Announcing the technical preview of Citrix Access Control

Key Features: SSO to SaaS, web and Citrix virtual apps and desktops; web filtering to control user access to unsanctioned SaaS apps and the internet; cloud app control to manage access and data after the user authenticates to SaaS and web apps.

As enterprises embrace hybrid cloud, SaaS, and web apps, they face challenges ensuring a consistent end user experience, and guaranteeing security and compliance across their SaaS, hybrid, and multi-cloud application delivery environments. Citrix’s differentiated approach to security with secure digital perimeter (SDP) extends the perimeter into the cloud apps and across multiple devices and networks where business is conducted and workers are collaborating.

Enterprise IT teams claim users are connecting to anywhere from three to 20 and more SaaS apps to get their work done. Many of these apps are not sanctioned by IT or the business. IT has limited visibility and control on the information that gets stored in these unsanctioned SaaS applications. This behavior leads to two challenges: (1) How can IT and security teams control company information and intellectual property from being shared with or stored in unsanctioned apps? (2) How can an enterprise effectively apply controls to the actions of users once they have authenticated to a set of sanctioned SaaS apps?

While the traditional single sign-on (SSO) and Identification as a Service (IDaaS) solutions provide a great end user experience and a platform to define and enforce all access control policies in one place, enterprise IT and security teams are looking for more than just traditional SSO to enable better control of the access and use of SaaS and web apps. According to the Cloud Security Alliance, nearly 77 percent of SaaS-adopting enterprises have experienced SaaS-specific security incidents.

Recently, we announced the Citrix Gateway service which provides single sign-on (SSO) to SaaS, web and Citrix virtual applications. Today, we are taking a big step forward with our secure digital perimeter strategy. Citrix is announcing the technical preview for a new cloud service, Citrix Access Control (CAC), which builds on the SSO and multi-factor authentication (MFA) capabilities included in the gateway service to offer additional granular policy control for the access and use of SaaS and web applications. Together with advanced analytics based on user behavior analysis and their risk scores, CAC strengthens the overall security posture of delivering the secure digital workspace to the enterprise end users.

Laura Padilla, Head of Business Development and Channel at Zoom, a 2017 leader in the Gartner Magic Quadrant for modern enterprise video communications and a Gartner Peer Insights Customer Choice Awards, had this to say: “We bring teams together in a frictionless environment to get more work done. We’re excited to partner with Citrix for our mutual end users to benefit from an instant sign-in experience via Citrix Workspace SSO, allowing IT admins to gain more visibility and control with Citrix Workspace Analytics.”

Citrix Access Control enables IT and the security teams to better control and monitor company data in SaaS and internet applications. This helps strengthen compliance requirements for example, with the Children’s Internet Protection Act (CIPA), a federal standard to prevent school children or enterprise users from unwittingly visiting malicious websites.

In particular, Citrix Access Control provides the following benefits:

  1. Enhanced security and visibility for SaaS and web with the enhanced cloud app control capabilities
    Enterprises can protect intellectual property and prevent it from falling in the wrong hands. Actions such as copy, paste, download, and watermarking pages, can be controlled for sensitive information and files.
  2. Monitor and control access to unsanctioned SaaS apps and the internet
    IT and security admins can blacklist and whitelist URL categories to permit or deny access to websites and also monitor and take actions on usage of unsanctioned SaaS apps and internet sites.
  3. Multi-Factor Authentication (MFA) with support for Microsoft Azure AD and on-premises
    The current Citrix Gateway service supports Microsoft Azure AD for MFA, as well as on-premises Active Directory for 2-factor authentication using native one time password (OTP). For more, please refer to the Citrix Gateway service announcement.
  4. Pre-configured application catalogs
    Citrix Access Control supports well known SaaS apps (see below) in its out-of-the-box catalog. Admins can use pre-configured application templates to publish the apps and configure single sign-on policies.

Microsoft Office 365, Salesforce, GSuite, Slack, Zoom, Expensify, Workday

“We’re excited to work with Citrix on their new Workspace offering to save time and improve the experience for mutual customers,” says Jason Mills, Director of Sales and Success at Expensify. “Our joint customers will benefit from a seamless and unified user experience with secure access and SSO to Expensify along with all their other apps.”

Citrix Access Control together with advanced analytics enables IT and security teams to identify and prevent malicious user behavior. With risk indicators and criteria to help detect user anomalies when using SaaS applications, admins can configure the policy controls to quickly identify and alert IT about bad or risky user behavior. This lowers the risk of insider threats and enables IT to deliver a secure digital workspace.

Citrix Access Control helps enterprises that need to execute the following use cases:

  1. Require SSO and the ability to apply security controls on the use of SaaS
  2. Require control of user access and the usage of unsanctioned SaaS apps
  3. Require SSO support for XenApp and XenDesktop cloud service or for on-premises deployments

With the CAC service, XenApp and XenDesktop customers get unified experience and SSO across all application types. Because all the access and usage traffic will go through this service, CAC allows for end-to-end visibility and control over data in SaaS and web applications.

In summary, enterprises have become more susceptible to cyber-security risks as work becomes more distributed and employees use cloud apps without IT’s knowledge and consent. IT is increasingly uncertain about which SaaS and web apps are being accessed, or where sensitive data resides. Citrix Access Control alleviates such cyber-security concerns; it provides IT and security teams with policy controls they never had before for managing the access and use of SaaS, web and the internet sites.

How to access the Technical Preview for Citrix Access Control

If you are interested in test-driving the technical preview, please send in your request here. We are accepting requests, starting today.

For Citrix Investors
This release contains forward-looking statements which are made pursuant to the safe harbor provisions of Section 27A of the Securities Act of 1933 and of Section 21E of the Securities Exchange Act of 1934. The forward-looking statements in this release do not constitute guarantees of future performance. Those statements involve a number of factors that could cause actual results to differ materially, including risks associated with the impact of the global economy and uncertainty in the IT spending environment, revenue growth and recognition of revenue, products and services, their development and distribution, product demand and pipeline, economic and competitive factors, the Company’s key strategic relationships, acquisition and related integration risks as well as other risks detailed in the Company’s filings with the Securities and Exchange Commission. Citrix assumes no obligation to update any forward-looking information contained in this press release or with respect to the announcements described herein. The development, release and timing of any features or functionality described for our products remains at our sole discretion and is subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.