POR CASO DE USO
ABAG Group protects web, SaaS, and digital workplace access for branch and home-based workers with Citrix Secure Internet Access
Asamer Baustoffe AG transitioned from multiple security appliance vendors to a single comprehensive cloud-delivered security service by Citrix. As a result, The IT team enabled employees, within just weeks, to work securely and productively from any location. They did this while consolidating vendors, reducing cost of ownership, and adding new security functions – all with Citrix Secure Internet Access.
The Asamer Baustoffe AG Group (ABAG Group) specializes in high-quality raw and building material solutions with core competencies in concrete and cement. Today, the group includes eleven companies with around 450 employees across Austria, Slovakia, and Bosnia-Herzegovina as well as the neighboring markets.
The ABAG Group has decades of experience in the extraction of natural raw materials and the production of important building materials. Whether it is tunneling, building construction, civil engineering, or road construction, the company supplies the right concrete or cement of the highest quality for every project.
When strict lockdown restrictions came into force in Austria in March 2020 due to the COVID-19 pandemic, this also affected the ABAG Group's business. Work on many construction sites could continue - in compliance with the relevant distance and hygiene regulations. However, the company was required to enable all office employees to work from home.
In just two days, the IT department set up 250 home office workstations to provide secure access to office applications and ERP systems virtualized in the data center. ABAG Group's existing Citrix Workspace and Gateway deployments enabled this quick transition.
“Thanks to Citrix, we were able to immediately enable our users to access their workspace with all important applications from home," says Christian Katterl, Team Leader Technical IT at ABAG. "As a result, our colleagues were able to work productively during the lockdown and complete all pending tasks and customer inquiries.
Nevertheless, the changing working world also raised new questions about IT security: "Within the company, of course, we have a firewall in place, we can filter web content and check data streams for malware," explains Christian Katterl. "But when our employees work at home with company-owned devices via their private WLAN, we no longer have any control over Internet traffic."
This is precisely the situation that cybercriminals are increasingly exploiting. Recent security statistics show that home office users have been increasingly targeted by ransomware and phishing attacks since the outbreak of the COVID-19 pandemic. "Even though we have not been affected by this before, we realized that we needed to strengthen our protection measures at this point," says Christian Katterl. "We evaluated several security products, but they could only ever partially meet our requirements. When Citrix Secure Internet Access was introduced, we finally took a closer look at this solution."
Citrix Secure Internet Access (Citrix SIA) is a comprehensive, cloud-delivered security service that secures access to web and SaaS applications - regardless of the location, endpoint, or network over which the user accesses them.
To protect users from web-borne threats, SIA bundles multiple security services into one integrated solution. A Secure Web Gateway uses URL filtering to block access to unwanted websites and scans all encrypted and unencrypted web content for potential threats. Cloud Access Security Broker (CASB) functions help identify and manage access to sanctioned and unsanctioned SaaS applications. Malware protection capabilities keep employees protected from known, unknown, and zero-day threats. Data Loss Prevention and Anomaly Detection functions ensure that sensitive corporate information is not lost to bad actors.
With Citrix's support, the ABAG Group conducted a proof-of-concept (PoC), extensively testing the solution's features and deployment capabilities. To do this, the IT organization designated groups of test users at all of the company's key locations.
"Our first impression was that the solution was very easy to set up," reports Christian Katterl. All that had to be installed on the test users' Windows notebooks was the CSIA Cloud Connector Agent. This agent forwards the entire Internet traffic of the end device to the Citrix SIA service for checking. The solution automatically uses the nearest of SIA's 100 distributed points of presence (PoP). The service's security settings are set through Citrix's cloud-based management console.
"Citrix SIA gives us a wide range of configuration options," explains Technical IT Team Leader. "We can use categories and keywords to specify precisely which web content should be inaccessible to users. Gradations of different user groups or time restrictions are also possible. If a user tries to access an unauthorized URL - such as a known phishing website - he or she will be shown a warning message instead of the website."
The PoC also demonstrated that web security checks do not come at the expense of user experience. Encrypted traffic is decrypted, checked, and then re-encrypted only once in SIA's single-pass architecture - a major advantage over single security solutions that check data streams in multiple steps, often degrading performance. "With SIA, all-important web applications, such as the online banking service, could be used smoothly and without any perceptible delays," confirms Christian Katterl.
After the successful PoC, the IT managers at the ABAG Group quickly decided to deploy the solution throughout the company: "Citrix SIA gives us full control over access to applications and content on the web, even in the new hybrid working world between the office and home office. This makes securing our digital workplaces much easier for us," says Katterl.
Within a few weeks, the IT organization rolled out the solution across the company. The SIA Agent was installed on approximately 300 company-owned notebooks and the Virtual Delivery Agents of the Citrix Virtual Apps and Desktops infrastructure. So whether remote users access web content with their local browser or use a virtualized browser, Internet traffic is always scanned and filtered according to the same criteria. In addition, SIA was able to retain a per-user policy on multi-user shared virtual desktops. This was a unique functionality to SIA.
Citrix SIA also helps to secure other data streams. The ABAG Group now also uses the solution to protect WLAN guest access points at larger locations. All guest users' Internet traffic is routed to the Citrix SIA service for inspection. The SIA Agent does not have to be installed on the users' end devices for this purpose - instead, the data is transmitted via an IPSec tunnel between the branch office and the nearest SIA PoP in each case.
"We can even use Citrix SIA to control the communication of IoT devices such as network scanners," adds Christian Katterl. "The data streams of these devices are also forwarded to the Citrix SIA service via DNS redirection and inspected there. For example, we can prevent scanned documents from being sent to suspicious e-mail addresses via scan-to-email."
With Citrix SIA, IT managers at ABAG Group have complete visibility into all web traffic and are now able to identify security-related events and policy violations very quickly. For example, the User Risk Dashboard immediately indicates when users attempt to access blocked pages. The solution also automatically notifies the IT team of other unusual activities. Security reporting can also be broken down to individual sites or organizational areas to more easily pinpoint threats.
"The idea is not to monitor our employees or completely restrict the private use of company devices," explains Christian Katterl. "First and foremost, we want to better protect our environment from the wide range of threats from the web. In individual cases, however, we also address employees when they break out of the fair-use concept and endanger our IT security through risky behavior."
By opting for Citrix SIA, the ABAG Group saved on investments in different security products and receives a comprehensive security solution from a single source. "The cloud-delivered approach also relieves us enormously in our day-to-day work. We don't have to worry about the operation and maintenance of the solution and can flexibly expand the performance if the number of workstations increases," sums up Christian Katterl.
In the meantime, the ABAG Group is already considering combining Citrix SIA with Citrix's SD-WAN solution. The prospect of setting up a holistic Secure Access Service Edge (SASE) architecture for all ABAG Group locations is highly interesting from Christian Katterl's point of view: "Our goal is to further simplify the management of our infrastructure and to always offer users the best possible performance and security - regardless of whether they are working at headquarters, in a branch office or at home. Citrix, with its SASE approach, provides all the technology businesses need to do that."
Our goal is to further simplify the management of our infrastructure and to always offer users the best possible performance and security - regardless of whether they are working at headquarters, in a branch office or at home. Citrix, with its SASE approach, provides all the technology businesses need to do that.
Citrix SIA gives us full control on securing web and SaaS access for our hybrid workforce, with the flexibility and automated scale of a cloud-delivered service. This makes securing our digital workplaces much easier for us.