BY USE CASE
Secure Distributed Work
High rise buildings as far as the eye can see, a twinkling skyline that belies endless nightlife, colorful cultural diversity, and the largest helicopter fleet in the world characterize the unique city of São Paulo, Brazil. With 20 million inhabitants and the ranking of largest city in South America, the price Paulistanos pay for working in this world-class metropolis is the massive traffic jams that some avoid with helicopter travel. Traffic chaos typically consumes three hours of the average employee’s work day.
For HDI, an international insurance company headquartered in Frankfurt with one of her main subsidiaries in Sao Paolo, and maintaining more than 60 offices in every state in Brazil, commute time was a productivity killer. “We started with Citrix several years ago, with a VDI solution accessed by VPNs,” says Gilliard Delmiro, CTO. “As our business grew, we had some concerns regarding the security of our environment and its performance.” He continues, “To better accommodate remote work and improve performance for our rapidly growing work-from-home staff, we would have had to make major investments in servers in order to have more virtual machines.”
“Citrix experts presented us with an alternative: implementing a cloud-based Citrix Workspace platform in Google Cloud Platform (GCP). This would be easy to manage and afford us better scalability,” he shares. “We would be able to control every screen that each different type of business persona uses during the day. There were a lot of potential benefits.”
Thanks to its past experience with Citrix, the team did not undergo a bidding process. Delmiro and his staff simply purchased the Citrix solution and planned and executed the implementation. “For a company that is looking for a solution that remote employees can embrace, this one brings a lot of benefits. With Citrix, you don't need to be concerned about the cryptography – using encryption keys or writing additional code isn’t necessary, because data and information are stored in the cloud,” he explains.
“With Citrix Workspace, we get financial benefits. We did not buy hardware to support more virtual machines because the solution is cloud-based. The built-in security measures are especially compelling,” says Delmiro. “In addition, Citrix Cloud has given us a management plane that makes managing our entire digital environment easier.”
As the HDI Team planned its transition to a cloud-based digital workspace platform, they realized that there was a catch that would come with increasing the population of remote staff members. More remote workers equals more and different kinds of devices, and that means more risk. Using VPN technology for access control would compound that risk.
Traditional VPNs are difficult to manage. They are not designed for enterprise environments because they don’t enable access beyond the boundaries of the enterprise network. They don’t scale up well either.
There’s more: VPNs have a high propensity to drop sessions or corrupt data. The health of the VPN connection sometimes is dependent upon the connection that end users have at their remote locations. With a VPN, it's very hard to identify and diagnose inferior connectivity.
In Brazil, legalities also factor into implementing more stringent access control. Brazil’s General Data Protection Law (LGPD), similar to the European Union’s General Data Protection Regulation (GDPR), now is in effect. The LGPD applies to the processing of personal data in these cases: if such data is processed in Brazil, if the purpose of the processing is to offer or provide goods or services to Brazil residents, or if the personal data processed belongs to Brazilian residents, or was collected in Brazil. The LGPD includes all of the legal bases for processing that are listed under the GDPR.
“The stringent requirements of LGPD, Brazil’s equivalent of GDPR, were a huge consideration for HDI,” explains Delmiro. “VPN access would have created security gaps. Our entire network would be subject to breaches such as DDoS, spoofing, sniffing, malicious software – threats that VPNs don’t detect,” he says. “Additionally, VPNs can easily put employee privacy at risk because they can’t control unmanaged devices,” he says.
While return on investment (ROI) is a strong indicator of the success of any implementation, it is difficult for HDI to assign a value to avoiding security breaches. Monetizing a great employee experience is equally difficult. “Suffice it to say that VPN-less access with Citrix has added a great deal of value in making the employee experience better and our environment much more secure,” notes Delmiro.
Secure single sign-on (SSO) and seamless access to both SaaS and web applications was critical for remote employees. For IT, access needed to be easy to configure and manage.
“Authenticating with Citrix SSO allows users to access a variety of web, on-premises, and cloud apps with one set of sign-in credentials. It’s simple, so remote workers have a better user experience -- they don’t have to remember multiple passwords,” says Delmiro. “Our IT Team now has better control over user access, has reduced password-related help desk calls, and has improved overall security and the company’s ability to achieve compliance.”
“The traffic congestion in Sao Paolo and the desire for more employees to work from home started the HDI Citrix journey and led to the company’s move away from VPNs. The coronavirus pandemic and overnight transition to work-from-home accelerated things. The requirements of LGPD loomed large,” notes Delmiro. “All of that brought HDI to Citrix Workspace for VPN-less access, and single sign-on (SSO) for internally-deployed web applications and apps delivered as SaaS. The combination of VPN-less access and SSO helps drive productivity for remote users and it mitigates security risks.”
