Security by Design: How Swiss Organizations Are Building Stable, Controlled Endpoint Environments

In many organizations today, endpoint environments have evolved incrementally rather than by design. New security capabilities have been added over time, EDR, MDR, XDR, threat intelligence, and analytics, resulting in layered architectures that are difficult to manage and govern consistently.

While each layer addresses a specific risk, the overall effect is increased complexity without a proportional reduction in exposure. At the same time, threat actors continue to operate at scale, using increasingly automated and coordinated methods. Increasingly, this includes a shift toward browser-based access models and cloud-delivered workspaces, reducing reliance on traditional endpoint complexity while supporting more flexible and secure ways of working.

This creates a structural challenge. The issue is not the absence of security controls, but whether they deliver measurable and consistent outcomes in practice, particularly in environments where reliability and accountability are critical.

In highly regulated and globally connected environments such as Switzerland, this places increased importance on control, transparency, and the ability to operate independently.

Why the Swiss market cannot ignore this shift

Switzerland is one of Europe’s most digitally advanced and economically interconnected markets, with a strong concentration of financial services, healthcare, pharmaceuticals, and international organizations. This high level of connectivity and economic value makes Swiss organizations a consistent target for cyber threats.

This is reflected in the national threat landscape.

Figures from the National Cyber Security Centre (NCSC) Annual Report 2025: Consolidated structures, stronger impact show that cyber risks are firmly on Switzerland’s radar. According to the report, in 2025, 64,733 voluntary reports of cyber incidents were processed, which is around 2,000 more than in 2024.

Ransomware also remains a serious threat to organizations. In its Semi-Annual Report on Cybersecurity: Situation in Switzerland and internationally, published in 2025, NCSC recorded an increase in ransomware incidents, from 44 in spring 2024 to 57 in the first half of 2025.

Although Switzerland is not directly subject to or legally bound by EU regulations such as NIS2 and DORA, their impact is clearly reflected in the Swiss market. Swiss financial institutions with operations in the EU must directly comply with DORA at the group or subsidiary level, while Swiss-based ICT providers supporting EU financial entities are increasingly required to meet DORA’s rigorous cybersecurity and operational standards.

Similarly, NIS2 affects Swiss organizations that operate in the EU, serve EU clients, or are part of critical infrastructure supply chains. Companies with EU operations above defined thresholds are directly in scope, while others are indirectly influenced through customer and partner requirements.

At the same time, Swiss regulatory frameworks are evolving in alignment with these developments. Requirements for incident reporting, critical infrastructure protection, and operational resilience are becoming more formalized, reflecting a broader shift toward higher security and accountability standards. The Swiss Financial Market Supervisory Authority (FINMA) continues to maintain its own regulatory frameworks, such as Circulars 08/21 and 18/3, while closely monitoring EU developments. As a result, DORA-aligned best practices are increasingly reflected in operations across the Swiss financial sector.

In this context, digital sovereignty is emerging as a key priority in Switzerland, particularly across financial services, healthcare, and the public sector.

The shift toward operational resilience

Organizations in Switzerland are increasingly prioritizing operational resilience to meet digital sovereignty and regulatory expectations and ensure reliable service delivery, while strengthening control over data, infrastructure, and operational dependencies. This includes:

• Maintaining continuity of business and public services
• Ensuring fast, predictable recovery from incidents

To achieve this, organizations are reassessing the role of the endpoint.

Rather than securing highly flexible environments, the focus is shifting toward controlled, standardized, and verifiable endpoint configurations.

This is where purpose-built endpoint operating systems provide a practical advantage by enabling standardization, central control, and reduced operational complexity.

By replacing general-purpose endpoints with secure, read-only, and centrally managed systems, organizations can:

• Reduce attack surface and system variability
• Enforce consistent and auditable security policies
• Prevent persistence and unauthorized system changes
• Enable fast and predictable recovery at scale

This approach simplifies endpoint configurations and enables consistent management across distributed environments.

By ensuring that only explicitly authorized applications and services can be executed, it aligns with Zero Trust principles and establishes a more controlled and predictable operating environment. It also provides the level of operational control required in regulated industries such as financial services, healthcare, and critical infrastructure.

IGEL’s immutable endpoint architecture, where the operating system is locked, read-only, and consistent by design, supports this. By eliminating persistence, it prevents unauthorized changes,  removes common attack vectors at the endpoint, reduces exposure to ransomware, and eliminates configuration drift.

This creates a stable and predictable operating foundation. Organizations benefit from lower operational effort, faster recovery, and consistent system behavior, particularly in business continuity and disaster recovery scenarios. In the event of a disruption, endpoints can be restored quickly and securely without reliance on replacement hardware, external services, or complex reconfiguration.

Because IGEL OS does not store sensitive data locally, organizations retain full control over data governance, residency, and compliance.

The platform’s open, infrastructure-agnostic design allows digital workspaces to run across sovereign clouds, national data centres, on‑premises environments, or hybrid architectures. This maintains flexibility, avoids lock‑in, and enables adaptation to evolving regulatory and geopolitical requirements.

Centralized endpoint management reinforces Switzerland’s focus on operational reliability, data control, and digital sovereignty, enabling more precise management of dependencies, system behavior, and access across distributed environments.

From flexibility to control

This model can also be extended beyond traditional endpoint environments to support secure access in distributed and specialized use cases, including shared devices, kiosks, and operational technology environments.

Organizations are increasingly adopting a simple principle: only what is required should be allowed to run.

In practice, this means:

• Applications and services must be explicitly authorized
• All non-approved activity is blocked by default

Reducing persistence leads to several outcomes:

• Lower probability of successful compromise
• Restricted lateral movement within the environment
• Reduced impact of security incidents
• Faster and more predictable recovery

Security effectiveness is therefore no longer defined solely by detection speed. It is determined by the ability to maintain control and ensure continuity under adverse conditions.

Join the conversation in Bern

These topics will be addressed at the Now & Next Workspace & Endpoint Security Summit on June 18 in Bern. This will include conversations that explore the growing importance of digital sovereignty in endpoint security, and how organizations can maintain control while meeting evolving regulatory and operational requirements.

The events will bring together IT and security leaders from across Switzerland to discuss practical approaches to:

• Maintain business continuity during cyber incidents
• Strengthen digital sovereignty and control
• Simplify endpoint environments to reduce risk and cost

The focus will be on practical implementation, measurable outcomes, and real-world deployment strategies for large-scale and regulated environments.

Sponsors include Omnissa, Nutanix, Nvidia, and UltrArmor.

Register here to join CIOs, CISOs, and IT leaders in Bern to explore one critical question:

What does resilient endpoint architecture look like in practice for Swiss organizations?