Mumbai: 30th September 2022 – Citrix and Anunta are initiating CXO Leadership Engage- Creating Safer Workspaces through Zero Trust to envision the future and analyze the work-from-home anywhere infrastructure from a cloud perspective. The whole Zero Trust approach means everything needs to be verified. It requires that all users, whether inside or outside the corporate network, be authorised, authenticated, and continuously validated on security configuration and status before granting or maintaining access.
The first facet of Zero Trust is to identify, integrate and authorize. The original definition of Zero Trust is that we have no data footprint on the end device. The ZT solution should consider devices from an adaptability perspective. There are three ways to secure work from home with Zero Trust. The first step is to identify your users. The concept of zero trust starts with understanding the company’s user base, second protecting the data, and finally includes cloud applications.
Citrix zero trust security architecture is built upon:
Explicit verification and continuous validation: users must be authenticated, authorized, and validated on an ongoing basis to ensure they always have the proper permissions. Numerous data points such as user identity, geolocation, and device posture may be leveraged for this purpose. One-time validation of user identity is no longer enough.
Least-privileged access: Zero trust reduces a company’s attack surface by enforcing the principle of least privilege so that identities only get the lowest level of access to the network by default. In tandem with other cybersecurity practices such as adaptive access, least-privileged access sharply limits lateral movement within a zero trust model.
VPN-less access to apps & data. Citrix Workspace enables VPN-less access to sensitive resources and is secured by providing access policies (built-in anti-keylogger, anti-screen capture, watermarking, upload/download/clipboard/
printing/scanning control) throughout the session.
Talking about its partnership with Citrix, Mr. Ajit Aloz, Head of Cloud Practice and Sales, Anunta said, “To strike the right balance between great employee experience and corporate data security, organizations should leverage End User Computing technologies like desktop virtualization that have Zero Trust at its core. Anunta, being a Platinum Plus Partner with Citrix for over 10 years has been enabling organizations to find this balance perfectly, reducing the risk of unauthorized data access while ensuring anywhere-anytime access to users.”
Speaking on the occasion, Dixit Roy Mahidhara, Senior Sales Director, Citrix, said, “The three main concepts of Zero Trust are comprehensive visibility, micro-segmentation and least access control, and continuous monitoring and enforcement. The Zero Trust model works in five key areas including User, Device, Application, Data, and Session. Device and user are the key areas that the Zero Trust ecosystem emphasizes the most.”
Mr. Dixit further said, “Zero trust the Citrix way applies beyond networking, to users, devices, networks, applications, and even how people work. It adheres to NIST’s zero trust tenets. A session-based access policy is continuously enforced dynamically. Access to any resource requires authentication, and infrastructure and resources are constantly monitored. In order to create a Zero Trust architecture, companies use three approaches.”
The essential requirement for any user or device to access a corporate resource is access rights, which are granted only after their identity has been verified by a trusted source. The nature of the network-based approach requires the ability to segment the network perimeter or enterprise resources into subsections, with each section secured by a web gateway. The cloud-based approach uses systems that integrate with each asset, making cloud access easier to manage for any organisation.
Anish Ravindranathan: An Independent Enterprise Security Architect, said, “As nation-wide attacks increase, more sophisticated attacks will target critical infrastructure like power grids, manufacturing sectors, and smart cities. A lot of sensors, embedded systems, etc. (IOT) will be made available over the internet, increasing attack vectors. Hence, there is a need to invest in OT security training and build the skillset to prepare for cyber warfare.”
Mr. Anish further stated, “The evolution of data science and AI/ML in cyber security will change how everyone approaches detecting and responding to security incidents. Five years down the road, the SOC or Incident Response will be completely automated with no human intervention (SOC Analysts). In the future, forensic investigations will be performed remotely over the cloud instead of in the lab. As technology and attack patterns rapidly change, an agile security architecture is needed to identify and protect against malicious activities. Security architects will be required to conduct continuous design reviews and evaluate technologies and security gaps.”