In a ZeroTrust model, you cannot trust anything residing in or out of your network. You also can’t rely on your on-prem security controls any longer, as the sensitive data is just transiting back and forth to the cloud, as it is sitting inside your network.
Allowing users to access the data without identifying, validating and authenticating them, invalidates the whole security stack. In ZeroTrust security, visibility into who is accessing your data, both on premises and in the cloud, should be insured so that data is only accessed when all risk factors surrounding the user and their authenticating device are scrutinized.