“We believe our decision was a sound one. During the pandemic transition, we did not have any outages; we achieved 100% efficiency. Had we continued with VPNs, our environment certainly would have been impacted, especially in the cities far from Sao Paolo,” Delmiro says.
The HDI Team started its Citrix Workspace and SSO projects before the global coronavirus pandemic hit. When the government mandates forced employees to work solely from home, another problem arose -- many were forced to use their own equipment. “Now, with Citrix Workspace and VPN-less access, the team can easily manage employee activities on personal devices because everything is cloud-based. Citrix Workspace provides security controls such as browser isolation that let employees use their personal devices to access their apps securely. This would not have been possible with a traditional VPN solution.
At this point, the workforce is comprised of 2000 remote staff members. “With a bring your own (BYO) device approach, we can save money by allowing employees to use their own equipment,” Delmiro says. “Because our solution is device-agnostic, and it provides security controls for BYO, the use of any device is just a system operation. In all of our markets, this is a plus. It enables people based anywhere in the country to work in the remote locations of their choice.”
“Now, onboarding new employees is simple and quick, too. We already have the profile, applications, and permissions based on a new hire’s job function.” Delmiro says. Eventually the team plans to make the process more granular by designing a number of images for automated provisioning.
“Every business area in the company will have a specific onboarding profile tied to respective business departments. Additionally, in several months, to make the environment and customer data even more secure, controls such as water marking and copy/paste controls will be added to the security arsenal.”
Another capability that Delmiro and his team consider crucial to the success of an ongoing remote work strategy is analytics. “Citrix Performance Analytics, enables us to identify the health of applications. It identifies all kinds of issues users may encounter – inside or outside of our environment,” he describes. “My team starts the day by looking at the Citrix Performance Analytics dashboard to see what issues users are facing.
“We can be proactive and try to help resolve problems,” he explains. “Citrix Analytics flags issues and helps us assess whether the problem is the responsibility of HDI or something beyond the company’s control such as an ISP issue.” He continues, “Not only does Citrix Performance Analytics look at applications, but also, it looks at users’ end points.
“We know that this kind of experience is tremendous for the user. It’s great for IT, too, because we can decrease the number of service tickets we file with our service desk,” Delmiro concludes.
The team currently is in the midst of a proof of concept with companion solution Citrix Security Analytics. “It’s very likely that we will continue using Citrix Security Analytics because we are finding it to be powerful in identifying and assessing risky user behavior,” Delmiro says.
In addition to better security and analytics, the Citrix Workspace solution has brought even more benefits to spur productivity. “During the day, we work on a lot of different systems, some of which are legacy systems. The intelligence in Citrix Workspace is a game changer,” explains Delmiro. “Microapps and notifications enable us to perform actions much faster. We can eliminate screens from the desktop that workers won’t use, for example. This removes clutter and makes it easier to make crucial decisions during the day,” says Delmiro.
“If a manager has a human resources task to approve, microapps might come into play. It’s a one click action to do an approval. This speeds the management of employee requests. Another example is ensuring that all employees see certain communications. We use notifications and flags for that,” Delmiro notes.
“Directors at HDI currently will use the intelligent capabilities in Citrix Workspace to pull in relevant data from Microsoft Power BI into the Workspace app dashboard. Our directors will be able to see business analytics results that HDI teams have achieved today, or they can learn about the targets we’ve established, or see how many claims have come in that day,” Delmiro declares.
”There is one thing tied to revenue that has helped me personally,” Delmiro shares. “The system sends me a notification if I need to sign a new contract. That’s directly tied to revenue! Our goal is to save every employee several minutes a day with the intelligence in Citrix Workspace,” he concludes.
“With Citrix, we have found a way to increase productivity and deliver a better employee experience. We’ve made remote work more secure. We’ve used analytics to provide better service to users. And with the intelligence in Citrix Workspace, we’ve cut through the noise in the modern work environment to enable employees to streamline workflows,” says Delmiro. “Citrix Workspace will be an enabler. We’re on the road to improving productivity and employee satisfaction well into the future.”
With Citrix, we have found a way to increase productivity and deliver a better employee experience. We’ve made remote work more secure. We’ve used analytics to provide better service to users. And with the intelligence in Citrix Workspace, we’ve cut through the noise in the modern work environment to enable employees to streamline workflows.