No, I think the new consensus is that all systems are vulnerable (obviously true if all systems have users with access, whom may be compromised) - so not layers: compartments (and need to know;need to access).

I believe this is part of eg google/alphabet's new model: no hard wall, soft "inside" (egg model). Just stand alone secure sub-systems with ACL (access control lists) mediating access on a user-by-user, sub-system by sub-system level. No real trust in "location" as proof of authorization (I assume truly, off-grid clean rooms are excepted) - because "everything" needs access to networked resources.

Ah, I guess they call it BeyondCorp:

https://cloud.google.com/beyondcorp/

Sure, I used (or the person I’m quoting used) the wrong term, thanks for the clarification. I did mean and he meant compartmentalising :-)

Virtualization, privilege management, etc. are still another layer.

Both are important in the context of security.

It should be noted that your staff are a key attack vector.