Taking a step back from plunging into raving paranoia (which can be a good career choice, should you want to be deeper in security), ZT networking means the end of the flat network where everything can reach everything else. It's about determining what communications need to go where and permitting those and no more. The reason? Attackers, being unfamiliar with the network, will do probes and recon missions that go all over the place so they can plan their next moves. Blocking recon at the start makes things that much more difficult for attackers.
Which means they go the human route more and more - intimidation is on the rise as a component in cyberattacks, which means our own employees are more and more likely to use their access to permit attackers' entry and operations. Therefore, we have to keep an eye on those employee credentials, making Identity Management a critical pillar of ZT. No more assign users to groups and give groups rights on the network: assign users to groups and group members can check out temporary credentials to perform tracked and monitored functions.
Is this a bit police state-y? Yes. Yes, it is. If you read histories of how the East German secret police, the Stasi, ran operations, you will see ZT shot through their thinking. I abhor everything the Stasi stood for - oppression, silencing voices, totalitarianism - but at the same time, I can learn from studying them. By no means do I ever want to go as far as keeping scent samples on people so I can track them down with dogs or develop planar discharge mines to kill only people (or animals, as it turned out) who tried to cross border fences. But do I see a need to track and record all admin actions? Yes, I do. Most won't be reviewed, but if a forensic investigation arises, we want those for the investigation, 100%.