Many would argue that being mobile, secure and compliant is simply an oxymoron.

Let’s take a moment to analyze.  Consumer devices, regardless of technology, must ensure unhindered access to 911 emergency services.  Let’s also consider the business model of mobile operators, 24 x 7 reliable services.  At a time when the traditional business model is under increasing revenue pressure, with voice revenue rapidly declining, new opportunities emerge from the wealth of consumer data.  Mobile phones, tablets and other connected devices are driving significant e-commerce traffic.  New technologies such as Near Field Communications (NFC), supporting in person transactions, continue to expand their presence.  What does that mean for the IT and security professionals?   Hands down, there is no competition.  IT personnel, even in the largest of businesses, prove to be no match for the mobile carriers and hardware manufacturers.  There is absolutely no incentive for carriers and manufacturers to secure and restrict the use of devices.  Hardened access controls and restricted use simply yields a loss of revenue.

You may be thinking that surely, a device access PIN offers some security?  Think again.  A mobile device access PIN should be considered no more than a mere speed bump, keeping the average user at bay.  Users may also have a false sense of security believing that only jailbroken devices are susceptible to attack.   No matter what type of device, whether Android, iOS or Windows mobile, the threats and vulnerabilities plaguing these devices are ever increasing.   Consider the security of the iOS keychain, used to house Wi-Fi network passwords, VPN credentials, and other sensitive information.  With simple/free tools such as Snoop-it, individuals may analyze data written to the keychain and compromise the device’s trust model.

At a time when mobility is no longer an isolated trend but a reality every IT organization must deal with, how do we stand a chance?  During the first quarter of this year, mobile subscriptions world-wide topped 6.8 billion.  At the same time, statistics reveal that data breaches continue to rise, resulting in a loss of millions of dollars for businesses all around the world.  With compliance requirements expand (HIPAA, PCI, etc.), organizations are left scrambling, trying to reconcile on-prem, cloud and mobility, while attempting to address security and compliance-at times mutually exclusive.

The days of the traditional network, with a DMZ and managed endpoints should be considered a thing of the past.  The only practical solution, to keep up with the pace of demand for consumer devices is to pull in the perimeter to the data center.  While there is no silver bullet providing a 100% iron clad solution to these complex issues, leveraging the Citrix offering provides tangible alternatives for mitigating mobile computing risks and meeting an organization’s compliance obligations.  The Citrix offering allows organizations to establish a defense-in-depth approach to security, keep data in the data center,  while allowing employees to access information and resources from anywhere on any device.  The result is an IT organization that truly enables the business.

What are some key components of the solution?  Let’s start with NetScaler, not just an appliance to load balance applications/services and offload SSL, but a powerful security solution offering layer 2-7 DDOS protection, strong authentication, and application firewall capabilities (among other features).  One could argue the secret sauce lies with receiver.  Receiver continues to lead as the most efficient remote display protocol on the market, keeping data in the data center and offering unparalleled performance.   No other competitor provides the elegance of sophistication of application delivery like Citrix does with XenApp.  Let’s not forget that while other solutions require huge amounts of disk space on the backend to support a virtual infrastructure, Citrix streams entire data centers and virtual desktops, without any storage requirements.  When the need arises to patch the images, the solution allows for the timely updates of master images vs. updates that require days, as with the linked cones of some competitors.  XenMobile provides granular data, device and app management, allowing administrators to secure data at both the device and application level when data has to reside on the device.  Flexibility, scalability and security – get Mobile, Secure and Compliant with Citrix!  To learn more, attend my session at Citrix Synergy, SYN241.  Hope to see you there!

Connie Barrera is responsible for developing policy and standards related to privacy, confidentiality, integrity and availability. She develops and maintains risk management, security awareness and compliance programs to deal with legislated requirements that impact security. Previously, she worked at Baptist Health South Florida as a systems engineer. Connie earned a bachelor’s degree from Florida International University and holds MCP, MCSE, CCNA, CCM, CISSP, CISA, CRISC, CCA, ISA, CICRA, and PCIP certifications.

Citrix invited the author of this blog post to present at Citrix Synergy 2014 and to participate in a related contest.  The author received an entry into the contest for submitting this Blog.