RSA Conference connects people and insights that empower them to stay ahead of cyberthreats. Visit the Citrix booth at RSA to learn how our secure products have been empowering our customers to stay ahead of cyberthreats for over 25 years.
Busy IT professionals are focused on delivering and maintaining broad technology solutions for their users. With some solutions, keeping them secure often means restricting and compromising user experience, but not with Citrix, who has been a leader in enabling secure apps and data of your Workspace for nearly 3 decades. The idea of Workspace has evolved from desktops, laptops, and thin clients to mobile devices and we have stayed at the forefront, ensuring secure access to your Workspace, no matter the app, platform, or device.
A few months ago, we discussed how to get SSO from your XenMobile-managed devices into your XenApp and XenDesktop sessions. We believe in empowering mobile Workspaces and adapting to the changing work styles of today’s workforce. This, however, requires a shift in how we envision security. As we approach RSA, we are excited to showcase some of the unique features and Security use cases enabled by Citrix XenMobile at booth #N3534.
Citrix provides a comprehensive workspace solution built securely from the ground up. Hosted on-prem or in the cloud, Citrix workspaces provide access to apps and data on any device anywhere, through the seamless integration of our market leading components: XenApp the secure application virtualization solution, XenDesktop, our scalable Virtual desktop infrastructure, NetScaler, the secure application delivery controller and Universal Gateway, ShareFile secure Enterprise File Sync and Share Solution (EFSS), and XenMobile, the secure broad Enterprise Mobility Management (EMM) Unified Endpoint Management (UEM) solution.
To ensure sessions are launched on secure devices, Citrix provides Smart Access for Windows, Mac, iOS, and Android devices. With Smart Access (think conditional), sessions may be restricted if a device is deemed to be out of Compliance. Compliance violations are based on administrator-driven policies that are based on security posture. With Smart Access, you can tie in your security controls uniformly across your workspace without having to worry about revoking access manually. What’s more, the access is restored as soon as the remediation action is taken on the device.
XenMobile gives users the freedom and flexibility to work securely on any device. It provides Enterprise Mobility Management support for a variety of mobile platforms, including Android with Enterprise capabilities, along with Samsung KNOX and SAFE enabled devices, Apple iOS and MacOS devices, and Windows 10 phones, tablets, and desktops. With XenMobile, manage any endpoint and provide security controls and a seamless experience across all devices. XenMobile gives IT admins a single-pane-of-glass experience, meaning they don’t have to log in to multiple portals to manage mobile devices separately from laptops/desktops.
XenMobile also provides broad EMM and UEM functionality that allows enterprises to securely manage delivery of apps and data to Bring Your Own Device (BYOD), Corporate Owned Personal Enabled (COPE), or Choose Your Own Device (CYOD) endpoints. It does this through support of a best-in-class suite of mobile productivity apps, broad mobile device management (MDM) support, and mobile app management (MAM) first focus.
XenMobile offers the industry’s most complete suite of secure productivity apps, including email, calendar, contacts, note-taking, document editing, and remote access. All XenMobile apps are secured and containerized with Citrix MDX technology including:
- Secure Mail – to secure mail, calendar & contacts
- Secure Web – to secure mobile web browsing
- Secure Forms – to automate business processes without mobile app development
- Secure Notes – to securely capture, store and share notes
- Secure Tasks – to enable time management with outlook
- ShareFile (MDX) – to secure document sharing, sync & editing
- QuickEdit (MDX) – for rich content editing & collaboration for Office documents
- ShareConnect (MDX) – secure mobile access to PC content
MDM provides the foundation for configuring, managing and securing devices in any mobility strategy. XenMobile MDM delivers a variety of device security controls, including:
Certificate Pinning: Security inbuilt into device management
One of the biggest security use cases built into XenMobile is protection against man-in-the-middle (MITM) attacks. During enrollment, XenMobile pushes a CA profile that pins the public key of servers (XenMobile server and NetScaler) and rejects a server connection if its public key is different from the pinned one. This is one of Citrix unique differentiators.
Smart Actions: Automated compliance actions
With XenMobile, you can put a compliance check in place and tie it to various scenarios with an “if/else” condition. This allows IT admins to ensure automated compliance actions are enforced according to corporate policies. These smart actions are flexible and can be customized to block complete access to resources or send mere informative notifications depending on the severity of violation.
Mobile Threat Defense: Inbuilt detection and integration with technology partners
Today, there are more viruses, malware, and spyware attacks on mobile phones than ever before. XenMobile assesses the health of a device during enrollment and prevents access to any resources if it is rooted or jail-broken. If the device is clean during enrollment, but gets exposed to malware, XenMobile is able to detect any fundamental changes and compliance can be triggered accordingly. Citrix recognizes that threat detection is an ever-expanding territory and needs constant update of malware definition, real time threat analysis using patterns, as well as collaborative analytics via cloud. To ensure our customers always get real-time threat detection, we integrate with leading Technology partners like Skycure, Zimperium, Wandera, and many more for prevention as well as detection of malware on mobile devices.
Application Restrictions: App Whitelist and blacklists
For productivity, as well as security reasons, IT admins may want to block installation of certain apps. XenMobile allows IT to identify apps by their unique application identifiers and define a blacklist or whitelist of apps around it. With our native integration with cloud access security brokers (CASBs), we can prevent apps from invoking inbuilt cloud service connectors such as Dropbox, Facebook, etc.
XenMobile offers comprehensive mobile application management (MAM) capabilities with features and scalability that no other EMM vendor can match. XenMobile offers different MAM options: secure application data by leveraging device and platform controls with app-level password protection and encryption, or by taking advantage of the XenMobile MAM-first approach.
The MAM-first option provides an additional layer of security that doesn’t require device enrollment or management. This greatly enhances the BYOD user experience, as it eliminates the need for a device passcode to encrypt data, eliminates privacy concerns since IT has no device visibility outside of the MAM container, and eliminates the potential for IT to initiate a device factory reset wiping any personal data. For more information read our post “What does MAM-first mean to you?”
MDX Data Vault is Citrix proprietary technology that securely stores and manages wrapped apps in an encrypted container and allows IT to implement granular control over data exchange. MicroVPN works in conjunction with the MDX container to provide application level secured access to the network. Both are foundational technology that allow Citrix to provide secure MAM with a great user experience.
Citrix MAM also includes multi-factor authentication, including PKI integration to provide seamless user certificate delivery. App Geofence provides access to the data in MDX apps only in a specific geographical area. MAM shared devices allow MDX apps to be securely utilized by multiple users on shared devices. By simply logging on and off they may access Secure Mail, Secure Web, and ShareFile