Stopping lateral movement inside a data center, virtual or cloud environment is not an easy thing to do when you try to do it with an edge firewall, switches, routers, security groups or other traditional constructs.
So much of what I am seeing in industry is security from the outside in. From user authentication, multi-factor authentication and physical access of all kinds of devices. The problem with the notion of "outside in security" is that once a packet is inside the network it quite often will go unnoticed since that packet is inside of "trusted systems".
In a zero trust environment no packet should be trusted. Especially east-west traffic packets that do not have to abide by a strict security policy.
When you apply security from the inside out you will limit east-west traffic flow to only what is allowed. This is not as hard as it sounds. If you have the proper tools applied in the proper places and can implement them at scale solving for zero trust from the inside out can be done quickly, safely and at minimal cost.
DISA officials said the breach happened sometime in May or June of 2019, meaning the data exfiltration happened over some period of time. This kind of activity showed that the security system wasn't looking at lateral, east-west movement of attackers within the network.