Are you frustrated every time you have to login or access new computing resources? Cumbersome credentials, onerous IT requirements, and the inability to leverage your own technologies may help security, but at the expense of productivity — and that can quickly devolve into creative workarounds of IT security policies.

Worse yet, not having strong enough security measures available that are integrated and automated leaves the most sensitive data exposed to damaging breaches, including data loss, misusage, overexposure and other all too familiar forms of compromise.

Aren’t we supposed to be moving away from the use of passwords?

For many, the whole concept of access has been broken as the workforce has become more mobile, distributed, tech-savvy and heterogeneous in their security needs.

Traditionally, IT has designed information security around technical baselines, standards, one-size-fits all solutions and all the other so-called best practices. When the IT department owned and controlled access, this approach may have worked. But a workforce stampeding to mobile, web, SaaS and cloud-based applications – mostly supplied outside of IT – means it’s time to refactor secure access to make sense for a modern workforce.

Desktops and applications are available to me anywhere, any time, on any device. But what about security? There may be some instances where I, as a user, shouldn’t have access to certain sensitive applications and data. That’s where Citrix provides the power of contextual access. — Scott Lane

How To Architect for Contextual Access

Contextual access is all about adapting to ever-changing situations involving devices, locations, data sensitivity levels, threats and vulnerabilities that are risk-matched to desired business outcomes. A powerful way to design contextual access considers all aspects of the 5 W’s of Access – factoring who, what, when, where and why into every access and transactional event. Once access factors have been determined and vetted, access methods can focus on how access should be granted. These methods include:

  • Direct access to resources, virtualized access that keeps sensitive data centralized and containerized, and access that securely enclaves sensitive data for offline access, sharing and distribution.
  • Application-specific networking encrypts data in transit and transparently extends enterprise network visibility and control to mobile, cloud and the network edge.
  • The ability to allow or restrict clipboard functionality, define specific usage of peripherals, enforce location-aware behaviors, enforce storage directives and directing the ability to distribute sensitive data are just some of the access methods under contextual control.

With automated access controls constantly evaluated and applied dynamically at the point of service, security decisions are consistently applied across all the different ways we work.

See what contextual access brings to the security experience in this short video, featuring Scott Lane, Citrix Distinguished Engineer.

Evolving Access Considerations

Access workflows assure that sensitive data boundaries are set and managed. The authority to exceed defined boundaries requires explicit approval and oversight and can incorporate digital signatures, watermarks and session recording as security measures. Workflows with scripted exception management can even include multi-level review and approvals for tasks that would otherwise exceed individual authority. Building access workflows allows the organization to better manage the process of enabling access by exception and avoid allowing excessive access by default.

As access governance evolves, machine learning will assist the organization in better understanding normal usage to fine-tune access policies and methods to match how business is being conducted. Machine learning will be core to understanding expected behaviors and responses as IT and line of business owners collaborate in appropriately securing service delivery. With a view into access attempts, requests, usage and workflows, artificial intelligence will further our understanding of how access relationships enable or impede security and automate the continuous delivery of desired security outcomes. These technologies will increasingly be leveraged to compliment human interaction and decision making, with the goal of more autonomous and instantaneous security lifecycle management. Contextual access will be an early beneficiary of artificial intelligence and machine learning by enabling greater visibility and fine-tuned control over the complex situations we all live, work and interact in.


For more information, check out citrix.com/secure and read our latest case study, featuring Kansas Development Finance Authority (KDFA).