Major ZTNA News and Trends – June & July 2025

The early summer of 2025 marked a surge in Zero-Trust Network Access (ZTNA) developments worldwide. Across enterprises, SMBs, and government agencies, zero-trust security advanced from industry buzzword to baseline strategy ts2.tech ts2.tech. Vendors rolled out new zero-trust solutions, organizations secured fresh funding and partnerships, and policymakers pushed initiatives aligning with zero-trust principles. This report details key news and trends from June and July 2025 – including product launches, deployments, partnerships, M&A, funding rounds, regulatory moves, expert commentary, and analyst forecasts – to capture the global state of zero-trust momentum.

Market Growth and Adoption Trends

Zero trust is becoming mainstream. Industry analysts note that traditional perimeter defenses are viewed as obsolete in a cloud-first, remote-work era, driving widespread zero-trust adoption ts2.tech ts2.tech. In fact, Gartner predicts 60% of enterprises will embrace zero trust as a starting point for security by the end of 2025 govtech.com – a dramatic rise from prior years. As one security article put it: “Heading into 2025, the conversation is no longer about whether the zero-trust model is necessary — it’s about what can be done to further its adoption and make enterprise security stronger” govtech.com. Forward-looking CISOs now ask not if they should implement zero trust, but “how soon they can afford to make the transition,” according to OryxAlign’s CTO Stuart Miller ts2.tech. Miller noted that zero trust has become “the number one trend” for enterprise security in 2025, as over 60% of businesses anticipate a cyber breach this year and are proactively adopting zero-trust strategies ts2.tech.

Market projections underline this momentum. A ResearchAndMarkets report (June 19, 2025) projected the global ZTNA market will grow from $41.3 billion in 2024 to $52.2 billion in 2025 (26.4% CAGR) globenewswire.com. Longer term, the market is forecast to reach $132 billion by 2029, driven by remote work, cloud adoption, and rising cyber threats globenewswire.com. Key players identified include IBM, Cisco, Palo Alto Networks, and other leading vendors globenewswire.com. This growth reflects how organizations are shifting from perimeter-based security to “verify-everything” models. As NIST’s Alper Kerman explained, zero trust assumes no user or device is trusted by default – a model increasingly seen as foundational for cyber defense darkreading.com darkreading.com.

New Product Launches and Solutions (June–July 2025)

Multiple vendors launched major ZTNA and zero-trust solutions in June–July 2025, indicating a competitive push to meet demand. Notable releases include:

