There are two types of organizations: the ones that know they have been under a cyber-security attack, and the ones that don’t know they have been under a cyber-security attack. It’s common to hear this from people who work with an organization’s security or risk management departments. It’s not a knock on their level of preparedness or competence; it’s is just a reality we live with, especially considering the prevalence and frequency of cyber-security attacks.

Considering the impact that a cyber-security event can have, companies need to have in place a proper risk management framework that aligns with changing business priorities that impact technology decisions. In the recent decade, with more companies moving to the cloud and the accompanying complexity introduced by cloud-first strategies, security teams must update their risk management models.

From a risk management standpoint, regardless of the type of cloud deployment model, there are two important aspects of cloud security that make it difficult to plug security gaps and demonstrate why legacy risk management frameworks need to be updated:

  • The cloud customer is always legally responsible for all mandates applicable to the loss of data, regardless of the financial penalties accrued on the cloud provider as per the cloud contract.
  • Risk can never be eliminated. It can only be avoided, transferred, mitigated (or attenuated), and accepted.

Some technology vendors filled these gaps by updating solutions to support cloud-based deployment models. This has helped but has left organizations managing a matrix of point solutions that has only increased the complexity they have to manage and that has led to a decentralization of security policies across a disconnected set of security solutions. Most solutions in the market focus on hardening the data at rest and in transit and securing the devices, applications, networks, and hardware. But few solutions secure the user experience, which changes across different apps, devices and networks.

At Citrix, we’ve responded by designing cloud-native solutions with standardization and simplification at their core, with the flexibility to update peripheral risk management frameworks. Citrix’s user-experience-centric security approach focuses on centralizing the security posture across applications, devices, and networks.

Be on the lookout for future posts, where I’ll look at how Citrix approaches the four core aspects of risk management:

  • Risk avoidance
  • Risk transference
  • Risk mitigation/attenuation
  • Risk acceptance

I’ll consider how some of our customers are managing risk using solutions that make up the Citrix Workspace experience, while highlighting a security approach that centers on protecting the user experience.