image mobile
WFA: Zero Trust

WFA: Zero Trust

Consistently operate a Zero Trust Security policy and ensure your solution is managed to best practice through its entire lifecycle.

as the network
of necessity

In the past, when users were tied to the corporate network and corporate-managed devices, protecting against malware, ransomware, and phishing was as simple as rolling out endpoint antivirus, installing a stack of appliances in a data center, establishing a DMZ, and backhauling traffic for inspection and control.

But users have left the building, devices are now unmanaged, and the Internet is fast becoming the corporate network of choice through necessity.

in a cloud-first,
remote-first world

Traditional hub-and-spoke networks and the castle-and-moat security they relied upon no longer support today’s remote workforce, cloud applications, and sophisticated threat actors.

Those on-premises security solutions lack the visibility, scalability, intelligence, and real-time response that a cloud-first, remote-first world requires.

Yet many teams lack the skills and experience needed to successfully architect and operate security in today’s environment.

Defending against
an increased
risk of attack

Failure to address this situation leaves internal applications and users exposed directly to the Internet and leads to an increased risk of attack.

This is further exacerbated by the increased attack surface created by disparate users and applications.

To be successful in security today, I&O teams must therefore place user identity and application access requirements, and the associated business processes, at the center of their strategy.

image mobile
Take a different approach to Security

Take a different approach to Security

That’s why forward-thinking Infrastructure & Operations leaders are taking a different approach to security, one of a Zero Trust Security architecture, where every machine, user, IP address and server is untrusted until proven otherwise.

What is Zero Trust Security?

Zero Trust Security is a network security architecture, based on a strict identity verification process. The architecture assumes that there is no perimeter, and that every user and device is equally untrusted.

The principles dictate that only authenticated and authorized users, IP addresses and devices can access applications and data. This way, organizations can ensure that users only have access to the applications and services they need to do their jobs. At the same time, it protects those applications and users from advanced threats on the Internet.

Core tenets of Zero Trust Security include:

Ensuring all resources are accessed securely, regardless of location or hosting model.

Adopting a “least privilege” and “default deny” strategy when enforcing application access.

Inspecting and logging traffic, for both applications you control and those you don’t, to identify malicious activity.

Benefits of a Zero Trust Security approach:

  • Protect your data & business from:
    • Disruption for customers from stolen personal ID information
    • Reputational damage
    • Loss of IP
    • Financial cost in the aftermath of breach
  • Ensure better protection against attacks
  • Reduce time to breach detection
  • Reduce complexity of the security stack
  • Consolidate security policies
  • Improve the flexibility, agility, and scalability of application access
  • Enable and simplify ‘cloud-first’ & ‘remote-first’ strategies​
  • Add an extra layer of protection to internal applications with direct Internet access

Where Zero Trust Security can go wrong

Many I&O teams have adopted a Zero Trust Security architecture, however it’s important that you don’t just select this path ‘because everyone else is doing it’.

To get it right, security must be thought about very differently, by taking a user- and application-centric approach and carefully considering the business processes it supports.

Here’s where we’ve seen things go wrong:

Leading with technology

Zero Trust Security isn’t about technology first. It’s about process and mindset, and this must be this must be approached from ‘inside the network out’ vs. ‘outside in’.

Many teams try to throw technology at the concept and hope they’ll get it right, but with Zero Trust Security it pays to develop the strategy first, which requires a shift in thinking.

Dealing with legacy systems

Achieving Zero Trust Security won’t be an overnight accomplishment and it won’t be easy, especially if an organization has legacy security systems in place that don’t transition well to the new architecture.​

Ongoing effort required

Organizations need to understand up front that Zero Trust Security will require an ongoing effort and that certain aspects might be more challenging than others.

For example, in a modern network environment, changes are happening daily and need to be configured properly with changing IP address data and policies updated to make sure there’s no interruption in service access for employees or corporate transactions.

Otherwise, serious downtime could be experienced.

Failure to get these things right could mean you end up with:

  • Systems that aren’t set up correctly, affecting user productivity
  • Users unable to access applications to be able to do their jobs, impacting mobility
  • Users opening themselves up to risk in order to access systems, leaving assets exposed
  • Additional complexity from adding extra layers of technology

How Teneo can help

Here’s how we can help you with Zero Trust Security:

Zero Trust Security by design, integrated into your existing security posture and network services.

