* [Blog](https://www.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/) * [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/) * Zero Trust: Short Answers... # Zero Trust: Short Answers to Agencies' Top Questions [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2021%2F09%2Fzero-trust-answers-top-questions%2F) [](https://twitter.com/share?text=Zero+Trust%3A+Short+Answers+to+Agencies%E2%80%99+Top+Questions&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2021%2F09%2Fzero-trust-answers-top-questions%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2021%2F09%2Fzero-trust-answers-top-questions%2F&title=Zero+Trust%3A+Short+Answers+to+Agencies%E2%80%99+Top+Questions&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2021/09/zero-trust-answers-top-questions/&ts=markdown) \[\](mailto:?subject=Zero Trust: Short Answers to Agencies’ Top Questions) Link copied By [Rob Rachwald](https://www.paloaltonetworks.com/blog/author/rob-rachwald/?ts=markdown "Posts by Rob Rachwald") Sep 13, 2021 5 minutes [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown) This post is also available in: [日本語 (Japanese)](https://www.paloaltonetworks.com/blog/2021/10/zero-trust-answers-top-questions/?lang=ja "Switch to Japanese(日本語)") Government agencies have been stepping up efforts to adopt a Zero Trust architecture since May, when President Biden signed the [Executive Order on Improving the Nation's Cybersecurity](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/). Many of these agencies and other organizations in the public sector were already laying the groundwork for Zero Trust before the Executive Order as part of their digital transformation journey, which includes rebuilding and improving their security approach. We know that there are still a lot of questions about Zero Trust and that agencies may be wondering what it means to deploy a Zero Trust Enterprise approach with help from Palo Alto Networks. We thought we would lay out a few need-to-know basics about Zero Trust for agencies to keep in mind as they move forward in their cybersecurity journey. ## What Is Zero Trust? By definition, Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. The core idea of Zero Trust is to "never trust, always verify." Organizations can no longer inherently trust whatever is inside their security perimeter. As the perimeter has evolved and IT environments have become far more complex, organizations must continually authenticate, authorize and verify who and what can access an environment to grant "least privilege" access. Authorization is based on who or what is requesting access, the context of the request and the risk level. Deployed properly, Zero Trust is a strategic approach to cybersecurity that simplifies risk management to a single use case: the removal of all implicit trust for users, applications and infrastructure. ## What Is the Value of Adopting a Zero Trust Strategy? Zero Trust is a way for government agencies and other organizations to build resilience into their IT networks and environments. With Zero Trust as a strategic framework for guiding the agency's security approach, the agency can keep moving forward with its mission, even if its environment is compromised. Zero Trust can also serve as a North Star to guide an organization's future security investments. Whatever the threat du jour may be, it won't be the force driving the agency's decision-making around security spending. By moving to Zero Trust, an organization can lower its costs in several ways: * Reducing risk by eliminating implicit trust for users, applications and infrastructure. * Achieving better security outcomes by deploying the most rigorous security checks. * Adopting a simplified, consistent security posture that is less expensive to manage. ## How Does an Organization Become a Zero Trust Enterprise? Zero Trust starts with determining what you already have and what you need to reduce acute risk and achieve resilience. Government agencies and other organizations in the public and private sector should approach Zero Trust based on the intersection of users, apps and infrastructure with identity, devices/workloads, access and transactions. Here's what the approach looks like: ![Chart of steps for Zero Trust approach.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/09/ZT-chart-1.png) You can begin implementing the Zero Trust process anywhere. Starting points might include [Zero Trust Network Access](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access), DevSecOps, [microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation) or third-party management. ## What Are the Key Elements of the Zero Trust Enterprise Approach? Palo Alto Networks is uniquely positioned to deliver Zero Trust Enterprises because, unlike other vendors, we offer a broad, high-quality and integrated set of capabilities. We help enable and ensure Zero Trust by eliminating all implicit trust across users, applications and infrastructure. These important elements help distinguish our approach: * **Comprehensive**: Zero Trust should never focus on a narrow technology. It must instead consider the full ecosystem of controls -- network, endpoint, cloud, application, the Internet of Things, identity and more -- which organizations rely on for protection. * **Actionable**: Comprehensive Zero Trust isn't easy; however, getting started shouldn't be hard. * **Intelligible**: A Zero Trust approach should be concise and easy for nontechnical executives to understand. * **Ecosystem Friendly**: In addition to having one of the most comprehensive portfolios in the market, we work with a broad ecosystem of partners to help enable all aspects of the Zero Trust Enterprise. Here's what our Zero Trust Enterprise framework looks like, and how various technology products help to support it: ![Zero Trust Enterprise framework example.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/09/ZT-chart-2.png) ## What About Taking Zero Trust to the Cloud? Hopefully, the information presented above helps to answer some basic questions you might have about Zero Trust and how Palo Alto Networks can help support your journey. One final question we'll cover here is one we're hearing often from government agencies: "How challenging is it to extend Zero Trust policies to the cloud?" The challenge is that today, the majority of apps are now directly delivered from the cloud, public or private, with direct-to-app and rapid development models fundamentally disrupting app delivery and consumption models for your users. This creates a rift with the legacy, castle-and-moat approach in a traditional data center; bringing with it new risks as a consequence of the implied trust granted to IaaS, PaaS and app delivery platforms. A new mindset and a disruptive approach is needed to discover and eliminate implied trust in this ecosystem. Recently, the Palo Alto Networks federal team worked with a federal agency to extend its segmentation program for critical data from an on-premises environment to the cloud. The agency is taking advantage of the single policy engine in our [unified policy management platform](https://www.paloaltonetworks.com/network-security/panorama), Panorama, to apply the same Zero Trust policies in both environments without the need to design anything new. Visit our website for more information on how [Zero Trust architecture fuels digital transformation](https://www.paloaltonetworks.com/network-security/zero-trust). If you'd like to learn more about how we can help your agency become a Zero Trust Enterprise, our [Professional Services team](https://www.paloaltonetworks.com/services/consulting) can assist you with Zero Trust architecture design, implementation or both, depending on your organization's needs. *** ** * ** *** ## Related Blogs ### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Modernizing Federal Security with Prisma Access](https://www.paloaltonetworks.com/blog/2025/04/modernizing-federal-security-with-prisma-access/) ### [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### A Security-First Approach to 6G](https://www.paloaltonetworks.com/blog/2024/11/a-security-first-approach-to-6g/) ### [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Palo Alto Networks Zero Trust Platform Featured in New NIST Guidance](https://www.paloaltonetworks.com/blog/2024/08/zero-trust-platform-featured-in-new-nist-guidance/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### A Decade of Trust --- Meeting the Needs of the DoD](https://www.paloaltonetworks.com/blog/2024/03/meeting-the-needs-of-the-dod/) ### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Zero Trust: The Key to a Hybrid Workforce](https://www.paloaltonetworks.com/blog/2023/06/zero-trust-the-key-to-a-hybrid-workforce/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Network Segmentation for the NHS](https://www.paloaltonetworks.com/blog/2023/06/network-segmentation-for-the-nhs/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language