End users are under no circumstances implicitly reliable. Anytime a person tries to access a useful resource, they must be authenticated and authorized, irrespective of whether they're now on the corporate network. Authenticated end users are granted least-privilege obtain only, as well as their permissions are revoked the moment https://ieeexplore.ieee.org/document/9941250