This week Citrix announced its new Secure Private Access service, adding to its secure access service edge (SASE) portfolio.
The service is a cloud-delivered zero trust network access (ZTNA) platform which is completely transparent to the user and protects access to applications and services irrespective of where the user is working. This means a worker will have exactly the same experience whether they are in a branch office, working from home or even on the road.
Traditional Perimeters Are No Longer Effective
Historically, protecting applications, data and other corporate assets was done by building a perimeter wall around the network. The perimeter has been slowly over the past decade but the pandemic induced work from home trend removed what little of that wall was left. Also, workers are using a mix of corporate managed and personal devices, which adds to the disappearance of the perimeter.
Many businesses have turned to virtual private networks (VPNs), which is one of the most complicated ways for users to access a network. Although widely deployed, VPNs were never designed for a business to have all of its users work remotely but that’s the only option for companies.
Citrix Secure Private Access Simplifies Access
Enter Citrix Secure Private Access, which provides VPN-less access and security for workers to access both modern and legacy applications. In some ways, Secure Private Access isn’t new but is the consolidation of other Citrix products such as single sign on (SSO), contextual access and authentication, browser isolation and data governance packaged into a single security solution. This provides users with simplified access to only the applications they need.
Zero trust is an interesting twist on networking. Traditional IP networks work on the premise that everything should be able to access everything, which is why the Internet works so well and so fast. The problem with traditional networks is that, once breached, the bad guys also have access to everything. Zero trust flips the security model around and only allows no access unless explicitly allowed. If a device or user is breached, the effective “blast radius” is minimized.
Citrix Zero Trust Is Tunable
One interesting twist to the Citrix solution is that it is combined with its analytics product, which provides a continuous risk assessment of the environment by taking into account contextual identity. If a risk factor is detected, safety measures can be automatically deployed and corporate assets can remain protected. This enables Secure Private Access to be “tunable” depending on the environment.
Most vendors think of zero trust as being binary. That is access is either on or off. Because Citrix has in depth knowledge of application functionality, it can provide more granular access.
For example, it could allow access to certain documents but disable copy and paste functionality on sensitive documents if the user is on a personal device in a public location. IT teams are able to restrict access depending on environmental factors. Also, the service can be set up to revoke access on the fly if a user’s behavior is suspicious.
The new Secure Private Access service is delivered via the cloud and hosted in about 40 points of presence running on Amazon Web Services, Google Cloud Platform and Microsoft Azure. Citrix recognizes not all customers may be ready to shift security to the cloud and offers an on-premises version via an appliance. Customers can also use both if a hybrid approach is desired.
This is a nice addition to the portfolio of network services available from Citrix. Customers can use this standalone or in conjunction with Citrix Secure Internet Access, Citrix SD-WAN and Citrix Web App and API protection. Most SD-WAN and SASE vendors have strong security and/or networking portfolios but Citrix brings a level of application knowledge that most do not have.