Device Trust
Device Trust is the practice of verifying that a device is secure and compliant before granting it access to resources. It evaluates factors like OS patches, security software, and hardware integrity to determine whether the device is trustworthy.
# WHAT TEAMS RUN INTO
- —
Device trust depends on signals that can be spoofed. A device claims to have endpoint protection installed, but the signal can be forged. Device trust is only as reliable as the integrity of the attestation signals.
- —
Device trust doesn't account for user compromise. A device can be perfectly secure, but if the user is social engineered or infected with spyware, the secure device becomes a compromised device.
- —
Device trust policies create exclusion. BYOD devices, personal devices, and older devices often don't meet device trust requirements, excluding legitimate users or forcing policy bypasses.
# WHY IT MATTERS
Device Trust recognizes that identity is not just about the user — it is about the device the user is using. A valid identity on a compromised device is still a compromised device. Device trust brings hardware security and OS security into identity decisions. But device trust is only one signal — it must be combined with user verification, context analysis, and behavior monitoring to make smart decisions.