Hello everyone. It's good to see a full room. So my name is Alejandro. I'm a research analyst here at Co Air Coal, and today I'll be talking about Zero Trust Network access, a Market overview. Earlier this year I published a Leadership Compass report. It's one of the reports that we do at Co Air Coal. It was published in January and there were 18 vendors that participated. So I'll be sharing some of the insights in this session.
First, I will be just introducing what CTNA is. Then I will be talking about evaluation criteria about the methodology that we use in the report, and then I'll be discussing some trends and innovations.
So according to our research, the CTA market will reach 7.3 billion in 2025 with a compound annual annual growth rate of 17.4%. You can find more of our market sizing in our website. We have multiple topics there, so make sure to check out the website.
So, so what is Zero Trust? I think we can start there. You can make the argument that it's a marketing buzzword, right? Many vendors are trying to sell you zero trust, but in reality, there's no unique product or solution that will magically improve and modernize your entire organization. Zero Trust is more like a, like a strategy, right? It's a journey, it's a concept, and it requires a shift in the way it processes work, in the way the operations are done. And also it has to do with the culture of the organization. It's also not an IT modernization project.
So you don't have to get the ultimate solution, the newest product or the next generation, VPN. You should focus instead on redesigning your procedures, improving your policies, and also Zero Trust is strategical, right?
It's, it's, there are multiple ways of getting there. So I hope that with this report, you can see all the vendors that are in this market.
As I said, zero trust is ready, right? It involves multiple areas of IT devices, users slash identity networks, systems and applications data. And it's important because traditional network security tools are no longer adequate to address many of the challenges that organizations face.
So as businesses increasingly adopt cloud native mobile and they're more interconnected, the corporate network perimeter is disappearing, exposing users to internal and external threats. And that's where CTNA comes in as a concept. CTNA embraces the principle of least privilege. It's all about validating every access request. Here you can see some of the tenets of Zero Trust that are adopted by CTNA solutions from policy-based access to strong authentication from microsegmentation, et cetera. Here in the next slide, we have the COPPINGER call five plus two approach.
We recently published an advisory note on this topic. It's called the maturity level for CTNA comprehensive analysis. And in this report we try to offer a sort of roadmap, a framework for organizations to assess their maturity level so they can find out what they need to do to embrace the principles of zero trust. And this report was based on a document published by the US Department of Defense, which was published in October, 2022.
However, this co call approach added two support pillars, which you can see at the bottom, which is visibility and analytics and automation and orchestration.
So here are some of the emerging trends in the market. So organizations are increasingly adopting CTA frameworks, serial trust frameworks, and CTA solutions agent based CTA are increasingly being deployed, especially in in sass e solutions, CTA solutions are incorporating microsegmentation, making everything smaller into isolated zones, and as a result, improving security. We also see that CT solutions are evolving.
Many organizations that are in highly regulated industries, they might still support on-premise deployments. And many of these solutions offer cloud hybrid and on-prem deployment models. And as the internet of things and operational technology devices become more permanent, CT A solutions are also addressing these aspects. So delivery models, as I said, it really depends on the organization, right? It depends on many factors, the geographic distribution of users, the scalability, security needs. So it really depends what you're looking for.
Most provide, most providers offer a cloud-based control plane success delivery. And again, the journey towards zero trust is a never ending one. So requirements are changing and organizations need to keep up with information available and, and see what they really need to do.
So what are the main challenges?
Well, there are multiple challenges. I'd say number one, based on discussion with vendors during my research, the number one I'd say is deployment could be perceived as complex. Many of the vendors told me that when they're talking to their clients, many of them basically agree with what they're saying and they like the solution, but they get a bit scared when it comes to deployment and implementation. They tend to be a bit cautious and they, they, they want more information on these aspects. So many of the vendors, they need to address these, right?
They need to help their clients and they need to facilitate a transition.
We can see that also some of the clients, they, they might need certain features. So vendors must make sure that that's on the roadmap.
Of course, user education and adoption, many of the vendors need to emphasize the benefits of CTNA solutions if they really want people to adopt them. So they need to bring up concrete benefits, not only security, but also how it can improve your productivity and users, how you can save money, for example. So now we can talk about the report, the leadership compass dimensions. So we have nine categories, nine dimensions that we use to rate each vendor from security to functionality, deployment, interoperability, usability, innovation, market ecosystem and financial strength.
So each of the vendors that we assess gets a rating in each of these dimensions. And also something that we look at in each of the vendors chapters. We have a spider chart.
