In Part 2 of our series on Citrix Secure Workspace Access, we looked at how Citrix enables multi-factor authentication (MFA), single sign-on (SSO) with contextual access, and secure unified access web and SaaS apps.
In Part 3, we’ll look at how unmanaged and unauthorized devices pose a security risk for organizations. IT often doesn’t have visibility into the unmanaged devices’ health, accessing the internet, and personal content. These devices have a high risk of being affected by malware, keyloggers, and malicious content.
Citrix Secure Workspace Access implements various security layers, enabling trusted users on unmanaged devices to access corporate apps and data, effectively allowing IT to manage such security challenges.
Anti-screenshot and Anti-keylogger Capabilities
The increase in flexible work and the use of personal devices for work have created new security challenges. IT cannot defend against devices infected with malware with no insight into device health, especially those with keyloggers or screenshot malwares that can enable attackers to exfiltrate sensitive corporate data.
Corporate-managed devices go through regular health checks to ensure that devices meet safety requirements. However, most end users won’t take the same care with personal devices. So if a user accesses corporate resources like apps or document repositories, the malware can exfiltrate login information and any data presented on the user’s screen.
App protection secures unmanaged devices by scrambling keystrokes and returning screenshots as blank screens, protecting corporate data from keyloggers, or screenshot malware.
The anti-screenshot and anti-keylogger capabilities work natively with Citrix Workspace. However, suppose the user doesn’t have Citrix Workspace installed. In that case, the Secure Browser Policies and Isolation is dynamically initiated, offering access to the SaaS or Web application from a secure cloud-hosted browser (more on that later in this post).
Web Filtering for sanctioned apps
Citrix Secure Workspace Access offers native web filtering capabilities, preventing users from accessing restricted websites and links that are embedded within sanctioned corporate apps. IT can choose to block specific URLs or categories of sites like gambling, social media, torrent, video streaming, and many more.
If you are looking for a full fledged replacement of your Secure Web Gateway and URL filtering proxies, take a look at our Citrix Secure Internet Access solution.
Secure Browser Policies and Isolation
Browsing the internet poses another risk to enterprises, exposing them to vulnerabilities in websites, browsers, and browser plug-ins. Malware that might live on employees’ devices can also pose a serious risk to corporate resources.
While most users understand they shouldn’t visit potentially risky websites on their corporate-issued devices, they may not take the same care with their personal ones. In response, some organizations even completely disallow internet browsing, severely affecting productivity.
Citrix Secure Workspace Access includes a secure embedded browser capable of applying enhanced security policies, and whenever enhanced security policies are enabled, the embedded browser is used. But suppose the user is not using Citrix Workspace, but rather a native browser. Then a more secure mechanism is required.
Citrix Secure Browser service, a Chromium-based browser hosted in Microsoft Azure, enables users to navigate the web and apps securely without introducing risk to the corporate environment. Threats that may be introduced by visiting malicious websites are isolated off the corporate network and devices. The browser is stateless and discarded at the end of each session, ensuring that any malicious software encountered while browsing the web never reaches your corporate infrastructure.
The animation below demonstrates the high-level flow of Citrix Secure Workspace Access when using the Citrix Workspace app to provide SSO to SaaS applications and access web apps using the Secure Browser service when a user starts a session without using a native browser.
Get Started Today
Citrix Secure Workspace Access is a cloud-native solution and an integral part of Citrix’s zero trust framework. Learn more about zero trust network access in the Gartner 2020 Market Guide for Zero Trust Network Access and schedule a one-on-one session led by a Citrix expert.