Skip to content
Interactive Read-Only Demo
Back to decisions

Adopt Zero Trust Security Model

Replace our traditional VPN-based network security with a Zero Trust approach ("never trust, always verify"). Triggered by the Q2 2025 security incident where a compromised contractor VPN account was used to access 3 internal systems. New model: every access request is verified individually, regardless of network location. Scope: all production and corporate systems.

V17/15/2025, 8:00:00 AM
Decision ID: DEC-2025-0009
ApprovedConfidential

Options

Full rollout at once (Zscaler)
Recommended

Replace VPN entirely with Zero Trust platform. All employees migrate within 6 months. €180K/year. Fastest protection, most disruption.

Phased rollout by department
Selected

Start with engineering (highest risk), then expand quarterly. 18-month plan, €95K/year. Lower disruption, slower full coverage.

Keep VPN + add extra security layers

Keep existing VPN, add multi-factor authentication and device checks. €45K/year. Least disruption. Doesn't fully prevent internal breaches.

Roles

Owner
Peter Schmidt
DecidersSequential
Security Board
Tania Patel
10/29/2025, 11:00:00 AMPhased approach is practical given team capacity. Cloudflare Access integrates well with our IdP.
AND
CTO Sign-off
Marcus Weber
10/30/2025, 4:00:00 PMEngineering team can absorb the migration in sprints. No impact on feature velocity.
Informed
Alex Richter
Tags3/3
SecurityArchitectureCompliance
Attachments

No attachments

Available in full version

Like what you see?Book a demo