“Zero trust is not a product or a solution. Zero trust is the concept that trust between people and access must be constantly earned.”
That line comes from an insightful series of Citrix blog posts describing zero trust security and how Citrix products align with a zero trust architecture. These posts gave me a solid understanding of the architecture, but I still found it challenging to explain how Citrix can help organizations move towards zero trust.
Why?
Most organizations understand zero trust isn’t a product, so where do Citrix products fit in and how (and why) do they help? In this blog post, I’ll look at ways Citrix can help organizations to achieve zero trust.
The Current State of Zero Trust
Zero trust security first emerged about 10 years ago as an approach that was the opposite of perimeter security. Perimeter security relies on authenticating a user coming into a network and then trusting all internal requests. This is the model we see with most VPNs today. On the other hand, zero trust requires users to constantly earn trust regardless of where they are located.
Security professionals have made it clear: Zero trust is more secure than perimeter security. A quick search of content from the RSA Security Conference turns up more than 150 hits for zero trust, compared with fewer than 50 for VPN. It’s obvious the direction that security professionals are moving.
To understand this movement better, Pulse and Citrix surveyed 100 IT decision makers about zero trust. The results showed that 74 percent of these leaders planned to assess or implement a holistic zero trust strategy.
So, with all this excitement around the next era of security architecture, why do only 9 percent of respondents use a zero trust model today?
Not So Fast – Zero Trust Takes Time
Zero trust critics are more concerned with how organizations are going to implement zero trust than the architecture itself. To this point, a Cybersecurity Insiders report of 400+ cybersecurity decision makers found that nearly half of cyber security professionals lack the confidence to apply a zero trust model to their secure access architecture. Organizations could build a new access architecture from scratch, but this is often too costly or time consuming for companies to consider. Three-quarters of organizations are interested in zero trust, but only half of security professionals are comfortable implementing it. Citrix can help fill this gap so organizations don’t have to tear down existing infrastructure or rebuild security architecture.
How Citrix Can Help
Remember, zero trust is not a product or solution. However, Citrix Workspace is uniquely positioned as a solution to help organizations achieve zero trust.
This is one thing that makes Citrix so valuable to organizations looking to implement zero trust without bulldozing their current environment. Let’s break zero trust into its components and show how Citrix helps organizations transition from perimeter security to zero trust:
Frictionless but deterministic authentication to balance the user experience with strong authentication
Zero trust demands that authentication and authorization are earned, not assumed. Citrix Gateway and Citrix Analytics gives organizations the ability to authenticate and authorize users based on identity, location, device health, service or workload, data classification, and more. This process is transparent to an end user, so the user experience is not impacted (unless, of course, they are logged off for malicious activity).
Just enough privileges to perform a given task
Citrix Workspace makes it easy for an organization to give users access to only the resources they need. The access can span native apps and desktops, SaaS and web apps, and files in one location without requiring explicit authentication for each resource type. This single sign-on (SSO) capability improves productivity and reduces the attack surface compared to multiple logins. For data protection, Citrix Workspace provides context-aware policies such as anti-screen capture, copy/paste restrictions, watermarking, and download/printing restrictions.
Observability of user behavior and activity
According to IBM, the average cost of a breach is $3.86 million and growing, so having the tools in place to detect and prevent them can save companies millions. Using Citrix Application Delivery Management (ADM) and Citrix Director provides end-to-end monitoring of user sessions and overall infrastructure health. Additionally, Citrix Analytics provides policies to detect possible malicious activity, such as visiting dangerous websites, aggressive bandwidth consumption, or risky uploads and downloads. Once triggered, these policies proactively apply defensive measures based on the user’s risk profile and can even log them off in real time, if necessary.
Now What?
For anyone working with organizations looking at zero trust, let them know that building a new infrastructure from scratch isn’t the only option! Citrix products (Citrix Workspace, Citrix Gateway, Citrix Analytics, Secure Workspace Access, and more) can help the transition from perimeter security to zero trust in ways that you might not have thought of before. Focusing on the different components that make up a zero trust architecture and leveraging Citrix to apply those components doesn’t have to be challenging. Citrix is continuing to enhance and expand its zero trust capabilities, so keep an eye out for updates!
Learn more about zero trust security and check out our overview of zero trust architecture in the Citrix Tech Zone.
