We use third-party cookies in order to personalize your site experience. See our Privacy Policy.

Technology thesis · Cybersecurity

high conviction growth

Zero-trust security

Zero trust is the dominant security architecture for the cloud era; every major enterprise is adopting it, but implementation takes 2-3 years and most are still mid-journey.

Position maintained continuously · last reviewed Apr 22, 2026

The thesis

Core thesis

Jay Chaudhry (Zscaler) and John Kindervag (who coined the concept at Forrester in 2010) define zero trust: never trust, always verify. The architecture replaces perimeter-based security (firewalls) with identity-based access control. Zscaler, Cloudflare, and Palo Alto Networks lead. 60%+ of enterprises have started zero-trust journeys; fewer than 20% have completed them.

State of the art (2026)

Zero trust in 2026 has shifted from network-access projects to an identity-first discipline. NIST finalised SP 1800-35 in 2025, giving enterprises 19 reference implementations of the 800-207 model, while OMB M-22-09 and the DoD Zero Trust Strategy keep US federal and defence buyers as the anchor demand. Commercially the centre of gravity is SASE/SSE plus identity: Zscaler reported over 550 Zero Trust Everywhere enterprise customers in Q2 FY2026 (up from roughly 130 a year earlier) and Palo Alto grew SASE ARR around 40 per cent year on year. The live frontier is non-human and agentic identity – Aembit, Astrix, Oasis and Veza – as NIST's NCCoE drafts AI-agent identity guidance and proliferating autonomous agents become the next access boundary.

The rest of the file

Everything below is live inside CanaryIQ

The full analysis behind the verdict — the structure is real; the content unlocks when you log in.

Signal stack

Evidence stacked leading → lagging

9 signals
talent
research
patent
expert
operational
regulatory
market

Technology-native KPIs

Metrics that predict trajectory, tracked over time

4 tracked
Zero-trust architecture adoption rate
Zero-trust market revenue
Average breach cost reduction
US federal zero-trust compliance

Landscape map

Who builds what — and who depends on whom

110 players · 6 layers

Catalyst calendar

Dated events that will move the position

4 ahead

Technology roadmap

Milestones on the path to maturity

8 milestones

Watchlists

Companies, people and papers — each with a remove-by condition

20 · 20
Companies · 20
People · 20

Decision frameworks

The same call, framed for your desk

Locked
Public Equity
PE / VC
Corporate Leader

Thesis changelog

When our view changed, and why

4 updates

Change our mind

3 disconfirming conditions

The rest is inside

You've read the verdict. The file is much deeper.

The full signal stack, technology-native KPIs tracked over time, the landscape of who depends on whom, the dated catalyst calendar, decision frameworks for every desk, live watchlists and the changelog of every time our call on Zero-trust security has changed — all live inside CanaryIQ.

Log in to read the full analysis Create an account