[offmycloud]

Zero Trust is such a terrible name. What they really mean is less trust in network location, static firewalls, and site-to-site VPNs, and much more trust in the cryptography behind TLS, identity systems, and how they interact with applications.

[slaymaker1907]

I think defense in depth is also a major related principle. Make each layer as beefy as possible in terms of security even if seemingly redundant since these help when other layers are bypassed through some exploit.

However, in my opinion one major failing of this paradigm is that while some additional layers are useful, it's still good to think about threat models and failure modes since at some point, you can't implement additional security measures due to the computational and human cost.