BYOD has been around for a long time in practice, although the acronym was not popularized until 2011, when Citrix started to highlight the benefits. The fundamental desire for flexibility to work from anywhere on any device was true then and continues to be now.
However, increased cyber threats and the pandemic resulted in organizations buying and managing laptops for more employees and, in some cases, blocking BYOD options for fear of security risks. Many of the risks are real if BYOD is not done right. A classic example is an employee accessing corporate apps from a malware-infected home PC, exposing credentials, corporate data screen captures, or full network access via a VPN.
Simply banning BYOD for an organization, on the other hand, is expensive and causes many issues and use cases that need to be addressed. Some of these include: on-boarding new employees, M&A transitions, down time when remote employee laptops need repair, partner and contractor access, privacy concerns on personal mobile devices, and the overall loss of employee productivity and flexibility.
There are existing and new options to provide safe and secure BYOD that organizations should consider.
Citrix Virtual Desktops and now Citrix DaaS has been a long-standing solution to provide safe and secure BYOD. Apps and data stay in the datacenter or managed cloud and policies can restrict drive access, printing, and clipboard control. No VPN or client on the local PC are required, keeping management under IT control. This continues to be the best option for Windows apps or for web apps with special browser requirements like Internet Explorer. .
A new option worth considering is the Citrix Enterprise Browser, which functions as a secure managed container on the local un-managed BYO device. This enterprise browser works for internal web apps and corporate sanctioned SaaS apps. IT can manage and enforce similar controls including watermarks, clipboard, uploads/downloads and printing with no VPN required, and access restrictions to only configured internal apps.
The benefit of this approach is that the Citrix browser runs locally and requires no virtual desktop VDA servers on-prem, no cloud spend, no RDS CALs, and no third-party licenses — essentially, no overhead. Management runs as part of Citrix Secure Private Access (SPA) cloud service, greatly simplifying deployment and scaling. SPA enables safe BYOD as part of an overall ZTNA strategy, enabling secure access without trusting the device. For mobile devices, the Citrix Workspace app has an embedded browser that provides access to SPA-configured web and SaaS apps without requiring enrollment. Apps like Microsoft 365 webmail can be securely accessed with no MDM so employees can get mobile email without IT buying and managing mobile devices for everyone.
Citrix App Protection, built into the Citrix Workspace app and browser, adds additional security for virtual or web and SaaS apps by restricting screen capture on a per app basis. An additional unique feature includes keystroke logger protection, which enables secure keyboard entry but scrambles any attempt to record input including credentials or PII data. This feature offers significant protection from malware risks on BYOD PCs.
For users, the Citrix Enterprise Browser offers a great local native browser experience including fast performance, tabs, bookmarks, and more. All work apps are in once place with SSO, and the employee’s work apps are separate from their personal apps and browsing, alleviating privacy concerns. This is especially true for users who want email but don’t want to MDM enroll their personal smartphone. Most importantly, employees gain the flexibility they want to get their job done, from anywhere, on any device.
Learn more about Citrix DaaS, Citrix Secure Private Access, and Citrix Enterprise Browser, and find out how Citrix can help support BYOD security for your organization.