Office of Management and Budget told federal agencies in a January 26, 2022 memo to meet specific zero-trust objectives by the end of fiscal 2024. (whitehouse.gov) CISA’s Zero Trust Maturity Model breaks the work into five pillars — identity, devices, networks, applications and workloads, and data — plus cross-cutting areas including visibility and analytics, automation and orchestration, and governance. That is why vendors increasingly pitch zero trust as an operating model for access policy, logging, and evidence collection, not just a remote-access tool. (cisa.gov 1) (cisa.gov 2) The market numbers in these reports are not directly interchangeable because firms define the category differently: some count only Zero Trust Network Access, while others roll it into wider cloud-security bundles. Gartner’s Security Service Edge category, for example, groups Zero Trust Network Access with secure web gateways, cloud access security brokers, and firewall-as-a-service. (gartner.com) (insights.netify.co.uk) The through line is that buyers are paying for more granular access controls as work, apps, and data spread across cloud services and unmanaged networks. The forecast is less a verdict on one product than a sign that “inside the network” is no longer the main security boundary. (csrc.nist.gov) (foriio.com)