How a 200-Employee Company Stopped Cyber Threats with Zero Trust—And How You Can Too

by Steven Palange, Chief Security Officer at SoverAIgn Solutions ? Follow for weekly insights on Cybersecurity, AI, and IT Transformation

Click below to listen to the NotebookLM Podcast (No sign-in Required) Without leaving this page

When a successful 200-employee logistics firm—let’s call them FleetFlow Logistics—suffered a targeted phishing attack that compromised a finance executive’s email account, the leadership team knew something had to change.

Rather than just patching a symptom, the CIO pushed for a full strategic shift: implementing a Zero Trust Security Model from the ground up.

This is the real-world story of how FleetFlow embraced Zero Trust—and why other small to midsize businesses should too.

? The Catalyst for Change: A Wake-Up Call

The attack wasn’t massive—but it was personal. An attacker used the compromised email to request fraudulent ACH transfers. Luckily, it was caught in time, but the incident exposed a painful truth: FleetFlow was operating with implicit trust.

No MFA. Flat network. Admin accounts galore. Shadow IT everywhere.

The CIO, Julie Tran, made the case to the board:

“We can’t rely on old security models anymore. Zero Trust isn’t just for enterprises—it’s survival for us too.”

? The Zero Trust Roadmap: Principles in Action

FleetFlow adopted the three core Zero Trust principles:

1. Never trust, always verify
2. Assume breach
3. Limit access by least privilege

With these principles in mind, the team set a 6-month implementation roadmap and brought in a partner MSSP to assist with planning, deployment, and continuous monitoring.

?️ The Tech Stack That Made It Possible

Here’s how FleetFlow built their Zero Trust architecture:

1. Identity & Access Management (IAM)

• Rolled out Azure AD for centralized identity.
• All apps—cloud and on-prem—connected via SSO.

2. Multi-Factor Authentication (MFA)

• Enforced MFA for all users via Duo Security.
• Conditional access policies denied access from non-compliant devices.

3. Device Management

• Deployed Intune for Windows devices and Jamf for Macs.
• Ensured device compliance with encryption, AV, and patch status.

4. Network Segmentation

• Separated Finance, HR, and Engineering departments with VLANs.
• Internal lateral movement monitored and blocked by firewalls and ZTNA.

5. Least Privilege Access

• Introduced Role-Based Access Control (RBAC) and Just-In-Time (JIT) access for sensitive systems.

6. Application Access Control

• Used Zscaler and Microsoft Defender for Cloud Apps to control access to apps based on user, device, and location context.

7. Endpoint Detection & Response (EDR)

• Deployed SentinelOne on all endpoints for real-time threat detection and remediation.

8. Data Protection

• Enabled Microsoft Purview to classify, encrypt, and protect sensitive data.
• DLP policies stopped data leaks to personal email or USB drives.

9. Monitoring & Response

• Adopted Microsoft Sentinel to correlate events, monitor behavior, and trigger automated responses to anomalies.

10. Zero Trust Network Access (ZTNA)

• Eliminated VPNs and enabled remote access via Zscaler Private Access (ZPA).

?? A Day in the Life: Finance Employee Accessing HR Data

Let’s say Jacob in Finance needs to access an HR file:

1. Jacob logs into his laptop – Azure AD verifies identity and Duo MFA challenges him.
2. Intune checks his device – patched, compliant, secure.
3. RBAC determines he has limited access to HR documents.
4. Jacob is at home – conditional access sees he’s in an allowed geo and using a compliant device.
5. Microsoft Sentinel logs and monitors the session in real time.

No back doors. No assumptions. No trust without verification.

? Security Policies Implemente

• MFA enforced for all users
• No direct access to internal apps from the internet
• Only managed devices can access corporate resources
• Zero local admin privileges
• Quarterly access reviews and phishing simulations

? Business Benefits Realized

• No successful attacks since implementation
• Cyber insurance premiums dropped 18%
• Improved NIST and CIS compliance posture
• Reduced IT help desk tickets by 23% due to automation
• Scalable, secure infrastructure ready for future growth

As CIO Julie Tran put it:

“Zero Trust wasn’t a one-time fix. It became the foundation of our IT culture. We sleep better at night knowing we’ve dramatically reduced risk—without slowing the business down.”

? Key Takeaways for SMBs

• Zero Trust is achievable—even without a huge IT team.
• Start with identity, MFA, and device management.
• Partnering with an MSSP helps maintain momentum and monitoring.
• Culture shift matters—train employees and enforce policies with empathy and clarity.

✅ Want to Learn More?

If you’re thinking about implementing Zero Trust in your organization, comment below or message me directly for:

• A Zero Trust Readiness Checklist
• A Free 30-Minute Consultation
• Or a Deep Dive Webinar on how we help SMBs succeed with Zero Trust

Follow SoverAIgn Solutions for Weekly insights on:

✅ Cybersecurity trends

✅ AI transformation

✅ IT strategy for Banking, Financial Services, and Healthcare