As federal agencies allow more and more employees to work remotely, the need to deliver secure applications becomes that much more critical. While security was always a top concern inside the government, the increase in remote employees presents new challenges.
In this blog
I recently spoke with Jose Arvelo, Senior Manager for Sales Engineering at Citrix to discuss this growing need and in particular, how WWT and Citrix work in concert to improve application security.
Preparing for Zero Trust
Federal agencies continue to move toward a Zero Trust framework for data and applications. To do that, technology leaders must first understand what assets they have, the risk levels for each, and the controls for the people and systems that will use them.
To get ahead of these measures, Citrix leverages a user-centric approach that uses artificial intelligence and machine learning to develop user risk profiles. If a user, for example, typically works from the same device at their home, the system can identify when that account diverts from its standard behavior. The system can increase that user's risk score and flag them for further investigation.
"Say a person's account suddenly shows them in another state and downloading massive amounts of data," Arvelo said. "Our platform immediately starts logging their actions, along with sending messaging to the appropriate parties about misuse."
The system does the same with applications. If an application is suddenly being used in different or uncharacteristic ways, Citrix can notify administrators for further investigation. Better yet, the system does this all with automation to ensure immediate resolution.
Government agencies must improve enforcing security policies. As I discussed with Arvelo, agencies sometimes struggle with shutting down accounts or access to systems when there is anomalous behavior.
In some cases, the technology team does not have the authority to do so. In other cases, taking away access could infringe on a person's ability to do their job. Sometimes a person's behavior might stick out due to the breadth of applications available with some living on-prem and others in the cloud.
"Security is now shifting away from just being something that you do within the enterprise network and something that now you have to apply in your extended network," Arvelo said. "You've got to make sure that you've got that and you're moving your security up to the cloud."
Citrix pushes for the idea of a digitized workspace that removes some of the physical components of cybersecurity. With a digitized workspace, a person accesses data outside the traditional on-premise networks without causing red flags. This is all part of creating a better user experience and maximizing data that is available.
"You've got to have some visibility into how people are working," Arvelo said. "If we can identify the problems they have a find a quick and easy solution, they are more likely to be productive and utilize these applications to their full capability."