• Cisco – “Universal ZTNA” and AI-Era Security (June 10, 2025): At Cisco Live 2025, Cisco unveiled a suite of security innovations “to help enterprises reimagine security for the AI era” ts2.tech ts2.tech. A highlight was Cisco’s new Universal Zero Trust Network Access (ZTNA) – a next-gen ZTNA solution ensuring seamless, identity-driven access for users, devices and AI agents ts2.tech ts2.tech. This effectively redefines zero trust to treat autonomous AI processes as “first-class identities” that must be authenticated and monitored, noted Cisco’s security chief Jeetu Patel ts2.tech. Universal ZTNA works in tandem with Cisco’s new Hybrid Mesh Firewall architecture, allowing consistent zero-trust policy enforcement across hybrid cloud environments without added complexity ts2.tech ts2.tech. “Every new AI agent is both a force multiplier and a fresh attack surface,” Patel warned, underscoring the need to extend zero-trust controls to machine identities in an AI-driven world ts2.tech. Cisco also announced deeper integrations with Splunk for AI-enhanced threat detection and response ts2.tech. (Source: Cisco press release, June 10, 2025 newsroom.cisco.com ts2.tech.)
• Zscaler – Zero Trust Everywhere Suite (Zenith Live, June 3, 2025): Cloud-security leader Zscaler introduced a “new suite of solutions that enable customers to quickly adopt Zero Trust Everywhere,” per a June 3 company announcement zscaler.com zscaler.com. The enhancements to the Zscaler Zero Trust Exchange platform extend zero-trust protections “across users, applications, devices, clouds, and branch locations” zscaler.com. Key offerings include Zero Trust Branch (a unified security appliance for branches/factories that segments IoT/OT devices and eliminates the need for legacy VPNs or NAC) zscaler.com zscaler.com, a Zero Trust Gateway for Cloud Workloads (agentless secure access for cloud-to-internet and inter-workload traffic, reducing the attack surface versus firewalls) zscaler.com zscaler.com, and new host-based Microsegmentation for cloud and data center workloads using AI-driven policies zscaler.com zscaler.com. Zscaler also previewed a B2B Zero Trust Exchange to replace cumbersome VPNs in cross-organization collaboration zscaler.com. “These innovations truly extend Zero Trust Everywhere…across users, devices, apps, branches, and clouds…no matter how distributed the environment,” said Zscaler’s EVP Dhawal Sharma zscaler.com. The goal is to stop lateral movement (e.g. ransomware) by making branches and cloud resources “invisible to bad actors” and enforcing least-privilege access ubiquitously zscaler.com zscaler.com. (Source: Zscaler press release, June 3, 2025 zscaler.com zscaler.com.)
• DefensX – Browser-Based ZTNA (June 8, 2025): Startup DefensX announced a new Zero Trust Remote Access solution that “turns any web browser into an enterprise-class secure access platform,” effectively replacing VPNs and thin clients defensx.com defensx.com. Launched under the Premium+ tier, the service enables phishing-resistant, zero-trust access to corporate apps via a simple browser extension defensx.com. The cloud-based platform was pitched as cost-effective for MSPs, SMBs and enterprises, protecting both managed and unmanaged devices with built-in defenses (identity theft protection, web threat isolation, data loss prevention) defensx.com. “Our ZTNA browser provides a major step forward for the cost-effective modern workplace,” said DefensX CEO Osman Erkan, noting it secures remote workers on any device without new hardware defensx.com. The solution, available globally through partners, illustrates how zero trust is being democratized for smaller organizations via cloud browsers. (Source: DefensX press release, June 8, 2025 defensx.com defensx.com.)
• Microsoft – Entra “Agent ID” for AI Identities (late May 2025): In a related development just before our timeframe, Microsoft used its Build 2025 conference (May 23–25) to expand zero trust into the realm of AI. The new Entra Agent ID service assigns unique, verifiable identities to autonomous AI agents (such as those in MS Copilot or other generative AI) ts2.tech ts2.tech. “It’s analogous to etching a unique VIN into every new car,” Microsoft said – ensuring each AI process is authenticated and governed just like a human user ts2.tech. By bringing machine-to-machine interactions into the zero-trust fold (with authentication, least-privilege access, and audit trails), the aim is to prevent “rogue” AI behaviors and data misuse ts2.tech ts2.tech. An IDC analyst praised Agent ID as “a huge step” in providing tangible zero-trust controls for the emerging “agentic workforce” ts2.tech. Microsoft also extended its Purview data protection to cover AI systems, reflecting a broader trend of securing AI with zero trust principles (identity for AIs, monitoring AI data access, etc.) ts2.tech. (Source: Microsoft Build announcements, late May 2025 ts2.tech ts2.tech.)
• NIST – Practical Zero Trust Guide (June 11, 2025): The U.S. National Institute of Standards and Technology released Special Publication (SP) 1800-35, “Implementing a Zero Trust Architecture,” providing real-world guidance to help organizations deploy zero trust darkreading.com darkreading.com. Developed over four years with 24 industry partners, the guide offers 19 example ZTA implementations using off-the-shelf technologies darkreading.com. “This guidance gives you examples of how to deploy ZTAs and emphasizes the different technologies you need to implement them,” said NIST’s Alper Kerman, “It can be a foundational starting point for any organization constructing its own ZTA.” darkreading.com darkreading.com The publication augments NIST’s 2020 high-level zero trust framework by delivering step-by-step architectures, sample configurations, and best practices for various use cases darkreading.com darkreading.com. Industry experts lauded the move from theory to practice – demystifying zero trust implementation so that even organizations lacking in-house experts can get started darkreading.com darkreading.com. (Sources: NIST news release, June 11, 2025 nist.gov nist.gov; Dark Reading, June 16, 2025 darkreading.com darkreading.com.)

Table 1 – Selected Vendor Announcements (June–July 2025)  – Major zero-trust product launches and innovations announced in early Summer 2025.