Support digital transformation and anywhere operations initiatives.

Approach Zero Trust Security with users, applications & business processes at the heart of your strategy.

Make best use of technology as you retire legacy systems.

Give you the people resource, skills & experience needed to operate Zero Trust Security on an ongoing basis.

Save you time by keeping policy updated with changing network and application usage and requirements.

WFA: Zero Trust from Teneo

Teneo’s WFA: Zero Trust service is for I&O teams that want to ensure their Zero Trust Security solution is deployed and consistently managed to best practice throughout its lifecycle, and doesn’t become a case of ‘set and forget’.

Now, more than ever, the threat landscape is constantly changing, and security must be constantly updated and reviewed. That’s where Teneo can help. WFA: Zero Trust provides monitoring and regular reviews of policy usage and effectiveness, network changes and new applications. And, thanks to the visibility we gain through full logging and behavioral analytics, we’re able to report on those insights and provide recommendations for change to help you stay ahead of modern-day hackers and threats.

In partnering with Teneo, you’ll benefit from a highly sophisticated set of Zero Trust Security controls, delivered using the power and scalability of the cloud, and without the need for heavy investment in internal resources or ongoing training.

By adopting a Zero Trust Security architecture in partnership with us, you can reduce the risk from attack, and deliver applications to users whenever and wherever they need them – securely. Our light touch, always-on WFA: Zero Trust service ensures that access is not only secure on network entry, but also throughout the lifespan of the connection.

With Teneo, you gain peace of mind that your security policy is updated as network usage and security threats continue to evolve.

Service level summary:

WFA: Zero Trust is suitable for 100+ users and is available in two main building blocks: ‘Gateway’, under WFA: Endpoint, and ‘Application’, under WFA: Branch.


Delivers a Secure Internet Gateway to protect users.

Service features:

  • Design, deployment & configuration
  • Cloud-based secure web gateway​
  • Protection from malware, ransomware, phishing and data exfiltration
  • Block malicious payloads​
  • Control shadow IT​
  • Prevent data loss​
  • Improve off network device security without using VPN​
  • Uniform policy enforcement​
  • 24×7 monitoring & alerting​
  • Managed change control​
  • Monthly security insights meeting
  • 24×7 helpdesk​

Service highlights:

  • Lightweight agent​
  • Scheduled & on demand reports​
  • Guidance on current threat landscape​
  • Option to add Application service

Additional advanced features available:

  • Online and offline analysis of HTTP and HTTPS payloads using multiple malware analysis and detection engines​
  • Cloud sandbox for offline dynamic payload analysis
  • Real-time inline analysis of web pages to detect zero-day phishing pages
  • Real-time inline or offline analysis of files downloaded from file-sharing sites


Provides an identity-aware proxy for secure application access.

Service features:

  • Design, deployment & configuration​
  • Cloud-based, identity aware proxied secure access for 10 applications
  • Reduce risk of compromise from employees, 3rd parties, contractors, partners and mobile users without the need for network access​
  • Granular visibility of access requests​
  • Access via 288,000 global PoPs​
  • Two Factor Authentication (2FA), Single Sign On (SSO), end-to-end encryption and load balancing​
  • 24×7 monitoring & alerting​
  • Managed change control​
  • Monthly security insights meeting​
  • 24×7 helpdesk​

Service highlights:

  • Client & clientless access​
  • Scheduled & on demand reports​
  • Guidance on current threat landscape​
  • Option to add Gateway service

Additional advanced features available:

  • Unlimited Applications​
  • Extend log retention from 90 days to 365 days

Our Approach


  • Hold a strategy workshop with all main stakeholders.
  • Understand your desired outcomes and security policy needs.


  • Design & create security policy.
  • Design our implementation package.
  • Prepare a custom service handbook that integrates Zero Trust with your processes.


  • Service installation & configuration.
  • Monitoring system set up.
  • Installation and configuration of dashboards and reports.


  • 24x7x365 proactive management, monitoring & alerting.
  • Incident management, moves, adds & changes.
  • Monthly insights & analysis.
  • Quarterly reporting, reviews & service improvement.

