End point control measures are designed to authorise the appropriate level of access for authenticated users, given the known risk of their environments. For example, full access to business applications may be granted from a corporate-managed desktop compared to simply checking email from a cyber café.

This can be achieved by integrating technologies to enforce security at the end point, such as personal firewalls that are installable as desktop images or transient software agents. Desktop integrity checking software scans the computer to ensure new threats are identified and removed, while desktop operating system vendors have a powerful incentive to create increasingly trustworthy platforms.


With an integrated and scaleable object-based SSL VPN policy model, it is possible for network administrators to provide fine-grained access control rules that precisely define which individuals or groups have access to which applications from which types of end points. With an inverted network and multiple trust domains, authorisation can be centralised and independent of application servers and the perimeter access controls.

The idea of the inverted network or deperimiterization is increasingly resonating with large companies and it is more likely that SSL VPN technology — developed to meet the demand for secure remote access — will play a major role in delivering the secure inverted network.