Zero trust has become a crucial component in the cybersecurity strategy of organizations everywhere. More and more enterprises are finding themselves turning toward zero trust architecture to keep their data, infrastructure, and other assets safe. As a result, this concept has IT leaders rethinking their current security tools and infrastructure. And they should. There are several nontrivial challenges that organizations need to overcome when implementing an effective zero trust architecture that adheres to the tenets of the NIST Zero Trust Architecture (SP 800-207).
In this blog post, I’ll look at how you can leverage Citrix technologies to help build a zero trust architecture that satisfies the following outcomes, which are based on observed challenges as documented in NIST SP 1800-35A:
- “Support user access to resources regardless of user location or user device (managed or unmanaged)”
- “Limit the insider threat (insiders — both users and non-person entities — are not automatically trusted)”
- “Limit breaches (reduce attackers’ ability to move laterally in the environment)”
- “Perform real-time and continuous monitoring and logging, and policy- driven, risk-based assessment and enforcement of resource access”
Support user access to resources regardless of user location or user device
Two of the seven tenets of a zero trust architecture — “all data sources and computing services are considered resources” and “access to resources is determined by dynamic policy” — lend themselves nicely to this outcome. After all, we want a centralized access point that inherently reduces an organization’s attack surface while providing users access to everything they need to get their work done. And the corresponding policy configuration must be granular and streamlined from the admin perspective.
Citrix Workspace can do this, providing users a central access portal for any IT resource — SaaS apps, internal web apps, DaaS, TCP/UDP connections, client-server apps — while giving admins access to the Citrix Cloud control plane, which acts as a single policy configuration point for all use cases and personas.
Citrix adaptive authentication service enables end user authentication to be dynamic and allows for organizations to leverage existing investments in identity and access management (IAM). Citrix Workspace app delivers a single URL, while adaptive authentication challenges any user type (internal, external, third-party, contractor) with the appropriate level of authentication before granting access.
Limit the insider threat
Citrix Secure Private Access and its adaptive authentication service dynamically challenges users with the appropriate level of authentication and gathers data about identity, user location, and context, which in this case refers to users or groups; desktop or mobile devices; geo-location or network location; device posture; and user risk score.
The outcome of these conditional checks provide Citrix Secure Private Access’ adaptive access service with the information it needs to allow for just enough and just-in-time access to the IT resources within Citrix Workspace. This process ensures that no entity is automatically trusted, while access is granted dynamically to protect the organization’s high-value assets.
Limit impact of breaches
Breaches are an unfortunate reality, so it’s crucial to limit the abilities of an attacker once inside the environment. The policy construct must abide by the principle of least privilege and leverage a properly configured policy enforcement point that prevents unauthorized access to the high-value data and assets that it guards.
The outcome of Citrix’s adaptive authentication service provides Citrix Workspace and its adaptive access engine with identity, context, and location information to enforce certain policies upon resource request. In the event an attacker breaches the environment, security controls (remote browser isolation, enterprise browser) and lockdown policies (clipboard restriction, inability to download, watermarking, blocking of drive mapping, and more) are enforced to limit the impact of the breach and reduce lateral movement.
Perform real-time, continuous monitoring and logging, and policy- driven, risk-based assessment and enforcement
In addition to the core components necessary for policy configuration and secure resource access, organizations must consider all the data being generated when implementing a zero trust architecture. An effective zero trust architecture consolidates and collects security information events generated from individual data sources and correlates and analyzes the data to baseline user behavior and identify anomalous activities. Ideally, this detection engine identifies potential threats in real time and takes autonomous action to mitigate risk.
Citrix Analytics for Security ingests raw events from the Citrix environment (Citrix Secure Private Access, Citrix DaaS, NetScaler) to alert on anomalous behavior and take closed-loop, autonomous action when required. User requests for resources are run through a risk analysis engine that uses machine-learning techniques to identify the risky behavior and produce individual risk scores. These risk scores can be fed back into the policy as a parameter for granting access to resources with various security controls. The analytics service allows for centralized visibility across the Citrix stack while providing tooling for extending data and insights to SIEM platforms such as Splunk.
What’s Next
A mature zero trust architecture is a complex beast that contains more components than just Citrix technologies. But a few strategically integrated solutions can go a long way when attempting a zero trust architecture. Learn how Citrix solutions can support your zero trust strategy. And in my next blog post, I’ll take a deeper, more technical look at architectures and configurations you can use to leverage Citrix solutions in your implementation of zero trust architecture.