Ensuring the information security of an enterprise is quite a complex task. This is due to the multifaceted nature of IT infrastructure and applications, the breadth and intensity of user access, the excessive openness of most corporate networks, and several other factors. In these conditions, the concept of zero trust is increasingly being considered as the most preferable solution to the problem of ensuring the security of enterprises, organizations, institutions. The basic idea of the concept of zero trust is that there are no areas that are trustworthy. However, despite the popularization of the zero trust concept and the obvious security benefits of its application in enterprises, there are certain difficulties in its implementation. In particular, planning to bring the infrastructure into compliance with the zero-trust principles cannot be accomplished partially or as part of minor modifications to the relevant information systems. It is necessary to reorganize the information infrastructure as a whole, as well as to integrate all aspects that ensure the security of enterprise activities, so that the zero-trust principles show their effectiveness. On the other hand, today there is a problem associated with a certain lack of awareness about the zero-trust approach (about its theoretical and practical potential) for choosing the right solution. This paper is precisely aimed at solving this problem by summarizing existing research and the experience of various international companies that are implementing this approach in practice. It briefly discusses models and key zero-trust principles proposed by renowned international organizations and companies that will help make sense of a fundamental shift in the approach to information security, cybersecurity.