Application security and your workforce

The Citrix holistic security model aligns with a zero-trust framework, for streamlined and comprehensive application security and API protection. It helps secure the apps that empower today’s workforce.

Longtime Citrix customers know that security isn't a new focus area for us. In fact, it's the bedrock of what we've done for many years — that is, promoting application security and safe access, along with secure networks, data and endpoints.

The major challenges in application security today

Of course, today's IT reality is very different than what organizations faced even 10 years ago.

Over the last decade, the set of applications companies need to secure has shifted from those running in data centers or on desktops, and toward mobile, web and SaaS apps, as well as to third-party services.

While these newer operating models open up more business opportunities, they also increase the overall attack surface:

  • A growing number of devices and apps need to be controlled by IT, especially now that employees can, for example, access SaaS apps from virtually any device. 
  • Specific areas such as web application security must be shored up to adapt to these new user behaviors and preferences.
  • There needs to be a transition away from the rigidity of traditional on-premises, network-centric solutions toward more modern alternatives.

Only by overcoming these challenges can companies prevent data leakage and also give their employees the right combination of robust web and cloud application security alongside a great user experience.

But the rollout of tools designed to protect users doesn't always go to plan, with inconsistent policy enforcement alongside increased cost and complexity. The collateral damage here is a degraded user experience — unhappy employees and unhappy IT teams — that benefits nobody.

There's a better approach, and it's the one that we've taken for a long time to successfully shrink the attack surface.

Instead of trying to protect everything around users, we secure them by securing the digital workspace. We do this via a secure container with integrated application security tools and control, plus seamless browser isolation for gray sites that goes beyond simple allow and deny lists. This prevents data leakage and protects users from endpoint threats.

We’ve been focused on bringing the same level of security that we’ve historically been known for providing in virtual apps and desktops, to all types of applications delivered through the workspace. Cloud application security, web application security and traditional application security are all included in our approach.

One of our founding principles is customer choice, and we want to ensure that companies can select any application that matters to them and deliver it to their users with the confidence that it’s fully secure.

Zero trust vs. castle-and-moat security models, explained

Overall, the work we've done aligns with a zero-trust philosophy, under which we start by extending no trust to a user or an application. And then as they present more valid information and the trust level increases, we grant them more access.

Zero trust is a significant departure from the old castle-and-moat model of VPN access for remote workers.

Under that approach, once a VPN tunnel is configured on a user device, generally speaking, that user has access to everything. It’s like they have the one key that unlocks the entire network.

Rather than give users access to everything and then revoke those permissions if and when things go wrong, we implement the zero trust model. It relies upon continuous, risk-based analysis to gauge the trustworthiness of users and devices and then deliver the right access to applications at the right time.

Citrix offers multiple solutions designed to secure your workforce through a zero trust model, including Secure Workspace Access, SD-WAN, Citrix Analytics for Security and a new solution called Secure Internet Access.

Citrix and our security partner ecosystem

Now, we recognize that Citrix is just one piece of a company’s IT puzzle, and that realizing a complete, zero-trust solution requires other partners to participate. As a leader in the digital workspace, we know it’s important to our customers that there's partner collaboration across the ecosystem on issues of security.

By engaging with like-minded partners, including Cisco, Google and Microsoft, who are willing to share insights and data that allow us to deliver more comprehensive application security solutions to our customers. Everyone benefits.

This is a level of sharing that goes beyond just hooking into the workspace. It’s about products that actually communicate with each other, exchanging critical security information:

  • For example, if an identity solution sees someone logging in on three separate devices across three continents, and only one of those devices happened to be through Workspace, Citrix wouldn't necessarily know that in isolation.
  • But the identity solution could determine that something odd and potentially dangerous was happening with that set of credentials and notify us about it. 
  • Likewise, Citrix could share information with partners about any unorthodox or unusual behavior that we see in the Workspace and push that back into their intelligent network.

These types of bidirectional connections between security products are what Citrix is committed to, in order to further strengthen the security of the workforce.

Citrix Ready Workspace Security Program with zero trust

Citrix maintains a comprehensive partner ecosystem through the Citrix Ready Workspace Security Program. This program ensures the compatibility of security integrations across Workspace services, including access security, network and web application security, analytics, visibility, data security and device security.

Plus, we've expanded the program to encompass partner solutions with zero trust principles built into them. They’re integrated with:

  • Secure Workspace Access
  • Citrix Endpoint Management
  • Citrix Analytics for Security

Having these integrations already built-in simplifies security vendor selection for companies, while also enabling them to leverage their existing IT investments in support of a zero-trust security model.

Overall, the Citrix Ready Workspace Security Program with zero trust gives customers a reliable path toward implementing and achieving zero-trust outcomes within their organizations, with a wide choice of vendors to use together with Workspace as well as the flexibility to repurpose those existing investments. We’re optimistic about the impact that Citrix security partnerships will have on the security posture of our customers.

Citrix Web App and API Protection

We live in an app and API driven economy. Applications are valuable, yet vulnerable, assets, and they govern everything an organization does. As the lifeblood of a business, they must be protected from the constant barrage of threats across your environment.

But keeping up with the increasing number of threat vectors is hard. Threats are becoming much more sophisticated, and as applications move to a multi-cloud deployment model, there is even more complexity and fragmentation to deal with, compounding an already complicated security situation.

Citrix Web App and API Protection is a service that will help you ensure the security of your apps. Easy to deploy and configure even across multi-cloud environments, it provides simple, holistic protection against everything from DDoS campaigns to malicious bots. Citrix Web App and API Protection offers:

  • Web app firewall
  • Bot management
  • DDoS mitigation
  • Analytics for monolithic and microservice applications

These capabilities ensure low-latency and a great user experience. We deliver this wide-reaching protection by maintaining a consistent security posture and utilizing a single-pass architecture that enables better performance.

Everything is managed from a cloud-based control plane — just one pane of glass — that supports every form factor and cloud, while drawing upon the power of AI-driven analytics and the flexibility of a single, all-you-can-eat license model.

Cutting through the complexity of modern security

We recognize the growing complexity that organizations are confronting as their IT infrastructures become more diverse, their user populations more spread out and the applications they rely on more varied in both location and type.

Our current and future investments in security are all designed to map to this new world and how companies are adapting to it. At the same time, Citrix remains focused on supporting existing investments that our customers have in on-premises applications and related deployments. We are taking an integrated approach designed to protect all of these assets together.

Finally, we continue to collaborate deeply with the partners that matter to our mission of delivering reliable, holistic application security solutions that improve each company’s enterprise security posture, and ultimately help them better secure their workforces and apps.

When you’re ready, let’s get started