The alternative it a strict zero trust network design with very internet access only via RDP or similar protocols. Not many companies are willing to do this.