The zero-trust concept is often (and pithily) summarized as trust no one, verify everything No enterprise can stave off the myriad of cyberthreats as long as they assume that any individual element can be trusted as secure. No traffic, whether internal or external, can automatically be deemed safe, so organizations must simply stop trusting anything or anyone. For complete airtight security, no website should be trusted, yet users must be able to access the sites that they need.
Source: https://threatpost.com/tips-zero-trust-implementation/147237/