Citrix Systems, Inc. this week made available a cloud-based service that continuously assesses whether to provide access to applications and data based on end-user roles, locations, device positions, and user risk profiles.
Pankaj Gupta, senior director of product management at Citrix, said the Citrix Secure Private Access is designed to provide a way to enforce zero-trust IT policies on managed and unmanaged devices in a scalable way.
In the wake of the COVID-19 pandemic, there are now more employees than ever working from home, either full-time or part-time. Most organizations have relied on Virtual Private Networks (VPNs) to securely provide these end users with access to applications and data.
However, noted Gupta, it’s obvious that VPNs don’t scale easily; IT teams end up managing a series of point-to-point connections. The Citrix Secure Private Access cloud service offers an alternative and scalable approach that can be applied to both corporate devices and personal devices that employees tend to use more frequently, he said. The overall goal is to make it easier to secure applications and data with minimal disruption to user experience, as security policies are dynamically enforced, Gupta said.
For decades, IT security teams struggled to enforce security policies in a way that end users would accept. Previous efforts to enforce zero-trust IT policies by locking down devices have generally been rejected. Today, security teams are encouraged to enforce zero-trust security policies without impacting end-user productivity. However, with the rise of secure access services, Gupta said it is now becoming easier to strike that balance.
It’s unclear how quickly organizations are moving away from VPNs in favor of cloud-based services that are both easier to deploy and eliminate the need to redirect cloud application traffic through the on-premises data center where the software is located. VPN server is deployed. In some cases, organizations are adding additional security to software-defined wide area networks (SD-WAN), while others are opting for more integrated Secure Access Service Edge (SASE) platforms and services to converge management network and security.
Inevitably, the demands of remote computing will push organizations further down the path to adopting cloud services that make it easier to enforce zero-trust IT policies. The challenge, of course, is not just that the number of devices per user has increased dramatically, but that many of those devices are connecting to consumer wireless networks to access corporate apps and data at using VPN software that is often plagued with vulnerabilities.
It is clear that security management will be more difficult in the post-COVID-19 era. No one knows for sure when end users might be inside or outside of an office environment. IT security teams clearly need an approach to security that adapts more easily to flexible working environments. In most cases, this means that old approaches to securing endpoints are simply no longer up to the task.