Discuss the practical challenges of implementing Zero Trust in hybrid infrastructures (on-prem + cloud). Consider identity management, micro-segmentation, continuous authentication, and how to handle legacy systems that don’t support modern security models.