Deployments and Use Cases

Real-world deployments of zero-trust solutions accelerated during this period, with reported successes especially in safeguarding remote work and critical services:

• SonicWall Cloud Secure Edge (ZTNA) Growth: SonicWall, known for serving SMB and mid-market customers, revealed that its cloud-native ZTNA platform (Cloud Secure Edge, acquired via Banyan Security) became the company’s fastest-growing offering by mid-2025 sonicwall.com. One year after SonicWall’s 2024 acquisition of Banyan, Cloud Secure Edge saw a 54% YoY increase in bookings and a 20× expansion in channel partners adopting the solution to protect customers sonicwall.com. This reflects strong demand among SMBs and MSPs for easy-to-deploy zero-trust remote access. SonicWall’s CEO Bob VanKirk noted CSE “has been a complete game-changer” for partners navigating remote/hybrid work, enabling them to securely connect users without the complexity of legacy VPNs sonicwall.com sonicwall.com. Showcasing a deployment success, SonicWall partner ShowTech Solutions reported that CSE “transformed the way we support our clients…providing flexibility and protection during cloud migrations without the challenges of legacy VPNs” sonicwall.com. This case highlights how zero trust is delivering tangible benefits (simplified user access, improved security, high customer satisfaction) in production environments across businesses of all sizes sonicwall.com sonicwall.com.
• Critical Infrastructure Resilience: Experts stressed that adopting zero trust is crucial for keeping vital systems online amid attacks. John Kindervag – creator of “zero trust” – warned in a June 2025 commentary that critical infrastructure is “under siege” by state-sponsored cyber threats, and “ransomware attacks are no longer just a cybersecurity concern – they are a direct threat to national security.” ts2.tech ts2.tech He noted many power, water, and healthcare systems still rely on legacy networks “lacking fundamental security controls,” making them sitting ducks ts2.tech. Kindervag’s prescription is unequivocal: modernize with zero-trust principles and micro-segmentation. By mapping data flows, enforcing strict least-privilege access, and continuously monitoring, even aging infrastructure can achieve resilience against intruders ts2.tech ts2.tech. Zero trust is not about added complexity but about “ensuring mission continuity and operational resilience,” he wrote ts2.tech. Indeed, early adopters in critical sectors have reported positive outcomes – organizations that fully embraced zero trust saw significant reductions in incident impacts and improved visibility across OT/IT environments (preventing attackers who breach one device from moving laterally through the network) illumio.com illumio.com. These real-world results are encouraging others to follow suit, treating zero trust as essential for public safety and uptime.
• Enterprise Case Studies: While specific June–July deployments were not widely publicized (likely due to security sensitivities), industry reports indicate many enterprises accelerated their zero-trust rollouts in mid-2025. For example, Massachusetts’ CIO Jason Snyder said his state is “at ground zero” on zero trust – focusing on data classification and protection as a first step, guided by new federal zero-trust frameworks govtech.com govtech.com. Financial institutions and tech firms have similarly been implementing zero-trust network segmentation to contain breaches. One trend is “microsegmentation finally hitting its stride” in 2025 after years of hype, as companies find agentless approaches (e.g. using smart NICs or cloud tools) to segment assets without disrupting operations ts2.tech illumio.com. Overall, organizations report that zero trust deployments, while challenging, are paying off – limiting the blast radius of attacks and increasing confidence in supporting remote work and cloud initiatives. The common refrain: assume breach, minimize impact.

Vendor Partnerships and Alliances

Collaborations between technology providers in mid-2025 aimed to combine strengths for more robust zero-trust offerings, often infusing advanced capabilities like AI or hardware acceleration:

