[2021 Issue 06] Go Beyond VPN with Zero Trust in Hybrid Work

zyxel_Lin
zyxel_Lin Posts: 26  Zyxel Employee
edited November 2021 in Security Highlight

Go Beyond VPN with Zero Trust in Hybrid Work

Identity is more important than ever, adopting a Zero Trust strategy is no longer an option, it’s an absolute requirement. We never trust at face value and verify everything to connect before granting access. First off, we must figure out what you need to protect.


Now we all are preparing for hybrid work environment. According to Global Workplace Analytics, 30% of the total workforce will continue working from home multiple days a week through the end of 2021. As networks are changing, employees’ home devices are now part of the corporate network. The hybrid world is perimeter less, so protections around identity and devices of home networks is critical.

Businesses from small to large all need to get ready for the growing demands of an increasingly mobile workforce and distributed work site expansions. The almost instantaneous spike in remote work result in new challenges to businesses.

New Challenges to businesses

Challenge 1: Traditional VPN is not safe

How to maintain the security level, as there are accesses originating outside the security perimeter? In the past, there are several problems and vulnerabilities in terms of deploying VPN services. The malicious hackers have attacked weak VPN protocols and internet connections to cause data breaches at major organizations. 

Adopting Zero Trust approach in hybrid work environment

Employees are increasingly being encouraged to take advantage of working from anywhere, however, the new era for remote working brings the need of a new generation of security protection, policies, and protocols. We believe that we need to adopt zero trust approach, enhancing endpoint visibility and verifying the identity of all users. As to reinforce security for hybrid network, we elevate SecuExtender as the Zero Trust agent, integrated always-on secure tunnel encrypted by strong cipher, traffic shaping, IKEv2/EAP, supporting devices insight and more granular control over remote workplaces.


  • Elevated remote endpoints as a Zero Trust agent, which sending device identifications to the head office network
  • Enforcing conditional admission to ensure endpoint compliance and network segmentation
  • Verify employee’s identity with 2FA which adds an extra layer of security and mitigate the security risk of password leak
  • Centralized provisioning from the firewall with IKEv2/EAP and traffic shaping for improved productivity 

Level Up Security with 2FA Network Access

Strong authentication is one of the most important steps in a Zero Trust journey. Standard password is not enough to secure your network access. You need a second form of authentication to ensure unauthorized users can’t access your company’s databases, email accounts and more. Google Authentication allows your organizations to authenticate the identities of users accessing your networks through remote desktops and personal mobile devices.

Challenge 2: Administrative overhead

Provisioning and supporting dozens of remote workers are time-consuming and an increase to IT workload. Many organizations weren’t fully prepared to shift to remote work at such a massive scale.

Hassle Free VPN Client

It always takes a lot of time and effort to configure remote access VPN settings for hundreds of remote workforces. To make it easier to manage and secure your VPN clients, our SecuExtender provides short deployment time with easy and centralized provisioning even for complex configurations.

  • From Zyxel Firewall
  • From Nebula Cloud

 Centralized Provisioning from the Cloud/Firewall

SecuExtender support centralized and easy provisioning from Zyxel firewall or Nebula, greatly reducing administrative overhead when maintaining and supporting hundreds of remotely working employees.

Zyxel’s Zero-Trust total solution is designed for securing remote workplaces and ease of use, they are our key differentiators. We offer a wide array of products that allow different remote access options including firewalls for headquarters and branch offices, remote access points with Secure WiFi and VPN client management for off-site employees, extending endpoint protection.