In the modern workplace, the proliferation of endpoints has significantly expanded the attack surface, presenting new security challenges for organisations. Security and risk management (SRM) leaders must therefore extend zero-trust principles to endpoints to enhance workspace security effectively. This approach moves beyond traditional security measures, focusing on continuous verification and adaptive access control to mitigate risks associated with both managed and unmanaged devices.

Assessing and integrating security systems Zero-trust is a transformative paradigm in cyber security that replaces implicit trust with explicit verification for every access request, emphasising continuous risk assessment based on identity and context. However, treating zero-trust as a single product or technology can lead to implementation failures and increased security risks. Instead, look to adopt a comprehensive strategy that integrates various security tools and practices. The first step in extending zero-trust principles to endpoints involves a thorough assessment of existing security systems. This process includes creating an inventory of all devices accessing corporate resources, both managed and unmanaged, and auditing the applications installed on these devices. Enforcing built-in security features, such as firewalls, access controls, and encryption, is crucial for managed devices. Additionally, removing persistent administrative rights and granting them only when necessary, can further reduce risk. This assessment helps organisations understand their current security posture and identify areas for improvement while also aligning with industry standards. Read more about zero-trust When it comes to adopting SASE or zero trust, it's not a question of either/or, but using SASE to establish and enable zero-trust network access.

Zero-trust security should be seen as a strategy to protect high-value assets and is not tied to a specific technology or product, says the model’s creator John Kindervag.

Security administrators don't have to choose between zero-trust and defense-in-depth cyber security methodologies. Learn how the two frameworks complement each other. Integrating various endpoint security and management tools is essential for a robust zero-trust approach. Combining endpoint protection platform (EPP) with unified endpoint management (UEM) creates a unified endpoint security (UES) system, providing comprehensive visibility and control over managed endpoints. This integration enables continuous risk assessment and adaptive access control, enhancing the ability to mitigate potential threats. Integrating identity and access management (IAM) and secure service edge (SSE) tools offers granular visibility into user and device activities, facilitating more thorough risk assessments and adaptive access controls.