2025 Federal Zero Trust Forum Recap

Zero trust is most effective when positioned as a practical risk-reduction strategy, not an abstract security framework. Remy Faures. head of information security at the World Bank Group, emphasized that buy-in improves significantly when organizations view zero trust as a proven way to prevent ransomware and large-scale cyber disruptions. Faures also outlined how the threat landscape is amplified by AI, which accelerates the speed and sophistication of attacks. At the same time, AI also presents an opportunity to strengthen zero trust, reinforcing the need to advance both security fundamentals and adaptive, data-driven defenses in parallel.

Effective zero trust adoption requires agencies to deliberately disrupt legacy environments and shift from the impossible task of defending an ever-expanding “attack surface” to protecting a clearly defined “protect surface:” the data, systems and missions they cannot afford to lose. Panelists emphasized that this mindset enables smarter prioritization and more resilient security architectures. Improving visibility into legacy systems and the software supply chain through tools like SBOMs is critical to defining and defending that protect surface, while continuous iteration and observability will be essential as threats grow more sophisticated. Officials said zero trust is evolving from a defensive posture into one that actively raises costs for adversaries, fundamentally changing the cyber risk equation.

Federal IT officials are increasingly turning to zero trust architectures to speed software deployment while strengthening cybersecurity across IT, operational technology and emerging AI systems. Leaders said zero trust foundations are helping agencies collapse lengthy authorization and compliance timelines, improve visibility into data, users and devices and reduce risk as technology environments grow more complex. Officials also emphasized that comprehensive system inventories and end-to-end visibility are critical to securing expanding attack surfaces, particularly as agencies integrate AI and connect more OT systems into their networks.

The Navy is ramping up its zero-trust cybersecurity efforts, moving key systems to the cloud and extending protections beyond IT to operational technology. Its shift from legacy platforms to the Flank Speed environment replaced VPN-based access with identity-driven security for more than 470,000 users, while simplifying the service’s overall architecture. Leaders said success required both technical upgrades and cultural change, with a focus on systemic implementation and alignment with NIST standards. Leaders are also applying zero trust to critical operational technology to better safeguard infrastructure and improve visibility across networks and devices.