Endpoint devices include mobile devices, workstations, and servers. Endpoint devices should connect to the network through a secure channel (such as a Virtual Private Network or VPN), this is to ensure data is not intercepted when retrieved by a client. Also, endpoint devices must have adequate security, such as encryption, antivirus, and firewalls, to keep both data in transit and data at rest protected (especially in a situation when the device is stolen). Additionally, all corporate networks should be encrypted with industry best standards.
Expert Opinion - Defence In Depth
Control Objective
Endpoints include servers, desktops, laptops, tablets, and mobile devices
Networks include wired and wireless, and require secure perimeter, network segmentation, and known ingress/egress points
Controls must exist to prevent, detect, and respond to security incidents
Technologies must include firewall, intrusion prevention, web content filtering, email content filtering, and anti-virus at a minimum
Systems must be hardened (e.g. default passwords and shared accounts must not be used, unnecessary services are disabled, and insecure protocols are disabled)
Additional controls may be required to mitigate risk to your organization