Defense-in-depth with security wrapped around every identity and around every asset – each time they connect to business-critical applications takes a zero-trust strategy to the next level. A combination of preventative controls and detective mechanisms can help get companies closer to zero trust. It's not just about controls either. Organizations need to find the right balance between technology, people, and process. Adopt an "assume breach" mentality to the organization's security programs. In the context of zero trust, it's not a matter of “if" but "when," which demands that the company focuses on breach recovery and not just breach prevention. Ensure the success of the organization's IT and security teams. Start enabling the business in a secure way by extending zero-trust to the SaaS application data layer.