Case Study: Zero-Trust Migration at an Insurance Corporation

An insurance corporation with 8,000 employees migrated its network architecture to Zero Trust in 18 months. The results: 73% fewer VPN support tickets and a measurably reduced attack surface.

TL;DR

A German insurance corporation with 8,000 employees migrated its network architecture from perimeter-based security to Zero Trust in 18 months. The results: 73% fewer VPN-related support tickets, 40% faster onboarding time for new employees, and a measurably reduced attack surface.

Initial Situation

The corporation operated a classic hub-and-spoke network with a central data center and VPN access for 3,000 remote employees. After the pandemic, the VPN concentrators were permanently at their limit. Simultaneously, the number of SaaS applications increased from 30 to over 120.

The trigger for the Zero-Trust migration was not a security incident but the realization that the existing model hindered business agility.

Phase Plan

Phase 1 (Months 1-3): Identity Foundation

Migration of all identities to Azure AD with Conditional Access
Multi-Factor Authentication (MFA) for 100% of accesses (passwordless as the goal)
Single Sign-On for all 120+ SaaS applications

Phase 2 (Months 4-8): Application Access

Replacement of VPN with Zero Trust Network Access (ZTNA) for cloud apps
Application-based microsegmentation instead of network segmentation
Device compliance checks as an access condition

Phase 3 (Months 9-14): Data Protection

Data Loss Prevention (DLP) for all channels
Sensitivity labels for documents
Encryption of all data at rest and in transit

Phase 4 (Months 15-18): Continuous Verification

User and Entity Behavior Analytics (UEBA)
Risk-based access decisions in real-time
Automated response to policy violations

Results After 18 Months

73% fewer VPN support tickets (VPN only for legacy applications)
40% faster onboarding (new employees productive in 2 days instead of 5)
92% of applications accessible via ZTNA
0 successful lateral movement attacks since go-live
15% cost savings through consolidation of network security tools

Key Facts

Industry: Insurance

Company Size: 8,000 employees, 120+ SaaS apps

Project Duration: 18 months in 4 phases

Investment: approx. 2.4 million EUR (licenses, consulting, implementation)

ROI: Positive after 14 months through VPN replacement and efficiency gains

Fact: According to the Verizon DBIR 2024, stolen credentials were the starting point for 49 percent of all analyzed security incidents.

Fact: Gartner predicts that by 2026, at least 60 percent of all companies will have implemented Zero-Trust principles as the basis of their security architecture.

Frequently Asked Questions

How long does a typical Zero-Trust migration take?

For a company of this size, 12-24 months are realistic. The key is the phased approach: Identity first, then application access, followed by data protection.

Is Zero Trust only relevant for large enterprises?

No. Medium-sized companies also benefit, especially if they have many remote employees and use cloud services. Entry via identity and conditional access is possible even with a limited budget.

How long does a typical Zero-Trust migration take in a large enterprise?

Experience shows that a complete Zero-Trust migration in companies with over 5,000 employees takes between 18 and 36 months. The key is a phased approach: Initially, the most critical applications and user groups are migrated before the architecture is gradually extended to all systems.