The days of the VPN are gone. It is no longer feasible to establish a secure network perimeter with a hybrid setup with cloud resources and the myriad of devices that need to access company resources from anywhere. One single breach on a VPN setup can be catastrophic depending on the network setup and configuration.
Zero Trust builds upon the assertion that the network is assumed to be hostile. As a result, network locality is not sufficient for establishing trust, and every flow must be authenticated and authorized in a dynamic fashion. This creates an effective separation between the control plane β the supporting system that implements the flow authentication and authorization according to the defined policies β and the data plane.
To learn more about Zero Trust, see Zero Trust Networks: Building Secure Systems in Untrusted Networks and the BeyondCorp paper by Google.