Future Tech/infrastructure
Zero Trust Becomes the Default Network Architecture
Zero Trust stops being a buzzword and becomes the boring default. New deployments skip VPNs entirely. The 1996 perimeter model finally retires.
// By 2028 · high confidence · disruption 7/10
Prediction
// 2028
By 2028, the majority of new corporate network deployments will skip the VPN entirely and ship Zero Trust by default.
What dies
- → corporate vpn
Who wins
- → Cloudflare Access
- → Zscaler
- → Tailscale
The hook
Tailscale, a company that essentially sells 'not a VPN,' reached meaningful enterprise penetration within five years. The fact that the market needed that product proves the VPN model broke before most enterprises admitted it.
Thesis. Zero Trust stops being a multi-year transformation project and starts being a default checkbox in new deployments. The legacy migration takes longer; the default flip happens faster.
The story
The setup
25 years of perimeter-based security. Firewall plus VPN plus internal trust. The model worked when offices had walls and most work happened inside them.
The forerunners
BeyondCorp at Google, 2014. The early Zero Trust concept. Slow adoption due to migration complexity and the absence of off-the-shelf vendor offerings.
The cloud forcing function
SaaS adoption means the 'internal' perimeter protects fewer apps. The VPN protects less every year. The protection budget stays flat while the protected surface shrinks.
The breach wave
2024 VPN vendor breaches (Ivanti, Fortinet, Cisco) force CISO reckonings. The conversation in CISO peer groups shifts from 'when should we move' to 'why are we still on this.'
The default flip
2027 to 2028. New network deployments default to Zero Trust. VPN becomes legacy state, maintained for compatibility with old apps that have not been refactored or for the small set of users who genuinely need network-level access.
First signals (verify today)
Cloudflare Access at 100M+ users. Tailscale at meaningful enterprise penetration. CISA federal Zero Trust mandate by 2027.
Key data points
- Google BeyondCorp paper: 2014
- Cloudflare Access launch: 2018
- Tailscale founding: 2019
- CISA Federal Zero Trust mandate: 2027
- Major 2024 VPN breaches: Ivanti, Fortinet, Cisco
Contrarian angle
Zero Trust vendors love to say 'perimeter is dead.' The perimeter still exists. It just moved from the network to the identity. The marketing missed the nuance.
The flip side
What this kills
The paired obituary in Tech Graveyard.
Read the obituaryFAQ
Is ZTNA the same as Zero Trust?
ZTNA is one component. Zero Trust is the architectural principle (verify every request, trust nothing implicitly by network position). ZTNA is the network-access-specific implementation. SASE bundles ZTNA with SD-WAN, SWG, CASB, and FWaaS.
Can existing VPNs be upgraded to Zero Trust?
Some vendors offer 'Zero Trust VPN' SKUs, which are mostly marketing repackaging. A genuine Zero Trust migration usually requires replacing the network architecture, not upgrading the VPN appliance.
Does Zero Trust eliminate the need for firewalls?
No. Firewalls remain useful for north-south traffic, egress control, and segmenting the few remaining trusted zones. The Zero Trust shift is about not relying on the firewall as the authentication mechanism.
More from guptadeepak.com
Want the technical deep-dive behind this prediction?
Read the companion articleRelated predictions
More from the infrastructure desk.
// By 2029
high confidenceCloud IAM Becomes the Only IAM
By 2029, identity directories run in the cloud or they do not run. The last Fortune 500 on-prem AD deployment retires. The hybrid era ends.
First signals: Microsoft pushing Entra ID for new deployments. AD greenfield deployments at all-time low. Okta enterprise wins accelerating.
infrastructure · Disruption 7/10
// By 2028
medium confidenceSynthetic Data Becomes the Primary AI Training Data
The internet ran out of high-quality text for AI training. Synthetic data is filling the gap. By 2028, more AI training tokens come from AI than from humans.
First signals: Anthropic publishes papers on synthetic data scaling. Microsoft Phi models trained on synthetic data. Sakana AI synthetic training. Scale AI pivoting toward synthetic.
infrastructure · Disruption 8/10
// By 2029
high confidenceEdge AI Compute Becomes the Default for Latency-Critical Workloads
Apple Intelligence runs on-device. NPUs ship in every laptop. By 2029, most consumer AI inference is at the edge, not in the cloud. The economics force it.
First signals: Apple Intelligence ships on-device. Snapdragon X NPUs in Windows laptops. Groq and Cerebras pushing inference at speeds cloud cannot match. Cloudflare Workers AI scaling.
infrastructure · Disruption 8/10