Traditional enterprise architecture and security models aren’t suited to meet the needs of today’s hybrid workforce and the accompanying complex application-security requirements. With the shift to SaaS, more data and business apps are residing on the cloud, while many enterprise apps remain inside the datacenter.

Unfortunately, this makes these complex environments challenging to secure and manage. On top of that, the growth of hybrid work and the expanded use of different device types have increased the attack surface for organizations.


“By 2024, at least 40% of all remote access usage will be served predominantly by zero trust network access (ZTNA), up from less than 5% at the end of 2020.” — ­Gartner® *


All these complexities and the expanded attack surface create opportunities for attackers. As a result, organizations need to rethink their approach to security, embracing zero trust, and at the same time make it seamless for employees to access apps securely from anywhere, at any time, and from any device.

Common challenges faced by enterprises today include:

  • Cyberthreat Risks: Siloed point products cannot provide broad protection against cyberattacks
  • Poor Experience: High latency to access applications when backhauling traffic thought the datacenter
  • Complex Management: Multiple complex and hard-to-manage siloed technologies
  • Too Much Work: Overwhelmed IT staff due to rapid usage and high dependency on VPN
  • Slow Cloud Adoption: Complexity of transitioning to a cloud/multi-cloud architecture
  • Expensive: Overspending on siloed, redundant, and disjointed security technology increases costs

Citrix Secure Private Access: What Is It and What’s New?

Citrix Secure Private Access is our new cloud delivered ZTNA service that adds new capabilities like adaptive authentication and adaptive access to deliver zero trust access to web, SaaS, TCP (e.g. SAP, Oracle), and UDP-based apps. Citrix Secure Private Access will replace Citrix Secure Workspace Access, which was primarily focused on secure access to browser-based applications.

Traditional VPN solutions require end-user devices to be managed, provide access at the network level, and enforce static access control policies. Citrix Secure Private Access gives IT a set of security controls to protect against threats from BYO devices, giving users the choice to access their IT-sanctioned applications from any device, whether it’s managed or BYO.

Citrix Secure Private Access also provides secure access at the application layer to prevent network-level attacks while enforcing contextual access control policies driven by continuous assessment and verification of the end user’s identity, geolocation, device posture check, and user risk score.


“Gartner forecasts 51 percent of global knowledge workers will be remote by the end of 2021.” ­Gartner® *


In addition, Citrix Secure Private Access is the only solution on the market that helps consolidate SSO for SaaS and VDI applications within the same solution, provides protection from malicious content like keyloggers and screen capturing malware, and protects endpoints and the network from malicious content from the internet, with browser isolation policies.

Citrix maintains globally distributed cloud-service points of presence (PoPs) that securely connect to your IT-sanctioned application hosted in the datacenter and/or in public clouds, and act as an authentication and traffic proxy for all incoming connections. The service scales automatically as usage increases, delivering agility and always-on security for the best user experience and security. As a hosted service, it allows IT to focus on more strategic initiatives as opposed to worrying about managing appliances across datacenters.

Citrix Secure Private Access enables secure access to IT-sanctioned applications and protects users and networks from threats. Let’s take a closer look at the features and benefits:

  • Holistic, consolidated zero trust security strategy — Enables IT to implement a holistic zero trust security strategy across users, applications, and devices. Adaptive policies and controls apply equally across features and capabilities.
  • (NEW) Zero trust network access (ZTNA) to all IT sanctioned applications While Citrix provided zero trust network access (ZTNA) to primarily browser-based apps earlier, Secure Private Access expands ZTNA to applications running on TCP- (e.g. SAP, Oracle) and UDP-based protocols (e.g. VoIP), whether these applications are deployed on-premises or on any public cloud, and are not accessed using Citrix Workspace, delivering expected zero trust outcomes.
  • (NEW) Adaptive authentication, user risk score, SSO, and enhanced security Citrix Secure Private Access provides capabilities to scan end-user devices and utilize the user risk score as a trust factor before and after a user session is established. Based on the results of the user identity, geolocation, and the device-posture assessment, an admin can define how they want to authenticate and authorize user access to their applications. These policies allow admins to control actions users can take within these application and can be implemented for all sanctioned applications, including for Citrix Virtual Apps and Desktop service customers.

  • Integrated remote browser isolation to securely access IT sanctioned apps using BYO and unmanaged devices  Citrix Secure Private Access allow users to access their IT-sanctioned applications from their devices, without having any endpoint agent installed on the device. However, unlike a VPN, it redirects the user session from a local browser to a hosted Secure Browser Service. This ensures that users can access their applications in a sandbox environment and allows them to stay productive. At the same time, this protects devices and networks from malicious content from the Internet, creating an airgap from corporate resources.
  • Protection from keylogger and screen capturing malware While devices managed by the organization can be closely monitored, IT lacks insight into the health of unmanaged devices. This creates risk as devices infected with malware, especially those with keyloggers or screenshot malware, can enable attackers to exfiltrate sensitive corporate data. Citrix Secure Private Access enforces controls that prevent the stealing of user credentials or taking screenshots of applications accessed through the Workspace app.
  • End-to-end visibility across sanctioned applications and users  Citrix Secure Private Access offers end-to-end visibility of all traffic to IT sanctioned applications, including applications and user access overview by top risky domains, data download volume, and more. Customers using multiple access solutions and dashboards for monitoring user traffic benefit from having a single dashboard that simplifies monitoring and unifies siloed environments.
  • Detect and defend against potential security risks With insights into applications, devices, and networks, Citrix Analytics for Security helps automate security enforcements based on user behavior and anomalies detected. This helps reduce manual work for IT, provides timely enforcement and reduces risk of security breaches.

As you modernize your IT to deliver a secure and productive environment for your hybrid workforce, you need to consider fully integrated solutions delivered as a cloud service. We are excited to be able to provide a ZTNA solution that provides these capabilities, and that our extensive Citrix Virtual Apps and Desktops customer base can integrate easily.

Every organization’s journey to the cloud is different, depending on their business requirements, security and networking needs, and the gaps they need to fill. You can introduce Citrix Secure Private Access into your unique operational processes without disruption to the existing architecture, delivering zero trust access with adaptive authentication and SSO to all IT-sanctioned applications accessed from managed and BYO devices.

Get Started Today

Learn more about Citrix Secure Private Access, schedule a one-on-one session led by a Citrix expert, and access all the content from our Citrix Launchpad: Security event.


* Source: Gartner Press Release, “Gartner Forecasts 51% of Global Knowledge Workers Will Be Remote by the End of 2021”, 22 June 2021 (https://www.gartner.com/en/newsroom/press-releases/2021-06-22-gartner-forecasts-51-percent-of-global-knowledge-workers-will-be-remote-by-2021 ) GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission.


For Citrix Investors

This release contains forward-looking statements which are made pursuant to the safe harbor provisions of Section 27A of the Securities Act of 1933 and of Section 21E of the Securities Exchange Act of 1934. The forward-looking statements in this release do not constitute guarantees of future performance. Those statements involve a number of factors that could cause actual results to differ materially, including risks associated with the impact of the global economy and uncertainty in the IT spending environment, revenue growth and recognition of revenue, products and services, their development and distribution, product demand and pipeline, economic and competitive factors, the Company’s key strategic relationships, acquisition and related integration risks as well as other risks detailed in the Company’s filings with the Securities and Exchange Commission. Citrix assumes no obligation to update any forward-looking information contained in this press release or with respect to the announcements described herein. The development, release and timing of any features or functionality described for our products remains at our sole discretion and is subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.