At Synergy 2010 Citrix has announced and made available the Technology Preview for the Encrypted Data plug-in. Leveraging the “Safe Zone” technology, this Receiver for Windows plug-in enables IT to encrypt the endpoint’s XenApp application data on the user’s device to prevent unauthorized access and protect the data. It uses the highest level of encryption (AES-256 bit) to protect the data. In case of data security breach or compromise, it enables administrator to lock or wipe the data remotely.
The Encrypted data plug-in creates an encrypted space referred to as “My Safe Zone” on the end user device where all the corporate information is stored encrypted. All sensitive and critical data such as cached email is automatically and seamlessly redirected to the end user’s encrypted space.
The Encrypted Data plug-in creates this encrypted space (My Safe Zone) on Microsoft Windows 7 devices. The user defines a password to create the encrypted space and access it. Once created only Windows Explorer, the XenApp applications and App-V applications are able to access My Safe Zone. The XenApp and App-V apps are also restricted to only storing their data into this location.
The \AppData\ folder located in the user’s profile (by default in c:\User%USERNAME%) gets redirected to the encrypted data folder for all XenApp applications. The XenApp applications are only allowed to save in encrypted space. In fact, if an attempt is made to save data outside the My Safe Zone, the user will get an access denied. Local applications like Notepad are also denied if they attempt to access the encrypted space (Windows Explorer is the only local app exception). This of course is configurable and you may opt to let all applications access the space and save outside the encrypted space.
The user will see both a Windows 7 Library and a local drive. The local drive is x: and both the drive and library have a label as configured in Merchandising Server – the default label is “Encrypted Data” but may be changed as needed or desired. The User will be prompted to unlock the encrypted data space each time Receiver for Windows is started. This is the password set during the installation on that device.
IT is able to manage this space through the configuration in Merchandising Server. By enabling the lock or delete of the data, the next time the users authenticates and connects to merchandising server the lock or delete will be executed. All configuration options are handled in the Merchandizing server console.
The Encrypted data plug-in Technology Preview is available today so please take a moment to go download it and give it a try (MyCitrix logon is required). We look forward to your feedback and comments which will certainly help guide us as we create the next releases. Support is through our forum located here: http://forums.citrix.com/forum.jspa?forumID=1013. Also check out a video overview providing you a walk-through of the capabilities of this technology.