Mutual authentication of client and server using TLS is typical, but certain BYOD situations may not need the client authenticated to the server.HTTPS and general TLS with proper X.509 certs according to all current best practices is usually the keystone.So, what technologies will let you work while maintaining infosec? Not a bad place to work, but you can't "trust" the WiFi network a bit. Imagine you're using a laptop in a cafe that serves the darkest espresso you've ever had in your life, or from the New York Public Library main branch. I am more looking for suggestions of technologies helping to achieve this. I have seen some open source tools that do some of this (Keycloak, OAuth2_Proxy, Istio (for service-to-service and ingress encryption/policy)), however I haven’t seen anything similar for device policy based restrictions except maybe mTLS via Keycloak and user certs, though this wouldn’t really verify the device is still in good standing. I haven’t found any other corporate provider with a similar feature set that should completely cover the “Zero Trust” “architecture”. The combination of device policy based access, securing services behind an authenticating reverse proxy, etc is pretty good. I’ve not used the whole suite (it requires licensing that I don’t feel like spending in my lab), but the marketing seems good. To add on to this, Duo’s suite of products seem like they would be good for starting a Zero Trust setup. In terms of how you could manage that, I’d start with securing your endpoints and looking at things such as mTLS, and SSO. Zero Trust isn’t about how you setup your network, it’s more about how your applications authorize and authenticate users. I’d recommend you look at this comment for a start: