Traditional security methods broadly classify everything (users, devices and applications) inside the corporate network as trustworthy. The focus therefore is on strengthening the network perimeter and then granting full access to corporate data once credentials are successfully validated. In practice, this model considers all resources to be external and continuously verifies trust before granting only the required access. For zero trust, as an IT administrator, you need to know your devices before you can trust them. Technology building blocks to help implement least-privilege access include micro-segmentation and transport encryption.
Source: https://threatpost.com/practical-guide-zero-trust-security/151912/