As Lucas Budman, CEO of TruU, observes: “It’s also important in a Zero Trust construct to recognize that devices that access data (laptops, desktops, mobile devices) have identities, as well. You have to understand the device’s posture when accessing the network in order to provide proper device level authentication and authorization. If the user only has access to non-sensitive or public information, the enterprise may not care that their device might have malware; however, if the user is trying to access sensitive financial or customer data, access should only be given to those devices that are managed, trusted and protected. In any case, simultaneous device risk data and identity authentication allow customers to implement policies that respond to potential threats as they happen by stepping up identity verification on compromised endpoints and limiting access to high-value assets associated with those endpoints.”
Source: CPO Magazine