This is an example from Broadcom, which appears in the report. And these are the categories that we use that describe the strength of the product's overall capabilities in the context of CTNA. We have secure connectivity, access management, strong authentication, client risk, posture, monitoring, analytics, audit and compliance and performance and scalability.
So based on, you will see in a second, based on all of these vendors, we have dedicated chapters for them. On the left side, you see the rate of vendors that appeared. And then in each report we have a small section called vendors to watch and they get small description of what they do. So we had 18 participating in this year's leadership compass. And now I'll show you the categories of leadership. So we have the product, we have the market innovation, and the overall leadership. So the product focuses of course, on the product and the functionality and the capabilities.
Many of the categories of the spiral chart are measured in this leadership category. Then we have the market.
So we, we look at the presence of the vendor in, in, in the world. We look at the financial strength, et cetera. Then innovation, I think this is one of the most interesting ones because every year we get new vendors participating and they have new solutions to different problems. Some of them could be small vendors, but they have very innovative capabilities, right? So they can all benefit in this category. Maybe a small vendor wouldn't score particularly well in the market leadership or they can do well in innovation one. And then we have the overall leadership, which you can see right here.
And there's the link if you wanna access it, or you can just go on our website and, and look for Leadership Compass Reports. It was published in January.
So we have a mixture of well established vendors and small but highly in companies both from Europe and from North America. In the next scrap we'll see the product leadership category. So we have, again, some of the small vendors that I mentioned earlier.
They, they still show strength in some areas in their product, and that's highlighted right in this, in this slide, as well as in the innovation leadership category. So we have small vendors again, that they have a different approach to different things. And of course then the last one is the market leadership. So here we see well established big companies that maybe they don't have a very strong product, but they have the strength and the market presence and the market share to improve their product. So how do we get all of this information? What's the process of the leadership compass?
So basically, before we have to identify the vendors relevant to this market segment, we contact them, we send them a questionnaire with hundreds of questions.
Some of you may know those questionnaires. Then we have a briefing with the vendor. They show the product, they show us a demo, and we can ask them questions from the questionnaire that we may have. And then we analyze all of this information and we write separate chapters for each vendor.
And then we send them back to them and we can have a fact check call with them in case there was a misrepresentation or is anything that should be addressed. And after the fact fact check stage, we publish the report.
So it, it really depends on, on the topic or on the number of vendors, but it could take between two, three to four to five months. Really depends.
So how can you, how can your organization travel in this, in this world of zero trust? How can you adapt? And here are five elements that I think are, are crucial that many of these, these CTA solutions are embracing. It needs to be identity driven, it needs to be dynamic, intelligent automation. But it's not only about saying, oh, we have machine learning, we have ai.
Like many, you, you see this often. You, you gotta be specific on how these capabilities really bring something to the table, how they, you know, work and what they actually do. Not just putting them there to, to sound fancy. It's about a week to deployment and as a bonus serial footprint. And if you have more questions on, on how to choose the, the solution, you know, out of all these 18 vendors and, and many more that you may know, we have case open select where you can identify your own needs and requirements to, to see which solution fits best for you.
We have more related research as well on the third sentence. That's the maturity level for zero trust that I referred earlier. You can see a, a document there where we go step by step on how you can assess the maturity level of your organization and how you can incorporate zero trust principles into it.
And yeah, that's all for me. Thank you.
Thank you time for a question from the room. Anybody have a question?
We, again have,
Do you have any online,
We have one online question too, but we have one from audience here.
I submitted mine online, but okay, if it's online you can read it.
If not, I'll happily repeat it again.
Or we actually already have three different questions, so maybe you don't have time for everything, but, or at least one could be addressed really quickly. Any reason why the new solution from Microsoft was not covered in your report?
Well, we invited Microsoft, I believe, but some vendors choose not to participate for different reasons because of their conflict schedules, et cetera. But yeah, that's, that's what happens sometimes.
Could I ask my question then if it's not being read out?
Sure.
So I submitted a
Question, how do you deploy or how can you deliver zero trust for A-D-D-I-L environment?
So denied, degraded, intermittent, and limited bearer network environment. How can you, where you have effectively deployed IAM at the edge, how can you guarantee zero trust in that environment?
Well, that's a good question.
I'd say you can't,
Well you better tell that to the US Department of Defense because they're trying to do it.
So,
Okay.
I guess that's why they wrote down this document, how to achieve zero trust. Maybe they can address that.
Yeah, they have extensive guidance and the the NIST and the DOD on things like that. So that would probably be their recommendations for how to start.
But yeah, it sounds like a very difficult job. Alright, thanks again, Alejandro. Thank you. Keep it on time here.