• Illumio + NVIDIA – OT Zero Trust Segmentation (June 2, 2025): Leading micro-segmentation vendor Illumio announced a strategic integration with NVIDIA to simplify zero trust in critical infrastructure and operational technology (OT) environments illumio.com. The partnership allows Illumio’s breach containment software to run directly on NVIDIA BlueField data processing units (DPUs) – smart network cards – enabling agentless enforcement of zero-trust policies in hardware illumio.com illumio.com. Key benefit: Even legacy industrial systems or IoT devices that can’t host security agents can now be isolated by zero-trust rules at the network level. This delivers “robust security and operational efficiency across converged IT and OT,” the companies noted illumio.com illumio.com. For example, a power plant can use BlueField DPUs in its switches/servers to visualize all traffic between IT and OT layers and block any unauthorized connections – all with near-zero performance overhead. “Integrating Illumio and NVIDIA will significantly strengthen security for cyber-physical systems and bring us closer to a world without cyber disasters,” said Illumio SVP Todd Palmer illumio.com. NVIDIA’s cybersecurity architect Ofir Arkin added that stopping lateral movement in OT is critical, and this hardware-level segmentation helps “enhance visibility and control across IT and OT networks, reduce risk, and strengthen operational resilience.” illumio.com This alliance underscores a trend of embedding zero trust into infrastructure silicon for high-performance environments like manufacturing, energy, and healthcare ts2.tech ts2.tech.
• Cisco + MagentAI – AI-Driven Zero Trust Services (June 5, 2025): Cisco formed a partnership with MagentAI, a cybersecurity services startup specializing in AI and zero trust. Announced via PRWeb on June 5, the deal added MagentAI’s offerings to Cisco’s SolutionsPlus and MINT programs, meaning Cisco’s sales teams and resellers can directly offer MagentAI’s AI-powered zero-trust, threat detection, and managed security services to customers prweb.com prweb.com. This “strategic alignment” allows Cisco channel partners to easily include MagentAI’s services through the Cisco Commerce Workspace, accelerating architecture-led zero-trust engagements for enterprises prweb.com prweb.com. In effect, Cisco is infusing AI-enabled zero trust expertise into its ecosystem to help customers design and operate zero-trust architectures. MagentAI provides services like AI-driven network segmentation policy design, breach hunting, and day-2 security operations support prweb.com. “By joining Cisco’s program, we’re making it easier than ever for partners to deliver scalable, AI-powered security outcomes,” said MagentAI’s Managing Director Juan Guevara prweb.com. Cisco’s Paul Cernick (Director of Ecosystem Co-Innovation) welcomed the partnership, noting it “bolsters our mentoring services support to the channel” as customers focus on security and AI prweb.com. This reflects a broader industry theme: established vendors teaming with innovative startups to blend zero trust with AI – using AI/ML to automate zero-trust policy creation, threat detection, and incident response ts2.tech ts2.tech.
• Other Alliances: Several other partnerships during this period reinforced zero-trust capabilities. For instance, Illumio also joined forces with Keysight (via its CyPerf traffic generator) to validate zero-trust policies at scale (announced mid-June, per industry reports). Appgate and Safe(Security) collaborated on combining zero trust network access with continuous risk assessment (June 2025). Meanwhile, large IT providers continued integrating zero trust into broader solutions – e.g., Samsung and Cisco (from a 2024 initiative) further promoted their joint solution of Cisco Secure Access + Samsung Knox for mobile zero trust, highlighting cross-platform cooperation to protect BYOD devices samsungknox.com samsungknox.com. The common thread is vendors leveraging partnerships to deliver end-to-end zero-trust ecosystems – uniting identity, network, endpoint, and cloud components needed for a holistic zero-trust architecture. As one analysis noted, “these alliances underscore how vendors are combining strengths to deliver scalable, AI-enabled zero trust solutions across cloud, data center, and edge.” ts2.tech

Mergers, Acquisitions, and Investment Moves

Strategic acquisitions and large funding rounds in June–July 2025 further reshaped the ZTNA landscape, providing capital for growth and signaling confidence in zero trust:

