Engineers regularly bypass security measures in the course of their work due to unfulfilled zero trust objectives.
In the ever-evolving landscape of cybersecurity, Zero Trust Network Access (ZTNA) has emerged as a crucial defensive strategy. As of mid-2025, approximately 60% of organisations have adopted ZTNA as their core security framework, a significant increase from previous years [2][4].
Market Growth and Security Benefits
The Zero Trust security market is projected to grow substantially, with a compound annual growth rate (CAGR) of around 17.2%. The market, currently valued at $45.05 billion, is expected to nearly double to $99.24 billion by 2029 [1].
Zero Trust effectively addresses the dissolution of traditional network boundaries caused by remote work and cloud adoption. It requires continuous verification of users and devices, regardless of location, thereby reducing risks from insider threats, supply chain vulnerabilities, and advanced persistent threats [2][4].
Productivity Impacts
By securely enabling remote and hybrid workforce models, ZTNA facilitates seamless, secure access to necessary resources from any location. This improves operational agility and collaboration [1][2]. Enhanced security postures also decrease downtime from successful cyberattacks, thereby increasing overall productivity for IT and engineering teams [1][4].
Current Adoption and Impact
| Aspect | Current State (2025) | Projected Impact/Trend | |----------------------------|------------------------------------------|----------------------------------------| | Adoption rate | ~60% of organisations implementing ZTNA | Mainstream security approach; expanding rapidly | | Market size | $45.05 billion (2025) | $99.24 billion by 2029 (21.8% CAGR) | | Security benefits | Continuous verification, reduced insider/supply chain risks | Less successful breaches, improved data protection | | Productivity impacts | Secure remote access; supports hybrid work | Greater operational agility; less downtime | | Supporting technologies | TLS 1.3, encrypted brokers, MFA | Increasing encryption adoption across sectors |
Organisations that delay adoption of ZTNA risk higher breach likelihood and operational inefficiencies [2][4]. AI and automation are on the rise for not just detecting threats, but also adjusting access dynamically in response to context. Early adopters are moving to identity-first architectures and just-in-time access models.
However, many companies are still reliant on manual processes to manage network access, using tools such as static firewalls and permissions based on user IP rather than software-defined access. The report underscored the shortcomings of relying on manual systems by revealing as many as 68% of respondents retained access to internal systems after leaving their previous employer.
Virtual private networks (VPNs) have been identified as a particular problem, with companies heavily reliant on them nearly twice as likely to report broken access or security workarounds compared to those using modern tools. Tailscale expects security-minded organisations to retire or phase out their legacy VPNs by the end of 2026.
Many companies are using multiple tools for network security, with nearly a third using four or more. The survey, which included responses from 1,000 IT, security, and engineering professionals across North America, also found that 99% of companies want to redesign their access and networking setup from the ground up.
Only 10% of respondents said their current VPN setup works well, with no major issues, while 90% reported limitations such as security risks, latency, or operational overhead. A survey commissioned by Tailscale found that 83% of IT and engineering professionals admitted to bypassing security controls to get their work done.
Almost half (49%) of the organisations said their access infrastructure cannot be scaled. Two-thirds of the surveyed organisations' IT and security policies were found to actively block or misunderstand workflows. Just 29% of respondents use identity-based access as their primary model, while zero trust network access (ZTNA) was pointed to as an aspirational process for respondents to adopt.
AI coding tools may actually slow down developers despite claims of speeding up work. There will be a big move towards unified, cloud-native secure access platforms over the next two years, sometimes referred to as universal ZTNA. Nearly every organisation claims to be on a Zero Trust journey, indicating an ongoing process. Half of the companies are actively trying to consolidate their toolsets.
Education around adaptive access, AI-enhanced threat detection, and modern zero trust architectures will be critical over the next two years. 55% of respondents were sceptical or said they didn't know where to look for better solutions. As Zero Trust becomes more mainstream, it is clear that it is no longer an optional defensive strategy but a necessary foundation for securing modern, distributed IT and engineering environments amid complex threat landscapes and evolving work paradigms.
- The Zero Trust security market, with a CAGR of around 17.2%, is projected to nearly double from its current value of $45.05 billion to $99.24 billion by 2029.
- Zero Trust Network Access (ZTNA) effectively addresses the risks from insider threats, supply chain vulnerabilities, and advanced persistent threats by requiring continuous verification of users and devices, regardless of location.
- Organisations that delay adoption of ZTNA risk higher breach likelihood and operational inefficiencies, as demonstrated by the fact that 68% of respondents retained access to internal systems after leaving their previous employer.
- There will be a big move towards unified, cloud-native secure access platforms over the next two years, sometimes referred to as universal ZTNA, as technology evolves to secure modern, distributed IT and engineering environments.
