Never Trust, Always Verify — It is not just a tagline, it is a powerful and elegant approach to zero trust security outcomes.
At Citrix, we have been working tirelessly to empower our customers to deliver zero trust security outcomes so they can securely access applications. Citrix solutions enable zero trust security not only through desktops as a service (DaaS) and VDI solutions but also through access to other managed IT apps including internal web apps, native access to client server apps, SaaS apps, remote files shares, and myriad other applications across a wide array of platforms.
Today we are announcing a major milestone in this journey with the general availability of Citrix Secure Private Access — a cloud-based zero trust security solution that provides comprehensive zero trust network access (ZTNA) to all IT-managed applications, a curated end-user experience through Citrix Enterprise Browser, adaptive authentication, app protection, and adaptive security controls including Remote Browser Isolation, to protect against data loss threats.
Here is a quick overview of Secure Private Access solution:
https://www.youtube.com/watch?v=GtNEs2U3UxQ
Why a Comprehensive Approach to Zero Trust Security Matters
Organizations looking to extend their DaaS / VDI solution and also looking to replace or augment their traditional virtual private network (VPN) solutions with ZTNA need to overcome key challenges:
- Embrace zero trust implementation as a journey with a consistent approach to all types of applications, resources, and workloads — native and virtualized, cloud and SaaS — and avoid the pitfalls of a siloed rip-and-replace approach of the existing infrastructure.
- Ensure the ZTNA solution not only provides secure access to applications but also allows security and governance over application access with adaptive security policies that dynamically adjust based on context and trust factors.
- Prioritize user-experience, giving end users consistent access to all their applications in a single portal while enabling security teams with governance over application access in both managed and unmanaged access contexts.
Citrix Secure Private Access has been designed with these key challenges in mind and leverages Citrix’s vast experience delivering secure access to a wide variety of work applications across thousands of organizations worldwide.
Citrix Secure Private Access is a SaaS solution available through Citrix’s globally distributed cloud-service points of presence (PoP). Secure Private Access includes a secure access agent along with Citrix Workspace app to provide authenticated ZTNA connectivity via the closest PoP. Access from the PoPs to internal applications is brokered via a connector appliance — a lightweight virtual machine (VM) — deployed in customer premises close to private apps.
Connector appliances are firewall and outbound-proxy friendly and make an outbound port 443-based connection to the optimal PoP location, creating a virtual secure transport layer security (TLS) tunnel for end-to-end encrypted and secure access to authorized applications. Secure Private Access also includes Citrix Enterprise Browser, a Chromium-based enterprise browser, that includes built-in security and productivity features for delivering secure work experiences.
Key capabilities of Citrix Secure Private Access include:
- Zero trust network access (ZTNA) to all IT-sanctioned applications (client-server, SaaS, and internal web apps)
- Adaptive access and security controls to enforce contextual security to applications
- Adaptive authentication with multi-factor authentication (MFA) based on role, geo-location, and device posture check
- Remote Browser Isolation for browser-based apps and to navigate the web without introducing risk to the corporate environment
- Single sign-on to browser-based applications
- Curated end-user experience with Citrix Enterprise Browser
- Guided admin workflows for easy onboarding and manageability
- Visibility and monitoring across all applications, user traffic, audit logging, and policies
Let us dive into the key use cases addressed by Citrix Secure Private Access and how these capabilities enable zero trust security outcomes:
Use Case: Employee Access to All IT-Managed Apps
Citrix Secure Private Access enables employee access from corporate managed devices to all private applications, whether they are hosted in on-premises datacenters or in public clouds. The types of applications access include native client-server applications such as SAP, SQL, Putty, etc., internal web-based applications such as a corporate intranet portal, Jira, Confluence etc., and SaaS applications such as Salesforce, Workday and Office 365. Citrix Secure Private Access also includes adaptive authentication that combines contextual multi-factor authentication and posture assessment features such as end-point Analysis scans, conditions based multi-IdP federation and vast set of authentication protocols including SAML, OAuth, ADFS and Kerberos. End-user access is authenticated via corporate credentials and MFA policies along with device posture scans before any access is granted. Authenticated users can then access authorized applications specifically allowed for their role and risk level.
Citrix Secure Private Access dynamically provides adaptive access based on an end-user’s location and end-user risk score. Through the integration with Citrix Analytics for Security, risky user access can be continuously monitored and used as a trust factor to govern access to one or more applications. End users also have the choice of using Citrix Workspace app to launch their virtual apps and virtual desktops, windows apps, access file shares as well SaaS and web applications through the Citrix Workspace experience, which is a key differentiator with Secure Private Access.
Use Case: Contractor/Partner Access to Internal Web Apps on BYO/Personal Devices
The second key use case is to enable internal web apps on personal or BYO devices. This use case has been enhanced with more adaptive security controls especially important for scenarios such as third-party worker and contractor access, and even employee access using a personal device to access corporate web applications.
Citrix Secure Private Access includes a feature called Direct Access to internal web apps which allows agentless access directly via an external URL from native browsers such as Chrome, Edge, Safari, Firefox. The key differentiation in Citrix’s solution for BYO access is the elegant way in which Secure Private Access can enforce consistent security controls like copy/paste/download/print restrictions for sensitive applications by automatically instantiating a remote browser isolated session and rendering the application access in an air-gaped cloud hosted browser while seamlessly allowing single-sign on experience for the end user.
Use-case: Curated End-User experience with Adaptive Security and App Protection
Secure Private Access also includes a fully curated end-user experience delivered through Citrix Enterprise Browser — a Chromium based secure enterprise browser — that not only provides a great browsing experience for all web and SaaS apps but also includes some key built-in security controls necessary for protection against data leak and malware threats. Citrix Enterprise Browser is unique in its ability to fully govern and control browser-based application access. For sensitive applications that may contain company intellectual property or privacy data such as personally identifiable information (PII), protected health information (PHI), and more, the solution can add watermarking to the web page and enforce copy/paste/print/download restrictions to prevent data leakage.
Citrix Secure Private Access also includes anti-key-logging and anti-screen capture protections, which prevent accidental or intentional screen capture of sensitive application data, extending the ZTNA capabilities beyond application access to granular data protection. Security controls can be enforced adaptively based on trust factors and context, significantly improving the end-user experience and worker productivity while adding an extra layer of governance.
Visibility, Manageability and Analytics
Citrix Secure Private Access provides full visibility into all user access, application access and connector appliance diagnostics as well as admin configuration and policy activity. Administrators can view summary and detailed dashboards, drilldown to view each user’s activity, monitor application activity for usage trends, and validate access privileges. A streamlined guided workflow wizard in the console helps administrators configure the solution from start to finish ensuring an easy onboarding process.
Secure Private Access also has close integration with Citrix Analytics for Security, which provides proactive detection and resolution of security threats with real-time security analytics. Each user’s activities are analyzed using machine learning and behavioral methods to calculate a risk score that helps quantify the risk associated with a user’s activity. This risk score can be used to govern adaptive access and security controls thus providing continuous monitoring and policy governance.
Get Started Today
Citrix Secure Private Access is available in two editions — Secure Private Access Standard and Secure Private Access Advanced — to help your business meet your zero trust security needs without compromising employee productivity.
Learn more about Citrix Secure Private Access or connect with a Citrix expert to schedule a demo.