Citrix Systems, Inc. this week made generally available a cloud-based service that continually evaluates whether to provide access to applications and data based on end-user roles, locations, device posture and user risk profiles.
Pankaj Gupta, senior director for product management at Citrix, said the Citrix Secure Private Access service is designed to provide a means to enforce zero-trust IT policies across both managed and unmanaged devices in a scalable way.
In the wake of the COVID-19 pandemic, there are now more employees than ever working from home on either a full- or part-time basis. Most organizations have been relying on virtual private networks (VPNs) to securely provide those end users with access to applications and data.
However, Gupta noted, it’s apparent that VPNs do not easily scale; IT teams wind up managing a series of point-to-point connections. The Citrix Secure Private Access cloud service provides an alternative, scalable approach that can be applied to both corporate devices and the personal devices that employees tend to use more frequently, he said. The overall goal is to make it easier to secure applications and data with a minimal amount of disruption to the user experience as security policies are dynamically applied, said Gupta.
For decades, IT security teams have been struggling to enforce security policies in ways that end users will accept. Previous efforts to enforce zero-trust IT policies by locking down devices have been generally rejected. Security teams today are being asked to enforce zero-trust security policies without impacting the productivity of end users. With the rise of secure access services, however, Gupta said it is now becoming easier to strike that balance.
It’s unclear how quickly organizations are shifting away from VPNs in favor of cloud-based services that are both easier to deploy and eliminate the need to backhaul cloud application traffic through the local data center where VPN server software is deployed. In some cases, organizations are layering additional security on top of software-defined wide area networks (SD-WANs) while others are opting for more integrated secure access service edge (SASE) platforms and services to converge the management of networking and security.
Inevitably, remote computing requirements will drive organizations further along the path to embracing cloud services that make it simpler to enforce zero-trust IT policies. The challenge, of course, is not only that the number of devices per user has greatly expanded but that many of those devices are connecting to consumer-grade wireless networks to access corporate applications and data using VPN software that is often rife with vulnerabilities.
It’s clear that managing security will be more challenging in the post-COVID-19 era. No one knows for sure when end users might be inside or out of an office environment. IT security teams clearly need an approach to security that more easily adapts to flexible work environments. In most cases, that means legacy approaches to securing endpoints are simply no longer up to the task.