Service Value

Complete solution

Adopt a complete, all-in one Zero Trust Security solution from design through implementation and lifecycle management, fully supported by Teneo.

Fast time-to-value

See fast time-to-value as a result of utilizing our streamlined onboarding and tuning processes, ensuring your policy is updated as network usage changes.

Alerts, updates & reports

Receive only meaningful alerts and updates, get our remediation recommendations, and access detailed reporting to address compliance, display trends, and track activity.

Skills & experience

Access our security subject matter experts 24×7 and supplement your team’s own security skills and experience.

Always on

Hackers don’t sleep and neither do we. We stay focused on maintaining your defense posture around the clock so you’re always ready for attack.

Service Outcomes

  • Cost saving, from replacement of legacy remote access solutions with flexible and cost-effective centralized software solutions.
  • Supplemented security skills with access to our reporting and security experts.
  • Seamless user experience by removing the need to backhaul traffic to the data center.
  • Support for all types of applications, regardless of location, with no additional infrastructure.
  • Highly scalable Zero Trust Security security solution.
  • Control of third-party access.
  • Invisible infrastructure – where access can be granted to applications without providing access to corporate networks.
  • Application segmentation provides additional security.
  • Centralized control, granular access and enhanced visibility give the complete picture and enable better policy decisions – leading to better user experience and enhanced protection.
  • Simple deployment allows for low-cost adoption and flexible installs, moves, adds and changes (IMAC).

Customer Example: Global Construction Organization

At this global construction organization, hundreds of the company’s engineers and consultants work remotely about 50% of the time, in meetings and on site for construction projects.

As is the case for any modern business, the organization equips these employees with laptops that enable them to work from anywhere. However, without the right security measures in place, these tools could be compromised and become a conduit for threats to infiltrate the company network.

As the company grew, its management team became aware of the need to ensure strong cybersecurity. Though their Information System Security Manager had implemented a range of security solutions to address these concerns, he still saw a weakness when it came to the company’s global security strategy.

He explained, “We had such little visibility that we weren’t aware of any potential security problems, and even the smallest cybersecurity event posed a risk. Also, when users were working remotely, we had no way to ensure they were protected from any potential threats. We needed a way to strengthen our security posture during those times.”

Previously, the organization lacked the means to set up and enforce an acceptable use policy. Now, after adopting a Zero Trust Security approach, in addition to applying policies to employees, the company can also enforce a guest Wi-Fi policy to limit the risk of threat propagation.

Use Cases of a Zero Trust Security Architecture

Work From Anywhere

Zero Trust enables a work-from-anywhere workforce to access just the applications and data your users need to be productive, and gives IT teams the peace of mind that operations are secure.

Multi-Cloud Environment

Using multiple private, public, and hybrid clouds for your corporate applications can reduce costs, enable flexibility, and accelerate digital transformation.

But a multi-cloud reality also creates complexity and a lack of visibility, exposing your organization to risk.

Transition to SD-WAN

As SD-WAN is adopted, companies must evolve their security from a perimeter-based framework to a Zero Trust–based framework at the edge.

Many organizations that are migrating to Internet-based architectures consider SD-WAN to be the key enabler due to its link control and ability to potentially drive down the financial onus of MPLS ownership.

They may use broadband or wireless networks to augment or complement the MPLS connections, creating a hybrid WAN. But if they already embrace local or branch Internet breakouts, also known as direct Internet access (DIA), that route traffic to the cloud instead of through a data center, then surely it makes sense to employ a security architecture with the same approach.

VPN Elimination

Your mobile workforce and cloud-based applications are at odds with your legacy and appliance-based access solutions.

Traditional VPNs, proxies, and RDPs drive up operational costs, monopolize already-scarce IT resources, provide limited visibility, offer little in the way of insights, and open your business to risk.

Expanding User Ecosystem

Your third-party contractors, partners, suppliers, remote workers, and even newly acquired users from mergers and acquisitions all benefit, even accelerate, your business.

But provisioning access for this varied and fluid ecosystem introduces risk, increases costs, and creates complexity.

image mobile
Ready to talk WFA: Zero Trust?

Ready to talk WFA: Zero Trust?

To get started with our WFA: Zero Trust service, simply schedule a meeting with us today.