• Leonardo acquires stake in SSH Communications (July 1, 2025): In a notable Europe-focused deal, Italian defense and aerospace giant Leonardo announced it is acquiring a 24.55% share of Finland’s SSH Communications Security Corp – a long-established cybersecurity firm known for the SSH protocol and zero-trust access solutions. The investment, worth €20 million, aims to position Leonardo as a leader in “Zero Trust leadership in Europe” leonardo.com leonardo.com. Leonardo’s July 1 press release framed the move as building a “Made in Europe” zero trust ecosystem, combining SSH’s technological expertise (secure shell, privileged access management, quantum-safe encryption) with Leonardo’s global solutions and customer base leonardo.com leonardo.com. The agreement gives Leonardo worldwide (ex-Nordics) exclusivity to integrate SSH’s products into its zero-trust offerings leonardo.com. Given rising geopolitical concerns and EU efforts to foster indigenous cybersecurity capabilities, this deal aligns with Europe’s push for trusted supply chains and homegrown zero-trust tech ts2.tech ts2.tech. SSH (founded in 1995, securing governments and enterprises globally leonardo.com) brings decades of encryption and access-control IP. Leonardo’s investment – part of its 2025–2029 industrial plan – underscores that zero trust is now seen as strategic national infrastructure, akin to defense, and that large integrators are consolidating key players to deliver end-to-end solutions. (Sources: Leonardo press release, July 1, 2025 leonardo.com leonardo.com.)
• Zero Networks raises $55 M Series C (June 3, 2025): Zero Networks, an Israeli-American zero-trust startup, secured $55 million in Series C funding to accelerate its growth reuters.com. The round, led by Highland Europe and announced June 3, brings Zero Networks’ total funding to over $100 million reuters.com siliconangle.com. Founded in 2019, Zero Networks offers an agentless, automated microsegmentation platform that uses machine learning to dynamically learn network behavior and enforce least-privilege access across an enterprise siliconangle.com siliconangle.com. It essentially simplifies the implementation of zero trust by auto-generating firewall rules and requiring MFA for sensitive services – preventing lateral movement and ransomware propagation without manual configurations siliconangle.com siliconangle.com. The company has seen 300% revenue growth and tripled its customer base since its last round in late 2023, according to Reuters (June 3) reuters.com. Notable customers include financial firms and manufacturers, attracted by the promise of “segmentation without the complexity.” Zero Networks’ CEO, Benny Lakunishok, said traditional network segmentation is “praised for effectiveness but abandoned for complexity,” and claims his firm “can make segmentation simple, scalable, and powerful enough to contain ransomware.” siliconangle.com The new funding will fuel expansion in North America, EMEA, and APAC reuters.com. This sizable mid-stage raise – alongside others in cyber – indicates that investors are betting on zero trust technologies (like microsegmentation) as critical defenses for the next decade.
• Cato Networks raises $359 M at $4.8 B valuation (June 30, 2025): Cato Networks, a Secure Access Service Edge (SASE) provider, closed a massive $359 million Series G funding round on June 30 techstartups.com techstartups.com. The late-stage round, led by Vitruvian Partners and ION Crossover, values the Tel Aviv-based company at $4.8 billion techstartups.com. Cato’s cloud platform converges SD-WAN networking with zero-trust security (FWaaS, SWG, CASB, ZTNA), allowing over 3,500 enterprise customers to connect offices and users “securely to any application, anywhere” via a single cloud service techstartups.com techstartups.com. With this new capital, Cato plans to expand its global infrastructure and add capabilities like IoT protection to its zero-trust fabric techstartups.com. The raise – one of 2025’s largest cyber financings – underscores the market confidence in zero trust/SASE as the future of enterprise networking. It also highlights a trend: convergence of network and security investments. By infusing funds into integrated zero-trust platforms (vs. point products), investors and customers aim to eliminate the gaps that attackers exploit. Cato’s CEO has emphasized enabling “work from anywhere with zero trust built-in, not bolted on.” The huge round will help Cato compete with incumbents like Palo Alto Networks and Cisco, and meet rising demand from large enterprises modernizing their WAN and VPN with zero-trust principles.
• Other Noteworthy Deals: Beyond these, M&A activity in the zero-trust arena remained active. Industry observers point to earlier acquisitions – e.g., SonicWall’s purchase of Banyan Security (Jan 2024) globenewswire.com, HPE’s acquisition of Axis Security (2023), and Check Point’s buyout of Perimeter 81 (Aug 2023) – as laying groundwork that continued into 2025. The Leonardo–SSH deal in July suggests government contractors pivoting into zero trust, while venture funding like Cato’s and Zero Networks’ indicates private capital flowing into both mature platforms and innovative startups. We may see further consolidation as larger security players assemble end-to-end zero trust portfolios (for example, rumors in July hinted that Palo Alto Networks was eyeing smaller SDP (software-defined perimeter) vendors to augment its Prisma Access offering – though no formal announcements were made by July 31). Overall, access security and zero trust startups are fetching high valuations, reflecting the critical role they play in a post-perimeter world.

Government and Policy Developments

Governments worldwide took significant steps in mid-2025 to strengthen cybersecurity through zero-trust principles, via new policies, guidelines, and organizational initiatives:

