Latest
Cities in the Middle Ages were protected by city walls, and strangers had to be checked by the watchmen before entry. Such protection is no longer possible in modern cities. Likewise, enterprise intranets were considered fortresses in the past with protection provided by firewalls and the virtual private network (VPN) as the watchman. However, this protection is insufficient for distributed work and the hybrid cloud. Conversely, enterprises need a security framework for the hybrid multi-cloud.
The digital economy is thriving, and digitization has infiltrated into our work environment. Our dependency on smart equipment and on-demand internet connection and cloud service is increasing, whether at work or in the daily life. The pandemic and resulting isolation have accelerated this evolution. Social media and communication software enable people to adapt to social distancing, while digital workspaces, online collaboration, and video conferences allow schools to carry on and enterprises to operate.
Great Benefits for Helping Citrix Finish the Survey
For employees, the pandemic is a turbocharger: People were accustomed to working in offices and occasionally at home. However, the pandemic has turned mobile, distributed work into the new normal for many enterprises.
Technically speaking, this suggests a generation of new enterprise networks: local apps, web apps, and cloud services. The number of endpoints has also increased significantly with a large number of privately owned laptops and mobile devices being used to work from home.
The work environment has become more modernized: From traditional workplaces to independent digital workspaces, work has become an activity that can be done anywhere.
Before the pandemic, experts already realized that feeling secure by hiding in the digital castle would not work anymore. This crisis has enabled people to pay more attention to the risk of digital transformation. As far as information security is concerned, enterprises want to know how to protect internal data (development and design, product design drawings, customer and employee data) in a distributed environment to prevent damage caused by ransomware and industrial espionage or other abuses.
Even worse, the laws and regulations governing personal identifiable information (PII) are increasingly stringent, compelling enterprises to set higher standards for compliance and sovereignty. Such measures will bring obstacles and further affect the work efficiency and user experience of employees. Now, instead of either data security or user experience, enterprises aim at achieving both.
Corporate decision-makers have realized that security must be the key of digital strategies. According to a survey by endpoint security expert Kaspersky, one third of the IT budget will be allocated to information security in the future.
A perspective has gradually emerged under these circumstances: If some terminal equipment is no longer covered by internal IT control as the number of internet users and programs increases, a radical change in security concepts is required. That is, zero trust is replacing the previous idea of castle protection.
“Zero trust” refers to setting all equipment as unknown by the IT security system and treating all users according to the “principle of least privilege” (PoLP) to limit the user’s authority to resource access to specific conditions. This suggests security software will check if a user is authorized (privileged) for each session and application request. This poses a sharp contrast with the traditional VPN: Anyone with the VPN password can access the “castle” and then move relatively freely.
However, in the zero security environment, security analysis software keeps monitoring if users and equipment comply with the policy. AI and machine learning technologies can automatically analyze anomalies and abnormal behavior. When a user suddenly act unusual, for example due to account hijacking, this feature will demonstrate its functions.
Besides monitoring users and their equipment, increasingly applications are delivered in the form of software as a service (SaaS) and through the cloud. In return, this also comes with various risks: From DDoS to data theft or industrial espionage activities through loopholes. Here, the web app and API protection (WAAP) or application delivery controller (ADC) are important defense mechanisms for data flow control at the application layer. In the past, these security tools were part of the corporate intranet; now, they are dynamically deployed in the cloud environment. They check if there are malicious requests in the communication of apps and cloud services and reject forwarding these requests.
Application-grade defense is now a standard feature of both cloud composition and enterprise security standards.
The more the cloud resources used by enterprises, the greater the changes in the communication flow: Instead of taking place between the local end and the server of an enterprise data center, dataflow is generated between mobile users (wherever they are) and the cloud (wherever the data center is). On the other hand, this suggests that the greater the use of digitization and cloud resources, the more unsuitable traditional VPNs are. This is because VPNs usually redirect users back to the enterprise data center. However, if users actually want to access SaaS such as Microsoft 365, VPN will mean a diversion. In terms of physics, this will increase latency to slow the application access and spoil the experience of users.
