Today, if I had to secure some new infrastructure paradigm I've never worked with, I would approach it by asking a series of questions based on those core security principles and suggest changes based on the answers. I can ask the same set of questions no matter what infrastructure paradigm is used because they are so foundational to securing any infrastructure.