Citrix defines zero trust as a security model that, by default, trusts no one. Anyone trying to access a network must be continuously verified so organizations can tightly control access to valuable assets and protect against data breaches.
In the technology industry, zero trust is a broad concept with many definitions. A great resources to level set the concept and terminology is the US NIST’s zero trust architecture document, published in 2020, which outlines the new security model that supplants the legacy perimeter-based approach.
Our own security expert Florin Lazurca recently published a tech brief on zero trust and what it means for Citrix environments. In this blog post, we’ll look briefly at the shift from perimeter-based security to zero trust, and I’ll share five things you need to know about zero trust architecture that Florin covers in his tech brief.
Moving Away from the Castle and Moat
Think of a castle and moat in medieval Europe. If someone wanted to enter the castle, they needed to cross the moat and have the guard to let them in. Once in, though, they had full run of the place. They could conduct legitimate business or cause mayhem.
Now think about the “old way” of doing IT security. A user accessed corporate resources by entering an ID and password. That was your moat and guard, protecting your IT infrastructure, which was typically in a central mainframe. But once the user was verified, they could enter and gain access to most anything. They could conduct legitimate business or wreak havoc before they’re discovered, causing serious problems for your organization.
That castle? Today it’s probably gone or at least much smaller. With the invention of packet switch networking and distributed computing, apps and data have steadily moved out of central datacenters into the cloud. Your IT infrastructure is distributed now, and every component must have its own defense against bad actors, not just a moat. That’s where zero trust can help.
Protecting Your Organization with Zero Trust
Never Trust, Always Verify — With zero trust, continuous authorization is required, implicit trust is never granted, and access is never given to systems based on the user’s physical or network location.
Contextual Access and the Five Ws — Contextual access is a continuous process that defines policies around the five Ws of access to grant specific usage entitlements. The five Ws are what data must be protected; where are requests for it coming from; who is requesting the data; why do they need access; and when do they need it?
Zero Trust Across the Organization — Zero trust the Citrix way applies beyond networking, to users, devices, networks, applications, and even how people work. It’s designed to adhere to the NIST’s zero trust tenets. Access is granted on a per-session basis and is continuously enforced dynamically. Authentication is required to access any resource, and infrastructure and resources are constantly monitored.
VPNs Aren’t the Answer — With the rapid shift to remote work, many organizations deployed VPNs to provide access to corporate resources. But VPNs aren’t a secure solution for distributed work in the cloud era because traffic through them must be backhauled across the corporate network for security inspection or be split out directly to the internet without inspection. Citrix Workspace enables VPN-less access to sensitive resources and is secured by providing access policies throughout the session.
Choose a Secure Digital Workspace — Citrix Workspace continuously provides a variety of contextual access verifications such as authentication failures, excessive downloads, or geofence violations. Citrix Workspace’s secure architecture is supported by a variety of Citrix solutions. Citrix Secure Workspace Access enables secure contextual access with single sign-on to SaaS apps, can isolate web traffic in a secure browser, and perform security and performance analytics on a variety of usage metrics. Citrix Secure Internet Access offers SaaS and web protection including secure web gateway, cloud access security brokers, firewall as a service, and much more.
Learn More
In the cloud era, where workforces are distributed around the world, designing your computing environments with zero trust architecture is essential to minimizing your attack surface while mitigating your risk of vulnerability. Learn more about zero trust in our tech brief, and find out how you can implement zero trust security with one solution.
In my next post, I’ll look at the Citrix SD-WAN and Microsoft Azure Virtual WAN advantage.