What is remote work security?

Remote work security is the protection of access to corporate-managed, personal, recreational and web applications. Securing remote workers and their applications entails identifying shadow IT, reducing risk via URL and web category filtering, implementing malware protection and configuring data loss prevention (DLP), among other techniques.

To frame it another way: Remote work security is the defense of sensitive applications and the preservation of acceptable application performance, in the context of more frequent remote access by employees. Remote workers expect ready access and fast performance, but delivering both requires keeping numerous threats (such as untrusted remote access) at bay.

Explore additional secure remote work topics:

Although traditional remote work security has revolved around virtual private networks (VPNs) and network perimeters, long-term growth in telecommuting among certain employees has necessitated more advanced cyber security practices and supporting tools.

There are three big pillars of security for remote workers today:

  1. Secure access to a full range of SaaS applications, such as collaboration software and productivity suites, within remote work environments, whether those applications are being used for work-related or personal purposes.
  2. Defense against threats and risks stemming from general web access, such as personal email and cloud storage accounts, as well as visits to YouTube, discussion forums or sports websites during remote working sessions.
  3. Application management of corporate software hosted on-premise and in clouds like AWS, Microsoft Azure and Google Cloud Platform, for instance through zero trust network access (ZTNA) within a secure access service edge (SASE).

What modern remote work security requires

Starting around 2005, the remote worker population began expanding rapidly, and by 2019 it had increased 159%, per FlexJobs. The COVID 19 pandemic further accelerated remote workforce growth, and with it, the need for more scalable, flexible and reliable defenses against the associated security risks.

Ubiquitous remote working means that the classic network perimeter model of cyber security — under which initial remote access is granted via VPN, and any subsequent activity within the corporate WAN is deemed safe — no longer works. More specifically, remote workers need access to data and applications from virtually anywhere, and often from multiple devices.

However, the perimeter-based approaches to remote work security cannot secure the volume and variety of such remote access requests:

  • In addition to on-premises applications, workers now must access SaaS apps in public clouds. These apps exert a major strain on perimeter-based security and MPLS WANs. SaaS traffic flowing over a traditional WAN to VPN users must first be backhauled through a data center, a process that degrades performance and leads to remote workers turning off their VPNs altogether. But enabling such direct access to the cloud exposes them to numerous cyber security threats.
  • Remote employees are using personal devices instead of company hardware, complicating endpoint management. Corporate networks cannot assume that any remote access request is legitimate until multiple remote security measures have been applied, as it might come from any number of unmanaged device types. Moreover, users within VPNs have discretion to move laterally through a network, spreading malware. Context-aware “just in time” and just enough” access models are needed instead.
  • VPNs are not built to scale. With increasing remote work and hence more users reliant on VPNs, enterprises need more security hardware than ever within their data center. Scaling this hardware-based architecture is a complex, slow and costly process. Increasing amounts of encrypted and high-bandwidth application traffic going to cloud-based applications and the web at large only worsens this problem.

The third issue, with VPNs, highlights the overall challenge in enabling modern remote work security — namely, how to balance airtight application and data protection with acceptable performance and streamlined access for legitimate end users across the company WAN.

Amid the growing security risks from dangers such as malware and insider threats, remote security solutions must:

  • Go beyond the overly permissive and “assumed safe” structure of VPNs.
  • Replace hub-and-spoke WANs with a SASE that combines a software-defined WAN (SD-WAN) capable of securing and directing cloud-bound application traffic without needing to backhaul it first.
  • Mitigate threats from these sources, namely SaaS and web access, that aren’t under IT’s direct control, using SASE mechanisms such as secure web gateways (SWGs) and cloud access security brokers (CASBs).
  • Implement ZTNA principles like network segmentation and traffic isolation, to shrink the attack surface and protect data and users on any app, in any location, and from any device. ZTNA is an important component of SASE.
  • In this way, SASE secures traffic to SaaS and web properties and also preserves application performance and user experience, since MPLS-style backhaul architectures aren’t necessary.
  • Enable protections through software agents on managed remote employee endpoints running any common OS, including Microsoft Windows, macOs, Chrome OS, Linux, iOS and Android.
  • Improve upon single sign-on (SSO) by making it more contextual as well as compatible with a wider range of applications.

Together, these measures protect data and users from numerous cyber security risks that would otherwise go largely unchecked among remote workers and the applications they use.

The biggest security risks for remote employees

Integrating remote worker security measures that go beyond VPNs and backhaul architecture is essential, given the depth and breadth of cyber security risks. Some of the most prominent threats include:


Phishing attacks are a blunt, yet effective, way for their perpetrators to extract sensitive data like login credentials, using common communications channels such as email or chat. In a remote work context, phishing emails nominally about changes to corporate policies have become especially common phishing vessels. Scams related to prizes or “urgent” matters like tax filing remain popular, too.

For example, an employee might receive an important-looking email saying that the company is updating its telecommuting policy as part of a “back to the office” move. But once they open it and click a link in it purporting to lead to a page with more details, their account is compromised. Using a VPN, the attacker may be able to move laterally through the network and cause additional harm. Continuous and contextual security risk assessment is needed.

