Case study · Services
Zero Trust for Remote Workforce
ZTA with device posture, least privilege, and conditional access policies.
Key results
- Phishing success rate -82%
- Lateral movement incidents 0
- SSO adoption 100%
Context
A 500-person professional services firm operating fully remote had an identity perimeter that grew organically as new SaaS tools were adopted. Credentials, MFA coverage, and device posture all varied per application, producing material exposure to phishing and lateral-movement attacks.
Challenge
The firm needed zero-trust posture that would not disrupt billable productivity during rollout. Traditional VPN modernization would have required months of downtime; the partners would not accept that.
Approach
Thoughtwave ran a 10-week zero-trust program aligned to NIST SP 800-207: identity consolidation under a single IdP, conditional access policies tuned to role risk, device-posture enforcement, and SSO coverage across every SaaS in the stack. Rollout phased by team to minimize disruption.
Outcomes
Phishing success dropped 82% after universal MFA and conditional access; lateral-movement incidents went to zero in the subsequent year; SSO adoption reached 100% across the SaaS footprint. The firm now onboards new applications with zero-trust as the baseline rather than a later project.
Want a similar engagement?
We deliver engagements like this one across AI, data analytics, cybersecurity, and workforce solutions. Bring your scenario; we bring the team and the production patterns.