The rapid shift to remote work, induced by the pandemic, made the deployment of digital workspaces a top priority for many organizations and knowledge workers. These evolutionary changes and the commitment to hybrid work (for now) is keeping the focus on the digital workspace. Security wasn’t the first consideration for many of the 1.0 implementations. While digital workspaces have provided much better security than simple remote access, there is more to be done to improve the defense posture of these critical platforms. Endpoints are still the source of many breaches: A recent IDC research study shows that 70% of breaches originate at the endpoint.
“The rapid move to the cloud and remote work are creating dynamic work environments that promise to drive new levels of productivity and innovation. But they have also opened the door to a host of new security and reliability concerns and sparked a significant increase in cyberattacks,” says Fermin Serna, chief information security officer at Citrix.
Attackers are already finding ways around VPN or perimeter-based defenses to carry out successful attacks. And the cost and complexity of supporting these older approaches is substantial for IT and SecOps teams. The valuable information available in the digital workspace necessitates improved and more capable defenses.
Two complementary approaches to enhanced security should be considered for every digital workspace. Zero-trust network access dismisses the old notion that users or devices should be trusted based on where they are accessing the network from. This antiquated “castle and moat” approach is a poor fit for today’s cloud-service and work-from-anywhere realities. Zero trust replaces network-focused access control with strong authentication and authorization technology. It also enables IT to implement fine-grained access control to provide more protection.
Secure Access Service Edge (SASE) builds on zero trust, adding firewall as a service, cloud access security brokers and secure web gateways. Combining these technologies, SASE provides a cloud-aware and cloud-based security network that offers more comprehensive protection. It is important to note that these two new security approaches are complementary and should be viewed as a joint solution. Zero trust is a bit easier to implement and can be done in a shorter period of time.
These more capable defensive measures are a dramatic step forward in cybersecurity. The legacy castle-and-moat approach is far less effective, since any compromised device behind the firewall can enable a lateral spread to the digital workspace and other apps. Once entrenched, malware may have access to huge troves of data and the entire user base. The availability of granular access controls enables IT and SecOps to put more limits on what specific users or groups of users can do once they have access. This reduces the risk from stolen credentials. The controls also provide greater protection for the network from inbound risks from outside the network in addition to internal risks to the network from both malicious and negligent actions.
Both zero trust and SASE are well suited to improving protection for the digital workspace. First, they are well positioned to support the anytime, anywhere nature of using this platform. It is no longer possible to bifurcate the connections between in office and out of office. These two new security approaches also expand the protection from simply authenticating the user to the ability to secure devices, data and apps. And perhaps most important, these solutions are strongly aligned with cloud services and infrastructure. As more digital workspace deployments move to a SaaS model, particularly the growing use of desktop as a service (DaaS), cloud-native security is more important.
However, successful implementation of zero trust or SASE requires some specific capabilities and functionality. First, security must be seamlessly integrated into the user experience. Making it an onerous add-on is asking for problems and will reduce use of the workspace overall. The next requirement is to ensure that application performance, regardless of location, is not negatively impacted. And of course, the solution must be complete and comprehensive so that IT teams are not forced to add on other products to provide the desired level of protection.
Citrix is a best-in-class provider of digital workspace solutions and offers both zero-trust and SASE security for its platform. “Modern enterprises require an intelligent approach to workspace security that protects employees, following the zero-trust model, without getting in the way of their experience,” says Serna. SASE provides a comprehensive stack that includes secure Internet access, secure workspace access and secure SD-WAN. Zero-trust security is included in the secure workspace access component.
For organizations that want to start with zero trust and grow into SASE, Citrix makes it simple. Regardless of the path chosen, these new security tools are seamlessly integrated with the digital workspace. Citrix’s integration work also ensures that application performance and user experience are never compromised in the quest for improved security.
Are you protecting your digital workspace, applications, data and identities against both current and future threats without comprising the employee experience? Learn more now.