After all, enterprises also wish to maintain the work efficiency of employees in the remote work/distributed work model. According to Gartner, the security framework referred to as Secure Access Service Edge (SASE) will become the security concept of the future: SAES integrates cloud-based network and security services to replace firewalls, VPNs, and other locally-installed security equipment. In terms of network, the software-defined wide area network (SD-WAN) optimizes user access performance, such as automatically routing a Microsoft 365 request to the nearest Azure hub and selecting connections with the best service quality for virtual meetings. In terms of security, SASE optimizes this kind of hybrid cloud network through a series of security services: Basic network security, cloud access security broker (CASB, i.e., physical user protection for cloud access), zero trust, security web gateway, firewall as a service (FWaaS, i.e., cloud-based firewall functions), and other services.
Take an organization like Synopsys for example. “We are moving beyond traditional VPN solutions and now provide our employees and partners with zero trust and secure access to their infrastructure on corporate-managed or BYO devices,” said Sriram Sitaraman, Chief Information Officer, Synopsys. ”
And it uses solutions from Citrix to realize this. Citrix provides a powerful set of secure access solutions that combine a full cloud-delivered security stack integrated with identity-aware Zero Trust Network Access (ZTNA) to protect employees without getting in their way, as well as a complete Secure Access Services Edge (SASE) stack of services that includes:
Citrix Secure Internet Access™ – A comprehensive, global cloud security service platform
that addresses the security requirements of modern enterprises. This includes a secure web gateway, next-generation firewall, cloud access security broker (CASB), DLP, sandboxing and AI-driven attack detection.
Citrix Secure Workspace Access™ – A VPN-less solution that delivers zero trust access to the corporate web and SaaS applications accessed from managed and BYO devices.
Delivered as part of Citrix Workspace™, Citrix secure access solutions enable companies to:
Enhance security and productivity through identity-aware, zero trust access to all cloud and internet-based applications and virtual desktops.
Leverage machine learning and artificial intelligence to provide real-time insights into user behavior and automate the process of preventing cybersecurity breaches.
Identify specific security incidents, atypical activity and policy violations using built-in forensics and detailed searches into all traffic and user behavior.
Protect against all threats everywhere, leveraging more than 100 global points-of-presence (PoP) powered by over 10 threat intelligence engines.
Provide full coverage for all popular cloud and SaaS assets, devices and operating systems, leaving no gaps in access security coverage.
Manage everything through a single window.
Simply speaking, local deployment of security stacks has changed into cloud deployment following the emergence of cloud-delivered applications. However, it may take some time for this stage of evolution, and some security functions will remain local. At least, it is the case for the moment. One example is data loss prevention (DLP) and the compliance verification of personal identifiable information (PII) processing. This is because these functions can propose very high requirements for information environments requiring protection: From the importance of data sets to internal business processes and file and work processes. Therefore, IT security in the foreseeable future will be hybrid: Local security together with cloud security.
Establishing a trusted security ecosystem is very important for promoting “mobile office” under the pandemic. This ecosystem must cover the entire demand chain: From biometrics for multi-factor authentication (MFA) that facilitates reliable user authentication management to application and cloud security; from anti-ransomware to zero trust and SASE; from security assurance to threat discovery for industrial control systems.
The pandemic has driven the work of the future. It is thus necessary to realize similar leaps in the “future of security” now and in the future. It has been years since enterprise IT began to use cloud services, and this process is in progress – most enterprises are in the process of cloud transition. It is the pandemic that has recently been accelerating the progress. However, 2020 was the first year with investments in cloud services exceeding the investments in local IT infrastructures. Making the cloud more secure is the next stage of the evolution. This can be a very tough stage for many enterprises. Therefore, security in the future will be hybrid.
When citizens living in the city risked going out the city walls to trade and exchange knowledge with business partners coming from far away as early as in the Middle Ages, people increased productivity and their development throve. Now, enterprise can leave their city walls behind and focus on ensuring the integrated security mechanisms of the modern digital workplace.
Great Benefits for Helping Citrix Finish the Survey
