It really depends on your threat model. It is not always unreasonable.
Target trusted their HVAC management firm so much that they had full unsegmented access to the LAN in each store. The credit card swipe terminals in the same LAN were totally compromised and millions of users had their credit card credentials stolen.
Defense contractors and places that store / manage large amounts of money are totally within their mandates to trust no one, not even many of their own employees.
Right, I'm familiar with the hack. My point is Target almost certainly didn't decide that the HVAC firm could be trusted to have access to the credit terminals - the fact that they had access was the result of poor security design, not Target's threat model.
It's the everything always part of the argument that's unreasonable. You realise that that's impossible? You can't vet and control the whole stack. And, if you could, it would be prohibitively expensive.
Ok fair. I see the lack of simple things like segmented vlans as a lack of a threat model entirely. They trusted them implicitly, not explicitly, through their clear incompetence. Perhaps that’s better?
Sure you must always put some levels of trust in 3rd parties. What level of trust is the important question. Ideally, you distribute that trust among several actors so a single compromise is not too much of a deal.
That's why you use different hardware vendors for your routers and servers, another vendor for your network connectivity, and yet other vendors for your software. This way, MiTM is mitigated by TLS (or equivalent) and server compromise is mitigated by a good firewall and network inspection stack. Placing all your eggs in a single Google basket is giving a lot of power to a single "don't be evil" corporation, who may get hacked or compelled by law enforcement to spy on you and your clients.
Do it right, and you might mitigate threats, but do it wrong, and you are introducing more points where you could be compromised - a single supplier can be audited, a 100 cannot
