Forrester is currently pushing their Zero Trust model for network security, where they state that hosts on the corporate intranet should be untrusted in the same way as Internet devices. This makes a lot of sense, and can be implemented to various degrees according to the risk to your business. For instance, Windows clients should be isolated from one another using IPSec domain isolation. In most cases, there’s no reason why Windows clients should be talking to anything other than Windows servers.
The Zero Trust model can also be applied on the desktop. In other words Least Privilege Security assumes that the user will eventually do something bad, often by accident and less commonly, maliciously. Using virtualization technologies we can work with the Zero Trust model but still give users the flexibility they need to install applications and experiment with different configurations.