"Seagate required a solution to provide secure access to enterprise applications for business partners from any location and device, without relying on a traditional jump server in our private datacenter, which could potentially expose broader network access. Citrix Secure Private Access meets this requirement by offering secure access, zero trust networks, and multi-factor authentication (MFA).” Ahmed Samiuddin, IT Director.
Business problem
Seagate is a global technology company pioneering the data economy by reducing the cost and complexity of storage infrastructure for its customers. Seagate has a global workforce and business partners, vendors and 3rd party contractors worldwide with an ever demanding environment of enterprise applications to support their business.
Citrix has been a trusted partner over the years to deliver secure remote access to their user base using the Citrix VDI solution. Seagate has also been using a 3rd party VPN vendor’s solution for remote access.
Seagate was looking to enable better collaboration given the evolving hybrid work requirements of their employees, vendors and customers, and was looking at Zero Trust technology to modernize their remote access solution infrastructure. At the same time replacing their aging VPN infrastructure with a Zero Trust Network Access (ZTNA) solution was also a key initiative for the IT and security leaders. Seagate looked at potential options in the marketplace and decided to expand its strategic partnership further with Citrix by using Citrix Secure Private Access to provide secure zero trust access to their employees and 3rd party users.
Use cases
3rd party vendor access
Seagate has a large number of 3rd party vendors, suppliers and contractors that need access to client server applications for inventory management, product testing and retail management. The existing VPN solution was not the right solution with the evolving needs to better performance, scalability and improved level of security. They needed a new ZTNA solution that could seamlessly integrate to provide web based access for suppliers to securely access these private applications as well as SaaS applications
Employee remote access to private applications
Seagate global employee technology workforce with developers needed access to internal servers, remote SSH access for code development, and specific set of server resources. This was delivered through an aging VPN solution which they wanted to replace with a robust and scalable ZTNA solution that can not only improve performance but also significantly improve the security posture of their access method.
Unified access portal for all virtual, private web and client server applications
Seagate’s user base comprises external users and employees that bring their own devices not managed by Seagate. Having a unified landing portal page showing the list of all applications so end-users can easily access their applications was a key requirement for simplifying the user experience. The 3rd party users could be Seagate’s suppliers that do not prefer to install any 3rd party software but still want a simple browser based experience to access Seagate business applications for collaboration.
How Citrix Secure Private Access solution delivers Zero Trust Network Access to private applications
Seagate started with a pilot to validate the Secure Private Access solution in their environment and quickly saw the value in the simplicity of the experience that Secure Private Access brought to the users. They started with a private web app to start deploying the solution in a short duration and gradually expanded the pilot to a large number of contractors and 3rd party users.
Contextual access and zero trust enforcement
Seagate wanted control of the traffic and the authentication process while leveraging their existing Azure AD as their Identity provider. They are using Conditional access policy to restrict connections to only Seagate known IP addresses. With Secure Private Access they were able to define a routing policy that allowed using the Connector Appliance as the proxy for connections to their SaaS application. This ensured that only valid connections verified from Secure Private Access cloud are allowed to the SaaS app thereby further improving the overall security of the solution
Accessing private web apps and Intranet URLs
Seagate lacked visibility into the various intranet web URLs and sites that were being accessed on the legacy VPN and thereby there was a challenge with determining the right FQDNs to use in the ZTNA configuration. Using the App Discovery feature in Secure Private Access, the admin teams and Citrix teams assisting in the provisioning of applications were able to identify the right FQDNs to define the configuration of authorized access and ensure there was no excessive privilege to intranet sites beyond what was needed by the users.
In the production environment, Seagate is now using several web applications with agentless access method and contextual policies to ensure 3rd party contractors are able to access these apps from their BYO devices. Among the key business applications, SAP in particular was a key application used by external vendors, suppliers and employees. This app was quickly tested and implemented in production, and is providing streamlined experience enabling a secure collaborative experience and improving user satisfaction.
Access monitoring and proactive policy governance
As Seagate rolled out the solution in production, they wanted visibility and monitoring of their user’s activities and applications accessed so they can ensure all access is done by authorization policy. The console and visibility dashboards help the Seagate team get the visibility to each application FQDN that is accessed along with reports such as top user and top application activity. This enabled the Seagate admins to support the growing usage on the Secure Private Access solution. For addressing user specific access issues, their IT teams are able to rely on diagnostics logs. Infrastructure monitoring with detailed visibility into the status and availability of connector appliances in their data centers has allowed them to address any potential user issues quickly and efficiently. Access policy governance was another key requirement for Seagate’s use of Secure Private Access in production.
Benefits of the Secure Private Access solution
Leveraging existing Citrix assets and expanding use of Citrix platform
With the investment in Secure Private Access, Seagate was able to rollout a ZTNA solution with a unified access portal for bringing web based apps and client server apps along with the existing virtualized applications. This significantly reduced the time for a successful ZTNA implementation helping their IT team weeks of efforts, and enabled faster time to value with their investment in CItrix
Consistent security
Ensuring a consistent security across apps in terms of a common Identity platform, user context and access privileges was important. As Seagate had already configured user groups and Identity provider in the VDI solution, they were able to quickly leverage this with Secure Private access for their private web based apps as well as client server applications. Also the built in SSO feature across Citrix workspace and ability to get SSO to their private web apps helping improve user experience and deliver higher level of user productivity.
Operational simplicity and reduce costs
With Secure Private Access, Seagate is also able to provide an integrated support experience across virtual apps and private app. This not only enables operational simplicity but also helps reduce overall training costs for support personnel to get up to on speed on the ZTNA solution and deliver faster resolution time for end-user trouble tickets
Summary
Secure Private Access has helped Seagate deliver a secure Zero Trust access solution to their employees and 3rd party vendors enabling a successful move from a traditional VPN solution, reduce risks by delivering consistent security and least privilege access, and enable collaborative experience for their user base with an enhanced user experience.