Weak password security

Even though passwords are fundamental to cyber security as we know it, the creation and overall management of them is a source of countless problems. Employees frequently recycle the same weak passwords across accounts, potentially exposing all of their data to exfiltration if just one login is compromised.

Worse, passwords that they use on personal accounts are reused on corporate ones as well. In 2020, the average user shared 8 passwords across personal and corporate accounts, meaning that a breach affecting their private email accounts could have major ramifications for the safety of their workplace data. The sheer scope of SaaS and web app usage makes poor password hygiene a major threat to remote work security.

Unmanaged personal devices and remote access

In the old world of perimeter security, IT could extend its perimeter to a set of trusted managed devices, like company-owned PCs, and enable VPN access from them. That paradigm breaks down in a remote work world, in which employees are typically using an unmanaged personal like their own phone and laptop.

Someone with a VPN client installed on a personal device could access their company applications, but there would be distinct security risks involved. The personal device in question might not be properly patched or running the most up-to-date software. Accordingly, they could open up new vulnerabilities across the network after gaining remote access to it.

Unsecured direct access to cloud and SaaS apps

Because the combination of VPNs and hub-and-spoke WANs takes a major toll on performance and user experience, it’s common for a remote worker to seek out alternatives that “feel” better but are less secure. As problematic as VPNs are overall, this approach of using no protections at all is far riskier.

Remote workers run the risk of malware infections that can leak sensitive data and cost their organizations significant sums, in the form of data breaches and ransomware campaigns.

Securing data and applications across remote environments

To mitigate the device and data security risks facing remote workers, organizations must protect cloud and on-prem corporate applications, while simultaneously securing SaaS and web access. The best remote worker security solutions for these purposes will be tightly integrated within a single-pass architecture that reduces latency and maximizes performance.


At a fundamental level, SASE makes network access more secure without compromising on performance. It connects users to any type of application — including SaaS, internally managed apps, virtualized ones and web properties —by way of a variety of security mechanisms, including SWGs, CASBs and sandboxes. SASE safely connects a remote worker to any app, on any device, from any location, and doesn’t require setting up a bunch of firewalls at every branch.

Meanwhile, as part of SASE, ZTNA trusts no one by default, instead using continuous monitoring and validation of all user identities via mechanisms like multi-factor authentication (MFA). The zero trust approach is ideal for remote work security because:

  • Users must be explicitly authorized with MFA and their devices are continuously profiled for risk based on criteria like patch levels.
  • A remote worker only gets the minimum level of remote access needed for their roles, unlike the broad access granted through a VPN.
  • Traffic microsegmentation cordons-off risky remote users and personal devices, curtailing lateral movement through the network.

Secure Internet Access

Organizations must keep up with the surge in application traffic from remote workers, and the easiest way to do so is to move beyond traditional hardware-centric approaches to remote work security. A solution such as Citrix Secure Internet Access delivers comprehensive remote work security in a single scalable service.

More traffic — whether from corporate-sanctioned, SaaS and general web applications — means a heavier load on hardware appliances and, in turn, the need to either upgrade them at great cost periodically or deal with performance slowdowns as encrypted traffic gets inspected. Securing internet access through software instead offers a superior way forward, thanks to capabilities including but not limited to:

  • Numerous threat intelligence feeds that between them can identify a wide range of risks. Additional feeds can be easily integrated via an open API-based design.
  • A single-pass architecture that decrypts and inspects traffic just one time, delivering much better performance than service-chained architectures with multiple inspection points.
  • Complete protection that includes DLP, malware defense, SWGs and more, to block the variety of threats that can hide within application traffic today.


Traffic visibility is essential when evaluating risks from and to remote workers. To that end, an analytics solution may provide deep visibility into data points such as usernames, time stamps and source IP addresses, and also use AI to identify high-risk users and activities. 


MFA is one of the most reliable ways to block automated cyberattacks as well as limit the damage from password theft and recycling. Single Sign-On (SSO) streamlines the user login experience and simplifies identity and access management for IT. Integrations with identity providers make MFA and SSO setup simpler.

Citrix solutions for remote work security

Citrix offers comprehensive and always up-to-date remote work security solutions that are easy for security teams to implement:

  • Citrix Secure Internet Access is a cloud-delivered security service for securing remote workers from any location or device. A full replacement for hardware security stacks, it integrates 10+ threat intelligence feeds for robust malware defense.
  • Citrix Secure Workspace Access offers MFA and SSO, so that small businesses can enable remote access for their employees without the risks and complications of traditional password management. It also facilitates VPN-less access to cloud and SaaS apps, as part of a zero trust approach to cyber security designed to minimize the attack surface. Organizations can support safer, more scalable remote work.
  • Citrix SD-WAN is an integral part of SASE. It enables a purpose-built, application-optimized network that provides the performance and security crucial to sustaining remote working environments.
  • Citrix Analytics offers the insights necessary for identifying and resolving security and performance issues as quickly as possible.

Learn about how to get started with Citrix Workspace, or read more about SASE.

Additional Resources