It’s time to take action to advance enterprise mobility management and security. Enterprises must allow workers to bring the latest devices into the workplace to remain competitive. Compliance and the protection of sensitive enterprise data must be assured. These two missions are seemingly at odds with each other, but must be brought into balance for workplace harmony. Where to start?
The need to support BYO users and consumer-grade systems is forcing enterprises to reevaluate security. Some are taking a haphazard approach – accepting way too much risk – while others are going too far in the opposite direction by restricting these new ways of working. While overall security can’t be relaxed just to support convenience, protective measures must be re-tuned to simultaneously optimize performance and assure sensitive data protection.
Citrix has formally been a BYO organization since 2008 and offers our ongoing views and experiences in protecting mobile apps and data. The Citrix security story begins on the device – with Citrix Receiver – and is managed and controlled in the data center with CloudGateway.
Citrix Receiver is easy to install client software for secured delivery of applications, desktops and data. As a free download from the Android, Apple and Windows storefronts as well as from citrix.com, Receiver runs on all popular mobile devices.
CloudGateway enables security by granularly controlling access to virtual, mobile and web/SaaS applications. Application control policies include strong authentication, single sign on, logging, and lock. Inherent USB firewalling denies the use of mass storage devices while allowing human interface devices such as a USB headset, if desired. Policy is set by the administrator and enforced on a per-app basis.
The tried-and-true security method of “Keep the data in the datacenter” has been protecting sensitive data using Citrix technologies for over two decades. Pixel-airgap networking ensures that only the pixelated representation of the data reaches the endpoint – no actual data transfer occurs. This pixel-airgap keeps sensitive data off endpoints and further protects against bulk data loss by preventing the transfer of files and databases to workstations.
“Keeping the data in the datacenter” is a great choice for protecting applications and data, but how can security be enforced if data must be mobilized?
For control over mobile data, ShareFile is integrated with Receiver and CloudGateway. Mobile data is protected in an encrypted container on the device with administrator-defined policies for remote wipe and data expiry. ShareFile security measures are also a great way to keep sensitive attachments out of email while providing seamlessly secured access. Mobile data also leverages policies that specify whether it can be opened only in virtualized datacenter-based applications, third-party applications, or directly in managed local applications.
MDX enabled applications are apps that are wrapped and mobilized for enterprise control. These apps run natively on the device, with security enforced through policies integrated with Receiver. Mobile Application Management (MAM) using MDX technologies allows application-specific policies for use, filesharing and networking to apply to web/SaaS, Internet browsing and rich native apps for Android, iOS and HTML5. For further control over networking from remote locations, MDX Micro VPN controls application-specific access to corporate Intranet apps.
MDX enables a granular set of methods for enforcing application-level security for the mobile device and the selective lock and wipe of enterprise data, while leaving personal data intact on BYO devices. Further capabilities include jailbreak/root and password/PIN detection policies, as well as integrated managed mobile apps and ShareFile data vaults. The MDX mobile experience is enabled through CloudGateway to control access to local and remote applications and data across devices.
Secured enterprise mobility starts with Receiver, CloudGateway and ShareFile – and the end-state is the ability for workers to work from anywhere, on any device, online or offline. Secure by Design.