Case Study:

Zero Trust for Cloud Workloads

COVID-19 suddenly forced our top-tier law firm client to provide fully-remote support to a workforce of more than 850 lawyers and staff across the country.


Quickly transition access to Office 365 applications from internal only to anywhere over the internet – providing easy, high speed and consistent network access to support business-critical applications without compromising critical security standards or overloading VPN tunnels.


The Canalini team immediately performed an in-depth assessment of access to cloud resources using Azure AD Graph, then developed and implemented a Zero Trust plan, collaborating with the internal IT group on each step:

  • Performed in-depth discovery, profiling access to O365 applications
  • Hybrid Joined, hardened company-owned, devices to Azure Active Directory
  • Secured access to O365 applications with Single Sign On (SSO), Multi-Factor Authentication, and Azure Conditional Access Policies
  • Enabled limited and restricted access to non-hybrid joined devices
  • Developed and reviewed custom reporting for deployment quality assurance


Our client was able to enable access to Office 365 applications for its workforce without the limitations of connecting to the VPN. The Zero Trust model increased productivity as well as their security posture by enabling certificate and multi-factor based authentication. This allowed the entire firm to continue to function seamlessly at a high level in a completely new and challenging environment.


“Deploying Zero Trust access was both critical and time sensitive for us, as we suddenly went from everyone working behind firewalls to having 850 “offices” and home networks to secure. This sudden shift in our security design required both opening the gates to remote connections everywhere while simultaneously restricting which devices could do what once they connected. The Canalini team was able to develop, test and deploy the multiple policies required, all while regularly monitoring and adapting user experience. The risks were severe as our users needed uninterrupted access throughout the deployment- sort of like remodeling a house while living in it. Canalini’s engineers were both responsive and sensitive to our requirements, they worked quickly and thoroughly to ensure our deployment went without any issues or delays.”

Information Security Manager