Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
With that said it does not apply to just your own view of the work or your "app" or your "level" of control. It starts at physical access to the computers and wires themselves all the way up the stack into your databases, operating systems, backups, and even into your application, and the Customers who access it.
No one level of the comput/storage/network stack can do a True Zero Trust with out ever other layer doing it just as good. The weakest point in your security is all the security you have. So that $5 a month monitoring software you installed on your webserver to monitor and collect stats, that is a back door in to your systems.
Read more at Woods LLP