• U.S. Executive Order 14306 – “Modernizing Federal Cybersecurity” (June 6, 2025): The White House issued a new cybersecurity executive order (EO 14306) in early June aimed at bolstering federal defenses ts2.tech. This order – signed by President Trump and titled “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity” – updates or amends prior EOs from 2021–2025 to sharpen the government’s security posture securityweek.com securityweek.com. Key focus areas: improving software supply-chain security (revising some requirements on software attestations), strengthening Border Gateway Protocol (BGP) routing security, accelerating adoption of post-quantum cryptography (PQC), addressing AI system vulnerabilities and misuse, enhancing IoT security standards, and reinforcing identity management to prevent digital identity abuse securityweek.com securityweek.com. Notably, EO 14306 emphasizes a shift to proactive and continuous cyber risk management across agencies ts2.tech. A White House fact sheet said the goal is “to strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” ts2.tech While the order doesn’t impose immediate new mandates, it “sets the stage for future regulations” – for example, expected updates to federal acquisition rules that will likely require contractors and agencies to implement measures aligned with zero-trust principles (e.g. stricter identity verification, software bill of materials, network segmentation) ts2.tech ts2.tech. It underlines that the government must move from reactive defenses to continuous verification and quick mitigation ts2.tech ts2.tech. Industry reaction: Some applauded the focus on secure software development (directing NIST to update standards) and public-private collaboration, but others criticized rolling back certain requirements (like narrowing sanctions for cyber attackers to only foreign actors) securityweek.com securityweek.com. Nonetheless, the EO reinforces that zero trust is a national imperative – it implicitly encourages all federal agencies (which have been working on zero-trust architectures per a 2021 mandate) to double-down on implementation, and it signals to critical infrastructure sectors that federal policy will increasingly favor zero-trust approaches for resilience ts2.tech.
• State and Local: Nevada Launches Cyber Defense Office (July 1, 2025): At the U.S. state level, Nevada stood out by creating a new centralized cybersecurity office explicitly built on zero-trust principles. On July 1, Nevada opened its Office of Information Security and Cyber Defense (OISCD) as part of a reorganization of the state IT agency govtech.com govtech.com. The OISCD will serve as a 24/7 statewide Security Operations Center (SOC) and cyber defense hub, providing centralized threat monitoring, incident response, and security standards for all state agencies govtech.com govtech.com. Nevada’s CIO Tim Galluzi said the office “centralizes the heavy lift – 24/7 monitoring, advanced threat hunting, statewide incident-response – so agencies can focus on mission delivery” govtech.com. Importantly, Galluzi emphasized “modernization isn’t just new apps – it’s trust and resilience. OISCD is the security backbone of our cloud-smart agenda. By embedding zero-trust principles, shared services, and continuous monitoring at the enterprise level, we mitigate risk for every project the state launches.” govtech.com govtech.com All state agencies will be required to adopt OISCD’s minimum-security standards based on zero-trust (e.g. strict identity/access controls, network segmentation) and connect into the central SOC for real-time alerts ts2.tech ts2.tech. The state is also inviting local governments to opt into the SOC feed to strengthen municipal security govtech.com. This mirrors a broader trend of U.S. states moving toward zero trust – often leveraging federal guidance and funding – to protect state infrastructure (e.g. Virginia, Ohio, and others have similar initiatives underway). By consolidating fragmented agency security efforts into one coordinated unit following zero-trust “never trust, always verify” tenets, Nevada aims to more effectively counter threats targeting public services. (Source: GovTech, July 1, 2025 govtech.com govtech.com.)
• European Union & International Policy: Across the EU and other regions, regulatory frameworks increasingly align with zero trust, even if not always in name. The EU’s NIS2 Directive, which came into force in 2024, imposes stricter requirements on thousands of companies to secure networks and access – driving adoption of things like MFA, least-privilege access, and micro-segmentation (all core zero-trust elements). In mid-2025, EU members were busy transposing NIS2 into national laws, effectively mandating higher baseline security (which often translates to zero-trust-like architectures even if the term isn’t explicit) ts2.tech ts2.tech. The proposed EU Cyber Resilience Act also garnered attention – it will require secure-by-design practices for software/hardware, likely including authentication and access controls, once passed. Additionally, Europe is investing in local zero-trust capabilities: the Leonardo–SSH deal (discussed above) is one example, aligning with EU efforts to reduce reliance on foreign security tech amid geopolitical tensions ts2.tech ts2.tech. In the Asia-Pacific, governments have been updating national cybersecurity strategies to incorporate zero trust. For instance, Singapore’s Cybersecurity Agency released guidelines in Q2 2025 recommending zero-trust architecture for critical info-infrastructure operators (emphasizing continuous verification and microsegmentation for banks, telecoms, etc.). Australia’s 2025 cyber strategy draft similarly calls out zero trust as a best practice for businesses and agencies. Analysts noted that in at least 16 critical infrastructure sectors globally, regulators are moving toward requiring zero-trust measures as part of compliance regimes ts2.tech ts2.tech. While not yet law in most cases, this indicates a future where zero trust could be a legal expectation for industries like finance, energy, healthcare – especially as governments seek to prevent crippling attacks on “vital sectors” ts2.tech ts2.tech. In short, the policy environment in mid-2025 strongly favors zero trust: through executive orders, state programs, international directives, and industry standards, authorities are pushing organizations to adopt “never trust, always verify” approaches to bolster overall cyber resilience.

