One of the biggest challenges in protecting sensitive data is protecting this data on highly-mobile endpoints – especially endpoints that are not directly owned and managed. Organizations who enable their employees and contractors to use their own machines are particularly at risk for data exfiltration, whether this usage is through a formal BYOC* program or on home systems. The simple fact is that BYOC and home machines simply don’t have the depth and breadth of data protection that a professional IT security department would provide to corporate-managed systems.

Corporate managed systems can integrate and manage full disk encryption, directory encryption and file encryption utilizing services such as hardware-based solutions, SafeBoot, Microsoft BitLocker and PGP, just to name a few of the more familiar offerings. These solutions are often difficult for unsophisticated home users to install and manage, which can put them out of reach for occasional usage of sensitive data that must be accessible offline.

Citrix recommends that sensitive data remain in the datacenter and protected through application and desktop virtualization – XenApp and XenDesktop. To keep this data under the protective watch of the datacenter requires an online access experience, which in today’s connected world almost ubiquitously available. When offline access to sensitive data is required – such as delivering a presentation in a facility that does not allow Internet access – how can this data be protected?

To provide a simple way for users to protect offline data, Citrix introduces the “Safe Zones” Encrypted Data Plugin for Receiver. Integrated with the Receiver client framework, the Encrypted Data Plugin gives users a simple way to access sensitive data delivered from XenApp hosted and streamed applications at the endpoint for offline access, while ensuring that this data is protected with AES-256 encryption. A simple drag-and-drop interface makes it very easy for users to use the plugin, and full management capabilities allow IT departments to further protect data entrusted to the plugin. These management capabilities even include Remote Kill functionality that can be enabled to delete protected data in the event the endpoint is lost or stolen.

The Encrypted Data Plugin is currently in technology preview and showcases the protection of sensitive offline data for BYOC and home users. For industry and technology partners, Citrix offers the Encrypted Data Plugin as an example of the innovation afforded by the Receiver framework and we encourage partners to bring additional innovation to market through Receiver.

I expect customers to look at the Encrypted Data Plugin technology preview as a key piece of discussion in updated strategies for protecting local data. Embracing a cross-platform endpoint scheme, using application and desktop virtualization environments, and allowing BYOC require updated security methodologies. Imagine the power of having a standard encryption solution for offline data that is centrally managed – regardless of the endpoint OS. The introduction of the “Safe Zones” strategy is encouraging Citrix customers and our partners to think about new ways of protecting sensitive data on highly mobile and heterogeneous endpoints.

What are your challenges in supporting local data on user’s personal endpoint devices? How do you see solutions such as the Encrypted Data Plugin fitting into your endpoint data management strategy?

-Kurt

*BYOC=Bring Your Own Computer

More information on the Encrypted Data Plugin can be found at: http://www.citrix.com/English/NE/news/news.asp?newsID=2300506
A video showing the capabilities can be found at: http://www.citrix.com/tv/#videos/2060