[eastbound]

How do you ensure that laptops that access user-sensitive information don’t have a virus?

Is it a solution to require to use a VM with no sudo, so PII is accessed from a machine with no sudo and proper audit trail?