What control should a company implement to allow only preapproved software to run on its endpoints?

Implementing allowlisting is a highly effective control for ensuring that only preapproved software can run on a company's endpoints. Allowlisting, also known as whitelisting, involves creating a list of software applications that are explicitly permitted to execute on the system. By adopting this approach, organizations significantly reduce the risk of malware and unapproved applications, as any software not on the list will be denied execution.

This method contrasts with other strategies like blacklisting, which only identifies and blocks specific known harmful software while allowing all others. Consequently, blacklisting can leave systems vulnerable to new and unknown threats, whereas allowlisting maintains a stricter control environment.

Moreover, controls such as encryption and multifactor authentication serve important roles in securing data and verifying user identities, but they do not directly address the issue of application control on endpoints. Allowlisting stands out as the most relevant and effective strategy for managing which software applications are authorized to run within the organization's network.