The 2020 Data Breach Investigations Report (DBIR) showed that over 80% of hacking-related breaches involved the use of lost or stolen credentials. The more modern approach is ‘governance-driven’ which is implemented at the application network layer (i.e., Layer 7), with the most common deployment model being the agent / gateway. This provides more security, with role-based access being the norm and lateral movement being much more difficult if criminals gained access. Use the cyber chain of failure to interrupt the attackers.
Source: https://www.helpnetsecurity.com/2021/05/24/location-agnostic-access-zero-trust/