Top Citrix infrastructure challenges for secure browsing:
Following Cigloo Secure Browsing article on “HOW TO USE CITRIX TO PREVENT ALL BROWSER-BORNE MALWARE” we will now map the security challenges left to achieve a full secure browsing solution.
The following challenges must be addressed in order to receive a high level secure browsing solution which satisfies compliance requirements as well as security needs. This, in order to avoid BAD content execution, sourced from the internet that causes the organization to confront ransomware or any other malware related threat.
If you use Citrix, then chances are you already know and appreciate it for its robust VDI and workspace-as-a-service capabilities. Over its more than 25 years in the Remote Desktop space, it has truly defined itself as a leader.
But using Citrix alone isn’t going to keep your users safe from malicious browser-borne malware and other security issues. Recently we published an article detailing how to use Citrix XenApp and XenDesktop to isolate corporate internet browsing.
Now we will take a look at the remaining security challenges when it comes to achieving a fully secure browsing solution:
1) Privacy – One of the key considerations is the need to protect users’ privacy by isolating their accounts and the Active Directory environment. This is done through a separate Active Directory infrastructure, generated to only serve users who browse the internet or external environments which are not connected to the internal network, that contains sensitive core applications and data. This way, potential attackers cannot gain access to corporate users details.
2) Single Sign On Capabilities
When using different identities with different domain forests, problems arise when mapping the user’s personalization settings like favorites, cookies, history, etc. from their internal user to their external domain user. Remembering multiple passwords, some for their local PC and another for their remote domain user is another challenge that needs to be addressed.
3) User Experience
Today, a great deal of corporations have problems executing the new versions of Internet Explorer 11 and above. Many in-house websites are not compatible with these newer browsers and often, organizations are “stuck” with the old browsers due to in-office red tape. This leads to a situation in which employees use a mix of Google Chrome for some activities and IE for others, creating a space for vulnerabilities to arise.
4) Browsers Management and Compatibility
Using separate XenApp farms for different types of applications, or for old application management along with new ones leads to having more than one app icon floating around desktops. This clutter can be supremely frustrating.
Here are a few XenApp zones examples:
5) File Security
Enabling the secure uploading and downloading of files is one of the top security challenges to corporations today and requires integration with common file security gateways, which in and of itself is a time-consuming challenge.
6) Integration with Content Inspection Systems
Integrating content inspection systems and allowing them to have control over all browsing security aspects such as file security, URL filtering, known malware identifications is another challenge that needs to be explored.
7) Clipboard Security Management
When users to copy data from the company’s systems to the browser, the organization is immediately exposed to data leaks and security breaches.
8) Citrix Licenses
By sustaining different zones, organizations are limited to using named licenses only. This presents a challenge as occasionally, organizations prefer to practice through the concurrent licensing model. Also, it’s possible that not all users are connected to the Citrix infrastructure, consequently requiring additional licences. The main question is if the organization is able to allocate the necessary budget for this purpose.
Every implementation requires the organization to establish a “Browsing Servers Farm”. This venture is complicated and involves numerous elements so a better idea might be to use Citrix workspace or the workspace cloud service to avoid the need to build out a server farm.
Contact Cigloo team to learn more about our secure browsing for citrix solution
Contact us to learn more