Checklist

Seven Keys to Delivering

Secure Remote Access

While keeping systems secure has never been easy,

1. Zero Trust Network
it was certainly simpler when everyone came to the
office to work. Now, distributed employees work on a Access (ZTNA) to All
variety of networks not secured by IT and on devices
your organization may not manage. This makes it more
IT-Sanctioned Applications
challenging to gain visibility into the potentially risky Providing flexibility increases user adoption and
actions employees may be taking and how those drives efficiency, but it’s important to ensure security
actions may impact corporate data security. protects apps and data without interfering in how
users get work done. 
At the same time, it is essential to acknowledge
that applications and data do not only live inside Appliance-based solutions like VPNs and SWGs
corporate datacenters anymore but are instead were designed on the principle of "implicitly trusting"
distributed across several different cloud services something known. Unfortunately, the notion of "Implicit
and on-premises. Moreover, even busines critical Trust" is exploited by many modern-day attacks that
enterprise applications are delivered from the cloud. use compromised credentials, insert malicious content,
or use a stolen or compromised device to access
But as we rely more on the cloud, your attack
information and steal intellectual property.
surface is larger and the number of security threats are
rapidly evolving. Your attack surface now includes the Zero Trust goes against the principle of Implicit
devices, applications, files, and networks that remote Trust and focuses on "Never Trust, Always Verify."
employees use to get work done. While each one is
critical to driving productivity, each is a potential Traditional solutions only focus on authenticating
weakness an attacker can exploit. and authorizing users at the time of login, or blocking
suspicious URLs only once they are blacklisted. In
Here are the seven keys to securely deliver contrast, Zero Trust assumes all users and URLs are
applications wherever your employees work. suspicious unless they prove otherwise. Zero Trust
thus enables you to continuously monitor and assess
user activities throughout the session and automate
security controls based on anomalies detected. 
 Citrix | Seven Keys to Delivering Secure Remote Access 2

To adopt Zero Trust for securing your applications and

4. Adaptive Authentication and
data, you must deliver security for remote employees
at the application layer to prevent network-level Device Posture Checks
attacks while enforcing contextual access control
driven by continuous assessment. This requires Adaptive authentication with device posture
capabilities to scan end-user devices before and assessment intelligently routes the user to the suitable
after a session is established and define how users authentication mechanism based on role, geo-location,
are authenticated and authorized to access and device posture check. For example, a contractor on
their applications. an unidentified device may be prompted for additional
authentication steps, or an employee accessing an
application from an unusual location may be
2. Exceptional Experiences  denied access.

Application access can be enabled based on user

If users have a poor IT experience, they will find
role, location, and device posture analysis. With device
workarounds that can impact productivity and
posture assessment, IT can scan endpoints based on
security. Appliance-based solutions like VPNs and
various factors such as anti-virus, OS, firewall,
SWGs were designed for a small percentage of remote
registries, and more.
employees, and they only provide security for a subset
of applications. With more employees taking on mobile
or remote work, appliance-based solutions are hard
to scale, requiring backhauling traffic and a separate
5. Application Performance
login experience. To prevent these issues, it is vital Poor application performance leaves users frustrated
for IT to provide a solution that offers the best possible and unproductive. But with technology that increases
user experience and security. This often means moving visibility and control across application performance, IT
beyond VPNs and adopting more unified workspaces can reduce application, network latency and outages.
that equip employees with the right tools wherever This results in better uptime, improved helpdesk SLAs,
they work. and reduced likelihood that users work around security
controls as a result of poor application performance.

3. Single Sign-On (SSO) to All

IT-Sanctioned Applications 6. Automatically Detect and
Whether BYOD, corporate devices, a dedicated
Defend Against Potential Risk
desktop, or a shared device, your remote access Analytics provide insights into applications, files,
solution should simplify the user experience. devices, and networks, which helps IT automate
Features like Single SignOn (SSO) provide secure security enforcements based on user behavior and
access to all IT-sanctioned applications, virtual detected anomalies. Continuous risk assessment and
apps and desktops, and document repositories. adaptive enforcement help IT reduce manual work,
SSO solutions also simplify access for users as they provide timely enforcement, and minimize the risk
do not need to remember nor manage multiple of unauthorized breaches.
usernames and passwords. Furthermore, users can
leverage a single pane of glass for all their applications Solutions like Remote Browsing enable IT to be
and files — minimizing the burden on IT to resolve confident that end users can securely navigate the web
password problems or reset expired access privileges. without introducing risk to the corporate environment.
This protects you from threats that may be introduced
by malicious websites by ensuring these browsers are
isolated off the corporate network and devices.
 Citrix | Seven Keys to Delivering Secure Remote Access 3

7. IT Consolidation and M&A Conclusion

Consolidating management of IT services, networks, As you plan how your IT modernization will deliver a
clouds, and applications into a unified platform helps secure and productive environment for your hybrid
reduce IT complexity, improve employee productivity workforce, you need to explore fully integrated
in a better end-user experience, lower the total cost solutions delivered as a cloud service. A multi-vendor
of ownership, and prevent security gaps in your solution makes it nearly impossible to centralize
infrastructure that could increase compliance risks. security management and automation. None of the
security policies and user risk profile work across
As organizations acquire other companies, it is multi-vendor products, which forces security
critically important for IT to quickly onboard new administrators to execute slow,
employees and allow the business to carry on with manual processes.
minimum disruption. However, it is hard to scale
appliance-based solutions as new employees can take Citrix's Unified Secure Access offers a fully unified and
weeks to procure, install, and make them available to ready-to-deploy solution that enables you to maximize
use. Therefore, it is vital for IT to limit access for these performance, minimize risk, and drive workforce
users to only certain apps and not provide full network productivity anywhere and on any device.
access until everything is ready.

Enterprise Sales
North America | 800-424-8749
Worldwide | +1 408-790-8000

Locations
Corporate Headquarters | 851 Cypress Creek Road, Fort Lauderdale, FL 33309, United States
Silicon Valley | 4988 Great America Parkway, Santa Clara, CA 95054, United States

©2020 Citrix Systems, Inc. All rights reserved. Citrix, the Citrix logo, and other marks appearing herein are property
of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and
Trademark Office and in other countries. All other marks are the property of their respective owner(s).