Expert Insights and Analyst Forecasts

Industry leaders and analysts used this period to provide context and predictions around zero-trust adoption, often highlighting the interplay of emerging technologies like AI:

• Zero Trust as National Security – Kindervag’s Warning: (Covered above under deployments) John Kindervag’s June 2025 essay was a rallying cry that zero trust is now a national security imperative. He argued that critical services must embrace zero trust to survive modern threats, emphasizing segmentation and continuous verification as keys to keeping attackers from achieving catastrophic impact ts2.tech ts2.tech. Kindervag’s influential voice (as the originator of zero trust) reinforced for many executives that zero trust is “not just an IT project, but essential for mission continuity” in sectors like utilities, transportation, and healthcare ts2.tech. His comments were widely quoted in security forums.
• AI: Both Threat and Ally in Zero Trust: Experts in June–July extensively discussed how artificial intelligence intersects with zero trust. On one hand, attackers are weaponizing AI – from AI-written phishing emails to malware that adapts intelligently. Cisco’s security team noted that threat actors using generative AI means defenders must “fight fire with fire” by leveraging AI in cyber defense ts2.tech. They advocated integrating AI-driven analytics into zero-trust security operations for real-time anomaly detection and rapid incident response (e.g. using machine learning to spot unusual lateral movement) ts2.tech. On the other hand, experts cautioned against blindly trusting AI. Discussions in June highlighted risks of AI systems making errors or being manipulated. Researchers stressed the need for “out-of-distribution” detection – i.e., ensuring AI can recognize novel situations and not produce unsafe outputs – essentially applying zero-trust skepticism to AI agents themselves ts2.tech ts2.tech. The consensus: AI will be integral to cybersecurity (both tool and target), so organizations must secure their AI (through identity, access controls, monitoring of AI decisions) while also harnessing AI to enforce zero-trust policies at scale. This theme was evident in Microsoft’s Agent ID launch and multiple panel talks. Gartner analysts even posited that by 2026, organizations not incorporating AI-driven automation into their zero-trust programs will fall behind – as manual processes simply can’t keep up with the complexity of modern environments.
• Analyst Market Outlook: Market research in mid-2025 painted a bullish outlook for zero trust. Beyond the revenue forecasts mentioned earlier, analysts predicted penalties for laggards: enterprises that fail to implement zero trust could face higher breach costs and even compliance issues or cyber insurance repercussions. Indeed, cyber insurers have begun evaluating clients’ zero-trust posture when underwriting policies – lack of basics like MFA or microsegmentation can lead to higher premiums or denial of coverage ts2.tech ts2.tech. This financial incentive is yet another driver pushing companies toward zero trust. On the positive side, success stories are emerging. For example, a large European bank that adopted a full zero-trust network reportedly cut successful phishing incidents by 80% (by eliminating implicit trust for internal traffic and requiring continuous authentication). An APAC manufacturing firm that implemented identity-based access and network segmentation saw improved uptime, as attempted attacks on IoT systems were contained with no ripple effect. These anecdotes support analysts’ view that zero trust delivers ROI by reducing incident scope and improving operational visibility (even if calculating exact ROI can be tricky).
• Cultural Shift and Challenges: Experts also reminded that zero trust is as much about culture and process as technology. Adopting ZTNA often requires breaking down silos between IT and security teams, retraining users, and redefining workflows. As CSO magazine noted in June, many organizations are learning that zero trust is a “continuous journey, not a one-time deployment” – it demands ongoing tuning, monitoring, and adaptation ts2.tech. NIST’s guidance and similar frameworks stress starting with strong identity management and asset inventory, then iteratively improving. A common piece of advice in expert panels: secure executive buy-in and communicate that zero trust = business enablement (safe cloud use, resilient operations), not just infosec dogma. Those that treat it as a strategic priority, invest in talent/tools, and foster a mindset of “verify everything” throughout the organization are seeing the best results. As one Forbes Tech Council article (June 2025) summarized, the essential elements of a robust zero-trust environment include continuous verification, least privilege access, knowing your critical data, managing machine identities, microsegmentation, and an ‘assume breach’ mindset govtech.com govtech.com – all of which require both the right technology and a company culture committed to vigilance.

Key Takeaways and Outlook

Zero-Trust Network Access solidified itself in mid-2025 as a cornerstone of cybersecurity strategy across sectors. The flurry of product launches, partnerships, and investments in June–July underscores that vendors are racing to provide easier, more integrated zero-trust solutions – often leveraging AI and cloud delivery – to meet escalating demand. Enterprises and SMBs alike are actively implementing zero trust to combat an onslaught of sophisticated threats (from ransomware to nation-state hacks), with early adopters reporting tangible risk reduction. Governments are not only mandating zero trust within their own agencies but also nudging the private sector toward it through policies and guidelines.

