As I frequently speak with security architects in a number of verticals, one thing I notice is the most of them are outnumbered in the public sector.  They lack the resources they need to combat security threats each and every day.  

If they were to adopt a zero trust model, they would reduce their attack surface, reduce the number of alerts they get and have to investigate, and would reduce the number of incidents they would have to deal with. 

They rely on the network to deliver applications. But as IT scales in size, connectivity, and environments outside the network to public cloud, they cannot rely solely on the network to secure applications.