With so much of the enterprise environment undergoing rapid transformation, why would security remain the same?
It won’t, of course. At the recent Gartner Security & Risk Management Summit in National Harbor, attendees explored the changing face of cybersecurity, including key topics such as threat management and context–aware digital trust, enabling safer cloud computing, mobile security for digital business, and the risks and opportunities of smart machines, AI, IoT and operational technology. Throughout these discussions, an important theme came through to us loud and clear: the increasing relevance of software and infrastructure vendors—not just traditional security vendors—in securing networks and digital assets.
This broader view of security fits with the way we see our mission here at Citrix. While we wouldn’t call ourselves a security vendor in the traditional sense, we’ve always considered data protection and risk management to be central to our value proposition for customers. That was true in the early days of virtualization and remote access, and it’s even more true in today’s era of hybrid infrastructures and the anywhere, any-device workforce. As enterprises look beyond add-on solutions to build security into the fabric of their infrastructure, Citrix enables a software-defined perimeter that combines secure access to apps and data with contextual control, visibility and behavior analytics across devices, networks and clouds. By extending control beyond the traditional datacenter to mediate user interactions with apps and data, IT can proactively secure, detect, and mitigate risk with intelligence applied to each unique scenario.
Here are a few of the trends and learnings we explored in depth at the Gartner Security & Risk Management Summit.
Digital transformation transforms security
Gartner attendees showed understandably intense interest in cloud and its role in digital transformation, as the adoption and convergence of cloud, mobile, IoT and big data technologies pose new challenges and risk factors. While IT still controls the corporate network perimeter and manages many business applications, information digitalization, ubiquitous Wi-Fi and BYOD continually expand the environment to be secured.
In one key stat from the summit, Gartner reported that by 2021, twenty-five percent of corporate data traffic will bypass perimeter security, up from 10 percent today, and flow directly from mobile and portable devices to the cloud. In that light, cloud security matters more than ever—and it’s up to the enterprise to make sure it’s covered. According to Gartner, through 2020, ninety-five percent of cloud security failures will be the customer’s fault. Conversely, by 2018, sixty percent of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.
It’s not only the cloud that is reshaping the perimeter.
Again, this view aligns closely with the Citrix approach to security. Because we’ve always designed our products around centralized control over apps and data, security is built into the core of our solutions. Granular policy enforcement and complete visibility across apps and data enable IT to confidently manage risk. Our secure infrastructure for app and data delivery gives IT powerful options to control application and data access across any device, network and cloud. From devices to data centers, from clouds to end-user access, our secure solutions provide comprehensive coverage and peace of mind without limiting productivity.
The talent crunch places a premium on efficiency
It hardly qualifies as breaking news to say that cybersecurity organizations face a tight talent market. Gartner put hard numbers around the situation and its implications:
- 82 percent of respondents report a shortage of cybersecurity skills
- 71 percent of respondents report the shortage in cybersecurity skills does direct and measurable damage
- 90 percent of respondents said that cybersecurity technology could help compensate for skill shortages.
Meanwhile, the broadening scope of the work to be done only exacerbates the problem. By 2021, one-third of internal cybersecurity organizations will absorb IoT and/or OT security, up from 10 percent today. As their mandate increases but their resources don’t, cybersecurity organizations must make efficiency a top priority. Adding point solutions will only increase complexity and fragmentation while inevitably leaving gaps. What’s needed is a new security architecture designed for the way people and organizations work today.
Citrix addresses this new reality with a holistic approach to security that allows customers to eliminate multiple add-on security solutions. With a single pane of glass to gain clear, consolidated visibility into network traffic, IT and SecOps can filter out noise and find threats faster, while IT escapes the cost and management overhead of an overly complex tool set.
Contextual security enables seamless productivity
Cybersecurity isn’t the only part of the enterprise that needs new ways to get more done, more easily. As organizations empower users to work from anywhere, on any device, and BYO becomes the norm, IT faces the challenge of ensuring security across this more diverse range of user scenarios without impeding their productivity. An overly cumbersome or restrictive user experience will only foster shadow IT and lead users to circumvent policy to get their work done—an unacceptable risk in today’s threat landscape.
Citrix simplifies security by giving IT powerful control over the location, management and access of apps and data, and separating them from devices and things. Taking a more holistic approach to security, we engineer contextual awareness into the fabric of our solutions so you can provide just the right balance of security and flexibility for any situation. Our technology goes beyond endpoint security by protecting the lifeline of business—apps and data—giving IT powerful control over who’s accessing it, where they are, and what they need to do.
Contextual access plays a key part in this flexible yet comprehensive control. By understanding the user’s full context—the who, what, when, where and why of the request for access to data and apps—IT can differentiate normal from abnormal behaviors, and block any requests that lie outside the norm. More intelligent, dynamic and responsive than simple blacklisting and whitelisting, this approach is ideally suited for an ever-changing threat landscape.
Where we go from here: analytics, machine learning, automation
To keep pace with the rising cybersecurity challenge, enterprises will increasingly complement their human expertise and effort with advanced technologies. According to Gartner, by 2020, Advance Security Analytics will be embedded in at least seventy-five percent of security products, and artificial intelligence/machine learning-based tools for IT resilience orchestration will more than triple, helping reduce business outages from cascading IT failures. By 2024, fifty percent of digital security responsibilities for an organization will be delivered by external or non-human resources. 
Citrix is already working at the forefront of this trend. As security threats become more sophisticated and dynamic, we’re empowering IT with deeper intelligence and insight to maintain control and protection. Our new Citrix Management and Analytics Service gathers comprehensive data on user behavior from the products and services we operate globally, including the applications and networks people access and use, and uses machine learning to find the anomalies that can signal an impending breach.
The Gartner Security & Risk Management Summit painted a picture to us of a radically evolving security space, as enterprises seek to manage risk, build trust and embrace change in a world undergoing digital transformation. At Citrix, we’re excited to continue that journey with our customers, as we address the threats of today while preparing for the challenges and opportunities to come.