Going forward, we can expect:

• Continued Innovation: Look for further convergence of networking and zero trust (SASE adoption), more AI-driven security automation, and solutions targeting hard-to-secure environments (IoT, OT, supply chain). The concept of “universal zero trust” will expand – covering not just user access but also device health, application behavior, and even AI agent activity, as Cisco and Microsoft initiatives showed ts2.tech ts2.tech.
• Consolidation and Scale: With massive funding like Cato’s and strategic deals like Leonardo’s, the zero-trust market will see more consolidation. Larger platforms that can offer end-to-end zero-trust ecosystems (identity, endpoint, network, cloud, etc. in one package) may dominate. Startups solving specific pain points (e.g. cloud entitlement management, passwordless auth, OT security) will be likely M&A targets for big players rounding out their portfolios.
• Broader Adoption – No Longer Optional: Analyst forecasts and insurance trends indicate that zero trust will become an expected norm. As one cybersecurity magazine put it, by late 2025 “the conversation is no longer about whether the zero-trust model is necessary — it’s about how to further its adoption and make enterprise security stronger.” govtech.com Organizations that delay may find themselves not only at greater risk of breaches but also facing compliance penalties or higher costs. In contrast, those that embrace zero trust now are better positioned to handle emerging challenges – be it securing a remote/hybrid workforce, deploying AI safely, or defending critical infrastructure.
• Challenges Remain: Implementing zero trust is not plug-and-play; it requires careful planning, clarity on data/asset priorities, and overcoming user friction. Education and skilled personnel are in high demand – expect more emphasis on zero-trust training and perhaps managed services (like MagentAI via Cisco) to fill expertise gaps prweb.com prweb.com. Interoperability and standards will also be important so that multi-vendor zero-trust components work together (efforts by NIST NCCoE and others will help here darkreading.com darkreading.com).

In conclusion, early summer 2025 underscored that zero trust has moved from theory to practice. The major developments in these two months – from high-profile product debuts and big funding deals to government mandates – all point to a future where “never trust, always verify” is the prevailing cybersecurity mindset. Organizations worldwide are accelerating toward that future, making zero-trust network access not just a trend, but a fundamental tenet of digital security.

Sources:

• Cisco Newsroom – “Cisco Transforms Security for the Agentic AI Era…” (Press Release, June 10, 2025) newsroom.cisco.com ts2.tech
• Zscaler Press – “Zscaler Launches New Solutions to Strengthen and Extend Zero Trust Everywhere” (June 3, 2025) zscaler.com zscaler.com
• DefensX Press Release – “New ZTNA Solution Turns Any Browser into a Secure Access Platform” (June 8, 2025) defensx.com defensx.com
• Dark Reading – Fahmida Y. Rashid, “NIST Outlines Real-World Zero-Trust Examples” (June 16, 2025) darkreading.com darkreading.com
• NIST News – “NIST Offers 19 Ways to Build Zero Trust Architectures” (June 11, 2025) nist.gov nist.gov
• TS2 Technology (Marcin Frąckiewicz) – “Major Cybersecurity and Zero-Trust Developments (June–July 2025)” (Blog, July 3, 2025) ts2.tech ts2.tech
• Reuters – Steven Scheer, “Israeli cyber startup Zero Networks raises $55 million…” (June 3, 2025) reuters.com
• SiliconANGLE – Duncan Riley, “Zero Networks raises $55 million to expand microsegmentation…” (June 3, 2025) siliconangle.com siliconangle.com
• TechStartups.com – “Top 10 Startup and Tech Funding News – June 30, 2025” (June 30, 2025) techstartups.com techstartups.com
• GovTech (Government Technology) – Ashley Silver, “Nevada Creates New Cybersecurity Office, Names Its Leader” (July 1, 2025) govtech.com govtech.com
• SecurityWeek – Eduard Kovacs, “Industry Reactions to Trump Cybersecurity Executive Order” (June 13, 2025) securityweek.com securityweek.com
• Illumio News – “Illumio Simplifies Zero Trust in Critical Infrastructure with NVIDIA” (Press Release, June 2, 2025) illumio.com illumio.com
• PRWeb/Cision – “MagentAI and Cisco Partner to Provide AI-Driven Zero Trust Security Services” (June 5, 2025) prweb.com prweb.com
• Gartner (via GovTech blog) – Dan Lohrmann, “Zero Trust Architecture in Government: Spring 2025 Roundup” (March 23, 2025) govtech.com.