Users are by no means implicitly trustworthy. Each time a person tries to obtain a source, they must be authenticated and authorized, irrespective of whether They are previously on the corporation network. Authenticated consumers are granted least-privilege entry only, and their permissions are revoked when their job is done. https://ieeexplore.ieee.org/document/9941250