For years, identity was assumed as the cornerstone of security in companies: if the system could verify who was entering, it was assumed that access could be granted without further repair. This logic worked when staff worked from corporate teams on controlled networks and on predictable times. Today, however, the picture has changed radically and identity-based security is insufficient in view of the reality of the modern workforce.
The work no longer happens in a single place or on a single device. People who connect from home, coffee shops, corporate laptops, personal devices or third party equipment make the context of each connection much more variable. A successful authentication tells us "who" is accessing, but it does not reliably inform us about "what risk" that access implies..
This is crucial: the same user who log in from a patched and managed team represents a very different risk from the one who log in from a computer without updates, without security controls or directly compromised. However, many access models continue to grant privileges based mainly on identity and leaving the condition of the device as secondary or static. As a result, confidence is maintained even when the final point worsen your risk profile after the login.
The attackers know and take advantage of it. Breaking strong authentication or violating MFA is often more expensive than reusing valid credentials or session tokens, or exploiting unprotected devices. Verizon's incident report clearly shows the persistence of the problem: the stolen credentials are involved in a very high percentage of the gaps detected ( Verizon DBIR). This underlines that the challenge is not only "to detect the impostor," but also "to verify the context from which access occurs."
In addition, there are access roads that have historically been left out of modern conditioned policies: old protocols, remote access tools or non-browser-based flows often receive less contextual verification. When identity and endpoint signals are treated in silos - different tools that do not share context - visibility is fragmented and decisions are inconsistent.
The security community has long been promoting principles of "Zero Trust" that start from not taking for granted that something is safe by belonging to a network or by prior authentication. Institutions such as the NIST document these ideas and how they should be applied in modern architectures ( NIST SP 800-207), and platform providers publish guides to implement them ( Microsoft Zero Trust). However, the real adoption stumbles on the technical complexity and friction that security can introduce into daily work.
For Zero Trust to work in the workplace, it is not enough to authenticate users: the conditions of the endpoint and the environment must be continuously verified. The condition of a device often changes: configurations that stop being safe, security controls off, patches pending. If the verification is immediately limited from the login, the confidence remains as the risk of the device can increase much later. This is why the solutions that extend access decisions beyond identity and maintain them throughout the session are increasingly common.
Implementing this continuous verification does not mean making safety an obstacle. On the contrary, the best approaches seek to balance protection and usability. This is to allow targeted remedies that the user himself can implement, policies that measure the response according to the risk and controls that differentiate between corporate, personal or third-party endpoints. This reduces the ability of attackers to take advantage of valid credentials from unreliable devices without interrupting the legitimate work of individuals.
Practical evidence indicates that when identity and endpoint controls are continuously integrated and evaluated, resilience improves. Organizations and suppliers are building tools that inspect the state of the equipment in real time and that can limit or adapt access without completely cutting productivity. For example, there are platforms that allow to apply device compliance-based restrictions, provide automatic remediation steps and maintain verification throughout the session on Windows, macOS, Linux and mobile.
It is also important to understand why some areas remain more vulnerable: obsolete protocols or legalized applications that are not compatible with advanced controls continue to represent accessible vectors for attackers. Similarly, techniques such as session tokens abuse or "MFA fatigue" campaigns have shown that the weak link is not always in the password, but in how it is applied and maintained confidence. Institutions such as the United States Infrastructure and Cybersecurity Agency (CISA) and industry organizations issue practical recommendations to mitigate these risks and to strengthen the defence against session and authentication abuse ( CISA).
For companies the question is no longer whether they should trust identity and it becomes how to articulate that trust with device and context signals in real time. There are trade solutions that integrate both dimensions and propose dynamic policies that are adapted to the conditions. An example of a supplier in this space is Spacups, which integrates continuous verification capabilities and endpoint state-based controls through technologies such as Infinipoint. These proposals seek to apply Zero Trust not only about who is authentic, but also about where and under what conditions ( Spacups, Infinipoint).
As a journalist following the evolution of cybersecurity, I see that the agenda for the coming years is clear: organizations must stop treating identity as an absolute guarantee and start designing controls that consider endpoint health and the context of access on a continuous basis. This transformation requires investing in integration between tools, redefining support processes to provide agile remedies and, above all, informing people why these changes are necessary. Effective security is not to stop the legitimate user, but to make legitimate access also secure.
If your team is rethinking the access strategy, it is appropriate to review reference resources on Zero Trust and identity management, to contrast technical options and to consider pilots that measure impact on safety and productivity. In an environment where login is often easier than forcing a gap, The relevant question is no longer "who is it?" but "from what and with what level of trust?"
Safety alert Drug critical vulnerability of SQL injection in PostgreSQL requires immediate update
Drucal has published safety updates for a vulnerability qualified as "highly critical" which affects Drumal Core and allows an attacker to achieve arbitrary SQL injection in sit...
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...