It is and today, it’s relatively straight-forward to implement. Get a good Zero Trust vendor.

Most of the “Zero Trust” vendor solutions on the market are a joke compared to Google’s internal implementation (BeyondCorp). If you read through the journal papers Google published you’ll see just how much work it is to do zero trust properly.

most companies are built on a random collection of SaaS services, you have to hope they all support it properly beyond just SSO

Any example?

You can implement this kind of thing using tailscale quite easily.

I will note though that “retrofitting” zero trust onto an existing network is a fucking nightmare no matter which way you go about it.

Yeah Tailscale is pretty awesome. Recently heard someone claiming it doesn’t qualify as true ZT, but for a mere mortal like me it would go a pretty long way.

Tailscale is fantastic at least for personal use.