Zero Trust: Citrix Secure Private Access

Zero Trust: Citrix Secure Private Access
Zero Trust Citrix Secure Private Access header

In today’s hybrid environment, traditional enterprise architecture and security models are not up to standard when faced with the accompanying complex application-security requirements it brings. Companies are now shifting towards SaaS while maintaining their enterprise apps inside their datacenters. This is so that data is more accessible to their users as they collaborate through remote work solutions while still keeping their important applications within their network perimeter.

However, this approach makes the IT environment more complex and challenging when it comes to keeping it secure and easy to manage. Allowing non-compliant or unauthorized devices into your network in favor of BYOD for hybrid work opens up your network to more security risks. This is made evident in the past few years as more cyberattacks have been focused on users rather than businesses.

The common risks and challenges that businesses face can be summarized below:

  • Cyberthreat Risks: Siloed point products cannot provide broad protection against cyberattacks
  • Poor Experience: High latency to access applications when backhauling traffic thought the datacenter
  • Complex Management: Multiple complex and hard-to-manage siloed technologies
  • Too Much Work: Overwhelmed IT staff due to rapid usage and high dependency on VPN
  • Slow Cloud Adoption: Complexity of transitioning to a cloud/multi-cloud architecture
  • Expensive: Overspending on siloed, redundant, and disjointed security technology increases costs

Citrix Secure Private Access

Zero Trust Citrix Secure Private Access summary

Knowing all of the above challenges, Citrix developed a Zero Trust Network Access (ZTNA) security solution that focused on solving them. Secure Private Access is a cloud delivered ZTNA service with capabilities such as adaptive authentication and adaptive access for web, SaaS, and TCP (e.g. SAP, Oracle) applications.

Traditional VPN solutions needed user devices to be managed to access the network which either used more resources then needed or had push back from users using BYOD. It also had the issues of allowing users more permissions or access than needed while having the additional downside of static access control policies. Citrix Secure Private Access on the other hand, allows your IT team a set of security controls to protect against BYOD and limiting the access of users to IT-sanctioned apps. Security policy options can also be applied to devices whether they are a company issued device or a BYO device.

Secure Private Access was not Citrix’s first foray into the ZTNA space as it was preceded by Secure Workspace Access. The main difference is that Citrix has updated its technologies to better handle the current business needs for a ZTNA solution. Below are key features that Secure Private Access has that Secure Workspace Access does not have:

ZTNA to all IT sanctioned applications

Zero Trust Citrix Secure Private Access ztna

As stated above, Citrix Secure Private Access expands its ZTNA to applications running on TCP and UDP- based protocols. A feature not seen in the previous Citrix Workspace access which primarily focused on browser-based applications. This feature allows your IT to apply ZTNA to your business applications whether they are deployed on-premise or in the public cloud even if they are not going through Citrix Workspace.

Adaptive authentication, user risk score, SSO, and enhanced security

Zero Trust Citrix Secure Private Access new

Citrix Secure Private Access can scan end-users devices and then give them a risk score. It then uses this as a basis before it allows any sessions to be established between your network and the device. Risk score is based on the user’s identity, geolocation, and the device-posture assessment. IT then can define how they want users to authenticate and authorize their access to the business application. This gives IT to control the actions users can take within the applications and can be implemented on all sanctioned applications, including Citrix Virtual Apps and Desktop service customers.

To learn more about the Citrix Secure Private Access or any other Citrix solution, you may contact us at marketing@www.ctlink.com.ph and we would be happy to set a meeting with you at your convenience!

Enabling Hybrid Work with Microsoft Solutions

Enabling Hybrid Work with Microsoft Solutions
Enabling Hybrid Work Microsoft

Hybrid work is a combination of remote and traditional office work. Globally, it is becoming more widely accepted for businesses to adopt this work arrangement in the past few years. This is because of the flexibility it gives its employees to be able to choose how they work which can help create a better work life balance. However, this set up comes with its own risks when it comes to the operational performance and security. This is what KAO, a Japanese consumer goods company, had to overcome in their journey to creating a hybrid work environment.

Kao was already making efforts towards an ESG management style, meaning more conscious towards environment, society, governance. This made pivoting into Hybrid work easier as they already had many Microsoft applications running in their IT infrastructure. They just needed to narrow down what they needed to improve and how they were going to use Microsoft tools such as Azure Active Directory, Endpoint manager, and Microsoft 365 security to achieve it.

New Security for Improved Communications

Enabling Hybrid Work Security

Kao corporation since its founding, has been slowly expanding its business operations. They have listed this as a long-term goal. However, as the company expands, it would also need to improve their communication to ensure the productivity and success of the branches. The solution the ICT group of Kao concluded that to achieve their goal, they needed an integrated device management system to handle multiple BYOD devices for their remote users.

Microsoft then pointed Kao towards their Endpoint Manager, specifically the Microsoft Intune cloud service that was part of it. At the time, this was a new service and Kao was unsure if it would be the right fit to their goals. However, once they implemented it and experienced what it could do they knew they made the right choice. Through the endpoint manager console, they were able to allow authorized users a wider amount of control. This included the device structure, mobile app protection, and software updates. Even their data that was shared was better protected through the use of the file encryption that allowed only allowed users to view it whether they were inside the organization or a 3rd party.

Company-wide Mobile Access

Enabling Hybrid Work mobilitiy

Kao introduced Microsoft Intunes as early as 2018 and was deployed to its almost 15,000 android devices in just two weeks. They then proceeded to apply Azure AD to add a verification process to provide access control for both on-prem software and their linked cloud services. At this time, they did not know that doing this would be a boon to their company when 2020 started.

Due to the global pandemic, many companies had to adapt to remote work. Kao however, had all the systems in place with Microsoft Intune and Azure AD. Kao was able to centrally control compliance for all devices associated with Endpoint manager. Azure AD gave their employees a secure connection when accessing the company’s internal system from mobile devices or their home setups.

To learn more about Microsoft Intune, Azure AD or any other Microsoft solution, contact us at marketing@www.ctlink.com.ph and we would be happy to help your business improve!