1.) There’s no such thing as “zero” trust, the phrase itself is a misnomer (not to mention marketecture, in many cases). There is only “improved assurance of trust”, which is more accurate, but less catchy.
2.) The principles which underpin zero trust have been around for a long time, and those principles will endure long after the conversation has shifted to some other buzzword.
3.) We’ve overcomplicated what it means. If you’re approaching security with an Assume Breach, Least Privilege, and Verify Explicitly & Continually methodology, then you are “doing” zero trust, irrespective of the technology.
Note: That doesn’t mean you’re doing it effectively—those 3 principles must be applied against all 6 domains to be truly effective (apps, data, identity, infrastructure, devices, and networks). But the perfect need not be the enemy of the good, either. “Start where you are. Use what you have. Do what you can.” (Arthur Ashe)
There’s always room to ask, “Can we do this better?”, and there is a technology aspect to that. But staying focused on implementing the principles (both technically and culturally) is the north star. And that is something you can (and should) start doing today, with what you’ve got, even as you look to improve over time.