For years, enterprise endpoints were expected to handle everything locally, including productivity, collaboration, storage, and security, while supporting increasingly complex operating systems and applications. But as more workloads have moved into cloud-delivered environments, that model has started to break down.
Today’s employees work across virtual desktops, web applications, browsers, and collaboration platforms from virtually anywhere. At the same time, IT teams are under pressure to improve security, reduce operational complexity, extend hardware lifecycles, and support sustainability initiatives. Those competing demands are forcing organizations to reconsider whether every employee still needs a fully exposed, fully persistent desktop operating system.
Increasingly, the answer is no. That realization is driving renewed interest in thin clients, zero clients, and endpoints repurposed with Linux-based operating systems. What was once viewed mainly as a cost-saving measure is now becoming part of a broader strategy around cyber resilience, Zero Trust architecture, and operational simplicity.
Why endpoint complexity has become a security problem
Cybercriminals have adapted faster than most endpoint strategies. IBM’s 2025 Cost of a Data Breach Report found that the global average cost of a breach reached $4.44 million, while the average breach cost in the United States climbed to a record $10.22 million. Phishing, compromised credentials, and AI-driven attacks remain among the most common entry points into enterprise environments.
At the same time, the attack surface continues to expand. Palo Alto research reports that 85% of the employee workday now takes place in a web browser. That shift changes what organizations actually need from endpoint devices.
Traditional PCs were designed for maximum flexibility. Users could install applications freely, customize settings, store local data, and modify operating systems. While that flexibility improved productivity, it also created significant exposure. Modern attackers exploit exactly those characteristics through persistent malware, browser exploitation, credential theft, and unpatched operating systems.
The result is an endpoint environment that becomes harder and more expensive to secure over time.
The rise of more controlled endpoint architectures
Modern thin clients and Linux-based endpoints take a different approach. Instead of trying to secure an infinitely flexible platform, they narrow functionality to only what is needed for secure access to enterprise resources.
Purpose-built Linux operating systems can help reduce attack surfaces by limiting local software installation, restricting administrative access, minimizing exposed services, and simplifying device behavior. Rather than managing constantly changing endpoints, IT teams gain highly predictable devices with tighter control and consistency.
Another key advantage is the rise of immutable or non-persistent operating system models. In these environments, the operating system loads into memory at boot and returns to a known-good state after reboot. User changes are not permanently written to the device.
That directly disrupts one of the most common attacker goals: persistence. Ransomware and other malware often rely on modifying system files or startup processes to remain active after reboot. Non-persistent operating systems significantly reduce those opportunities.
While no endpoint platform is inherently immune to compromise, reducing unnecessary local functionality can simplify management and limit opportunities for persistence and misconfiguration.
This approach also aligns closely with Zero Trust security strategies. Rather than automatically trusting endpoints, Zero Trust assumes that every user, device, and session must be continuously validated. Simpler, tightly controlled endpoints are easier to secure and easier to verify.
Browser-centric work is reshaping endpoint priorities
The rise of browser-delivered work is accelerating this shift. Applications increasingly run through SaaS platforms, web applications, Progressive Web Apps (PWAs), and cloud-delivered collaboration tools.
According to Omdia research, 99% of IT organizations now rank browser security as a top 10 priority. Organizations no longer necessarily need a fully open desktop operating system to support productivity. Instead, they need secure, reliable access to centralized applications and services.
Modern Linux-based thin client environments increasingly support secure browser architectures that allow users to access cloud-delivered applications without exposing the broader operating system. In many cases, this makes endpoints easier to manage, lock down, and recover after incidents.
Why hardware repurposing is becoming more strategic
The changing role of the endpoint is also reshaping hardware refresh decisions. For years, repurposing older PCs was largely viewed as a sustainability initiative. Today, organizations are increasingly seeing security and operational benefits as well.
Many aging Windows devices become difficult to maintain over time due to patch complexity, unsupported operating systems, and growing ransomware exposure. Replacing every aging endpoint with a new Windows PC may no longer make sense, particularly for users whose workloads are largely browser-based or delivered through VDI and DaaS platforms.
Repurposed Linux operating systems offer an alternative. Older hardware can be transformed into tightly controlled, secure access terminals for cloud-delivered workspaces, extending hardware lifecycles while reducing exposure associated with traditional desktop environments.
That shift is especially relevant as organizations prepare for the Windows 10 end-of-support transition and evaluate large-scale endpoint refresh cycles.
Shared devices and frontline work are driving change
Frontline and shift-based work models are also driving demand for simpler, more secure endpoints. Retail, healthcare, manufacturing, and logistics organizations often manage shared devices used across multiple shifts and temporary workers.
These environments require endpoints that are secure, easy to reset, simple to manage, and consistent across users. Stateless, centrally managed endpoints fit those requirements particularly well because they minimize retained user data and reduce operational overhead.
Healthcare environments highlight the value clearly. Clinicians move rapidly between workstations throughout the day, making fast authentication, session consistency, and minimal local exposure critical operational requirements.
A simpler endpoint may ultimately be a more secure one
As more workloads move into cloud and browser-delivered environments, organizations are reassessing what endpoints actually need to do. For many users, the answer is far less than it was a decade ago.
That shift is creating new interest in thin clients, zero clients, and repurposed Linux-based operating systems that prioritize control, consistency, and reduced exposure over maximum flexibility.
Traditional PCs will continue to play an important role for power users and specialized workloads. But for a growing percentage of employees, the endpoint is increasingly becoming a secure access layer into centralized applications and services rather than a standalone computing platform.
The organizations that adapt most successfully may be the ones that recognize endpoint security is no longer just about adding more controls. It is about reducing unnecessary complexity in the first place.
Kevin Greenway joined 10ZiG in 2012 and became CTO in 2015. He leads the company’s overall technology and product strategy, collaborating with global teams to ensure continuous innovation in a fast-paced, disruptive market. Under his leadership, 10ZiG delivers modern, managed, and secure endpoints through a unified hardware and software approach.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.