Apps have moved to the cloud and users are accessing them from anywhere, at any time using multiple devices. Despite that, the way enterprises secure access to applications has remained largely unchanged — they are still dependent on the corporate network perimeter and untrusted external networks.
The new reality, however, is that people are the perimeter.
The best way to architect and implement a new security framework is start with “no trust but verify” model. In other words, every service request made by any user or machine is properly authenticated, authorized, encrypted and tracked end to end.