Depending on the time of day, these discussions often lead to tasty beverages and hot topics like data privacy and cloud computing. Given how often I get asked this question, I decided to blog about it. (Disclaimer: This blog post is by no means meant to prevent us from having technical discussions over tasty beverages.)
How Does Citrix Analytics Protect the Citrix Workspace?
Here’s the short answer.
Citrix Analytics is part of Citrix Workspace. That means all Workspace customers are entitled to Citrix Analytics. It is a multi-tenant solution that uses machine learning to profile all Workspace users in the customer environment. When an end user exhibits anomalous behavior, like logging in from an unusual location one fine day, Analytics flags the user. What’s more, the admin can configure closed-loop actions to prevent flagged users from causing more damage. For example, the admin can configure Analytics to block a user’s device if the user was, indeed, in an unusual location. To reduce false positives, admins are encouraged to feed more data to the system.
If that made sense, read no further and go spread the word! If not, read on. Go on, grab a beverage. It’s going to be a long read.
Concept #1: No Consent, No Data (a.k.a. Turnkey Data Sources)
Citrix Analytics does not collect any data without your consent. What’s more, Citrix Analytics does not need much configuration because we’ve simplified the onboarding process to make it turnkey. Once the admin gives consent and onboards the service, data starts getting processed.
What data? Do I really need to send you data?
Fair questions. All Citrix Cloud services, like Citrix Virtual Apps and Desktops and Content Collaboration, send control data to Citrix Cloud. This data is integral to the functioning of Citrix Cloud. Analytics processes this data to provide additional value.
The key operating words here is processing vs. pulling. Citrix does not arbitrarily pull data from your environments.
- Citrix Analytics does not parse and process this data without customer consent.
- The contents of the data payloads are all clearly documented in this Citrix Analytics Data Governance guide.
- Data is transmitted as discreet events encoded in JSON.
- Each event is less than 5 KB, so even at scale, a large organization with thousands of employees will only send megabytes of data and not gigabytes.
- You can turn on and turn off data processing at any time.
- You can also access the raw data and see for yourself. Details of the raw data are documented here.
So, the bottom line? Citrix Analytics does not hoover your data. In fact, we don’t touch your data without your consent. So now that we have the data story out of the way, let’s talk about how we secure Citrix Workspace. And repeat after me: “Citrix Analytics does not hoover my data.”
Concept #2: It Takes Data To Protect Data (a.k.a Vantage Points and User Profiles)
For millennia, security professionals have protected critical infrastructure against threats by observing people for suspicious activity from key vantage points. Things have not changed much though. Even today, the practice continues in both the physical and virtual realms. Many cybersecurity vendors use software and hardware sensors to collect data from different vantage points in your organization. SOCs are filled with cyber sleuths who tirelessly analyze this data, looking for suspicious behavior.
Citrix products manage access to critical aspects of your environment like networks, apps, and data. In other words, they are deployed in key vantage points in your environment. As they (only cloud-enabled products) transmit events to Citrix Cloud, they serve as sensors. Like human analysts, the machine-learning algorithms in Citrix Analytics analyze this data and look for suspicious activity. If something suspicious is found, the admin is alerted. In the process, Citrix Analytics also creates a solid, 360-degree profile of your users and environment. This way, data from Citrix products can be used to protect your infrastructure.
Hold it! Did you say user profiling?
Oops, I did it again! OK, let me explain.
Yes, we create user profiles using data sent to Citrix Cloud. User identity is limited to email IDs or active directory IDs assigned to your employees. Once again, make sure to read our data governance docs to see what I mean. We do not collect any government issued ID information on your users. As the data comes from different sources, we correlate the user identities to build that 360-degree view of the user. To see what a user profile looks like, go to our docs. The baseline profile takes a few weeks of machine learning, and changes are evaluated every 15 minutes. When suspicious activity is detected, the risk score of the user is increased and an alert (also known as a risk indicator) is displayed.
Building a user profile is critical to protecting an employee’s workspace. It’s impossible to do this manually, given the prolific growth in threat vectors. The Citrix Workspace consolidates all work assets (apps and data) to boost user experience and productivity. Whether is it disgruntled employees exfiltrating data or bad actors compromising an employee’s identity, the biggest cybersecurity threats to all organizations is human behavior. Protecting the Workspace requires a deep understanding of the user that it is assigned to.
It takes data to protect data. Sophisticated cyberattacks cannot be prevented by manually observing people. We believe that dashboards are great but they also cause “dashboard fatigue.” In the words of Citrix Analytics VP Kedar Poduri, “Pie charts will not stop threats.” So, the solution is to feed a safe dataset, mostly metadata, to an AI/ML system to analyze.