This is the second post in a series — “What does Citrix do?” — that explores our technology and how it powers a better way to work and improves peoples’ lives. Read about Content Collaboration here.
It’s a new user-centric paradigm in protecting enterprise resources, and it dynamically adapts to the specific context in which users are operating. I’m talking about the Citrix Secure Digital Perimeter (SDP).
SDP protects the digital workspace by fusing visibility, control, and protection. As a dynamic, people-centric perimeter, it expands to virtually surround the user, apps, content, and network — in a hybrid, multi-cloud, and multi-device environment. But before we go any further, let’s consider the current state of security.
For defenders, data breaches have a huge impact on business, and making a business case for security is a top-level agenda item. This is the new norm, and security is increasingly a board-level issue. It’s no longer just in the hands of the CIO/CISO.
As for the attackers, everyone realizes that they are no longer the “script kiddies” from over a decade ago; they are now serious criminal organizations and nation states. Attackers have learned how to monetize gaps in security. Monetization manifests as ransomware, stealing secrets, or influencing some form of political manipulation.
The ever-increasing sophistication of social engineering is enhancing the attacker’s weaponry: It is becoming much easier for someone with malicious intent to masquerade as someone else (e.g. an employee) to gain access to company apps and data. A distinct shortage of skilled security personnel across our industry is compounding this perfect storm. There are presently over 1 million unfilled security jobs. Even if you wanted to invest in a large, quality security team, you couldn’t.
Shifting from Attack-Centric to People-Centric
These realities are precipitating a shift from traditional attack-centric defenses — essentially defending against a whole set of unknowns — into a people-centric approach to security in which your knowledge of the user and what that user should be doing becomes a key indicator of potentially malicious activity.
Some organizations are unable to move away from the traditional perimeter style of defenses. They may prefer to force their users back into the traditional perimeter to apply security policies. This is control at the cost of user experience and performance.
Organizations also try to plug the gaps that opened in the traditional perimeter. Numerous new cloud security services have emerged to solve some of these issues, including things such as identity as a service, cloud access security brokers, and cloud-based secure web gateway services. This creates a cost-prohibitive level of complexity and a high degree of policy fragmentation. A simpler approach is required to reduce security complexity, improve security management, and reduce the high level of human intervention. The need for a new security framework was confirmed in research we did with the Ponemon institute in 2017: 74 percent of the enterprises we engaged with recognized the need for new security frameworks.
One of the most significant of these new approaches is the Citrix SDP. It leverages cross-product visibility and control as the basis for delivering a new security framework. The traditional security framework that revolved around establishing a static security perimeter wrapped around the on-prem data center no longer is relevant. With apps and data progressively moving outside the traditional data center and users increasingly becoming more mobile, the new perimeter needs to be highly dynamic. It needs to be everywhere. The old perimeter is eroding, porous, and fast-dispersing among the thousands of SaaS apps and services that exist today. Essentially, you must assume that the internet is the new perimeter.
Balancing User Experience and User Protection
When you think of security, you can actually think of products in three camps: visibility, control, and protection. This applies to any security product, whether it’s a traditional one or a next generation one.
- Visibility provides a view into the user’s actions — the who, what, where, and how.
- Control provides the policy framework to enforce actions — allow and deny.
- Protection provides active defense by identifying and stopping bad software. SIEM, firewalls, and antivirus are respective examples of visibility, control, and protection.
The new security framework focuses on visibility and control, and partners for protection, a natural fit given the end-to-end reach of Citrix solutions and the extensive security ecosystem.
For visibility, our company developed Citrix Analytics, a security-based analytics solution that brings our cross-portfolio visibility into a single domain. It’s a user entity behavior analysis solution that feeds from all points in portfolio. Machine learning is leveraged to develop risk profiles for users. Our analytics solution vastly cuts down the time to discovery — in other words, IT gets to know about threats and anomalies sooner and can respond quicker. While the initial focus is on security, we know that aspects such as productivity and operations are equally strong analytics use cases.
What happens if Citrix Analytics discovers something? What do you do about it? In addition to providing a common visibility framework, Citrix is building a similar single control framework. The Common Policy Framework normalizes all controls into a single control framework. Policy-based controls are catalogued into a single framework that assesses anomalies in behaviors and assigns rules as to how to handle them.
The SDP concept spans all Citrix on-prem and cloud-hosted solutions. That means that for those customers that have already invested in our technology, they can be happy that they made the right decision.
A great example of the SDP philosophy making it into the current marketplace is the Citrix Access Control solution we launched last August. It takes assets from Citrix Workspace such as Workspace App/Services and Networking (Gateway and Secure Web Gateway) and fuses them with Citrix Cloud capabilities such as Citrix Analytics and Identity. This not only delivers secure access to web, SaaS and Virtual Applications being consumed within the Citrix Workspace, but also delivers the potential to engage Citrix Analytics to deliver the new level of security visibility we’ve been talking about.
As we know, a key tenet of security is availability. Outages or attacks that render resources unavailable to users succeed in breaching an organizations security and cause productivity to suffer or screech to a halt. When combined with Citrix SD-WAN, Citrix SDP ensures an extra layer of protection for always-on connectivity and interactive services like VoIP that require a constant well-performing connection from the branch to the data center or the cloud. SD-WAN provides the mechanism to ensure that users benefit from the best-performing WAN link regardless of an individual link outage or performance degradation such as packet-loss, jitter, congestion, or latency. By bonding multiple links and selecting the best path, SD-WAN addresses not only blackouts but more tricky and ephemeral performance losses and brownout situations. This ensures application and resource availability, as well as contextual performance.
Securing an enterprise is a constant tug of war between user experience and user protection. Lock access down too much and both experience and productivity suffer. Conversely, relaxing protection too much increases the likelihood of breaches. Finding the right balance requires visibility, control, and protection of what we know — the end user — because taking an attack-centric approach to security leaves organizations navigating blindly, in a reactive posture and waiting for the next attack. This is where Citrix Secure Digital Perimeter shines: It knows the user and can distinguish between normal and potentially malicious behavior.
Click here to learn more about our people-centric approach to security.