The nature of work has changed and the traditional security perimeter has disappeared. The dissolution of the traditional perimeter also means that legacy security products don’t meet today’s requirements.
Citrix Access Control provides zero-trust based access management capabilities to provide contextual and secure access to on-prem web, virtual and SaaS applications. Using Citrix Access Control, you can consolidate your traditional VPN and single sign-on solutions, providing a holistic secure access strategy to all applications.
Citrix Access Control offers a comprehensive, zero-trust approach that delivers the secure contextual access you need to provide an enhanced user experience while maintaining security control. It allows consolidation of security products like VPN, traditional single sign-on and data governance technologies with one solution. Top use cases for Citrix Access Control include:
1.Traditional VPN solution replacement
Unlike a traditional VPN, Citrix Access Control is a cloud-based offering that provides secure and contextual VPN-less access with single sign-on (SSO) to on-premises web and virtual applications. In addition to SSO, it also provides controls for protecting information shared in web applications.
Additionally, it provides security controls like web filtering and an isolated browser environment to protect users accessing malicious links embedded or shared in web apps, adding security as they access web apps from their personal or BYO devices. This enables organizations to deliver zero trust outcomes by reducing the attack surface, securing the log-in process, enabling continuous authentication and authorization, providing data and device protection, protecting users from web-based threats, and automated risk prevention.
Why Citrix Access Control is a better choice than a VPN
- VPNs have a high risk of security breaches
VPNs expose entire networks to threats like DDoS, sniffing and spoofing attacks. Once an attacker or malware has breached a network through a compromised user device connected to it, it can bring down an entire network. With VPN-less access, users will get single sign-on to both internal apps and SaaS apps. It provides access at the application layer and thereby removing risk from any network level attacks.
- VPNs are hard to scale and offer a poor user experience
Most VPNs were deployed to serve a small percentage of a remote workforce. When most of workforce is remote, VPNs become bottlenecks, especially when delivering traditional client-server applications that consume lot of bandwidth. Citrix Workspace not only helps optimize delivery of these apps, but can auto-scale to serve all the workforce without configuring and deploying additional appliances.
2. Single-sign on and data governance for SaaS applications
The increase in use of SaaS apps creates security risk as users have to juggle multiple log-ins for their different services, leading to poor password practices like reusing passwords or passwords that are easily hacked. Research shows that 81% of all hacking-related breaches were caused by compromised, weak, and reused passwords. Additionally, VPNs typically only offer a single point of authentication. If an attacker were to gain access through compromised credentials, they would be able to move freely throughout the network. This would enable them to access and exfiltrate sensitive corporate data without requiring further authentication. VPNs also aren’t able to detect suspicious behavior, further putting data at risk. Unlike a traditional SSO solution, Citrix Access Control goes beyond providing a way to identify and authenticate a user.
3. Secure corporate data accessed through unmanaged devices
Access to applications through an unmanaged device introduces risk, which is why many organizations require device enrollment to deploy a traditional VPN or SSO solution. IT departments have no oversight into the health of a personal or BYO device, which may be infected with keylogger or screen shot malware. Keylogger malware can harvest critical corporate data like log-in credentials, allowing attackers to freely access your network. Screen shot malware can be equally as dangerous, as any important information that is presented on the screen, like patient health records or credit card information can be exfiltrated. Employees can infect their personal devices by browsing to risky websites that unknowingly deliver malware, which puts corporate data at risk later.
How Citrix Access Control enables a secure BYO program
- Anti-keylogging and screen shot malware protection
Protects against key logging malware by scrambling the data sent from the key strokes, turning the sensitive information into undecipherable text. Also defends against screen shot malware, capturing a picture of a blank screen instead of your private corporate data.
- Dynamically initiated browser isolation
With Citrix, IT can be confident that end users can securely navigate the web with a cloudbased browser that won’t introduce risk to the corporate environment. Threats that may introduced by visiting malicious websites are isolated off the corporate network and device. The browser is discarded at the end of the session, ensuring that any malicious software encountered while browsing the web never reaches your infrastructure.
- Web filtering
Block users from accessing restricted websites that are known for introducing risk. Administrators can choose to block specific URLs and categories of sites, like gambling, social media, torrent, video streaming, and many more.