113: The Citrix Session: Delivering enterprise web apps with Citrix Workspace Browser

Sep 13, 2022

When consumerization of IT was the next big thing, enterprises spent a lot of time and money modernizing apps and working to accommodate the way employees want to work. Many of those changes truly improved the way people work every day. BYO device users, noncorporate machines, corporate workstations, mobile devices, and third parties all needed access to company resources, and the lowest common denominator across all these new endpoints was the web browser.

It was a fantastic place to build toward. The browser is ubiquitous and free, everyone knows how to use one, and there was very little barrier to entry. There is a downside though — they are built for the consumer and not with enterprise requirements in mind. Enterprises are looking for security features like clipboard controls, fine-tuned data download and upload policies, and the ability to enforce watermarks to prevent critical data exfiltration, among a host of other features to protect their most precious resource — their intellectual property.

There is a better way to provide access to corporate apps and data that doesn’t involve VPNs or virtualization. That’s why we have spent the last two years developing Citrix Workspace Browser.

Host: Bill Sutton
Co-host: Todd Smith
Co-host: Geremy Meyers
Co-host: Patrick Coble 

WEBVTT

1
00:00:02.840 –> 00:00:22.039
Bill Sutton: Hello, everyone, and welcome to episode One hundred and thirteen. Yes, one, one, three of the citric session. I am your host or one of your hosts today. Ah, Bill Sutton, our normal host, Andy Whiteside, is is ah unavailable. So we’re going to do. I’m going to do this in his absence, along with a few

2
00:00:22.050 –> 00:00:31.530
Bill Sutton: few citrates and a couple of other folks that will be able to help us. So along with me today is Jeremy Myers. Jeremy, you want to say hello to the group, please.

3
00:00:32.450 –> 00:00:44.500
Geremy Meyers: Hello, gang It’s Jeremy. There’s Todd. I’ve just joined. We were wondering if time was going to make it. So, Todd you got me this morning? So say hello, if you would please.

4
00:00:44.510 –> 00:00:50.160
Todd Smith – Citrix: Hey? Guys Thanks for uh, i’m Sorry I was a little bit late. I’m glad to join you guys today.

5
00:00:50.170 –> 00:01:06.889
Geremy Meyers: You still look in some ways over the patriots yesterday. Let’s just get that out. I I am I, You know. I, To make matters worse, I flipped over from the patriot scheme, so to watch my bangles lose an overtime against the uh the steelers. So I was over to yesterday.

6
00:01:06.900 –> 00:01:17.179
Geremy Meyers: I don’t think anyone wanted to win that game. When I think about it. They did everything possible. They clanked the field goal off of the upright

7
00:01:17.260 –> 00:01:25.089
Todd Smith – Citrix: I won’t go into the whole, whether Jamar Shay said of his feet in bounds or not on the touchdown that was not a touchdown. So

8
00:01:25.100 –> 00:01:26.229
so. Yeah,

9
00:01:26.860 –> 00:01:43.010
Geremy Meyers: very good. Also on the call today is um is Patrick Cobbel, Bd: A. Sec. Patrick will say, Hello, Howdy? How to? Yep. I’m: Patrick. I’m: uh this security narrative, or Vdi Sec. And I I’m. Staring at group policies and Cisco secure endpoint right now. It’s pretty exciting.

10
00:01:43.270 –> 00:01:49.789
Patrick Coble: Sounds like it, You know. We were remarking, I think i’d go blurry out if I had to look at that many gpos. But that’s your life right, Patrick.

11
00:01:49.800 –> 00:01:59.519
Patrick Coble: Yeah. Make reports. Make reports. Yeah, very good. All right. So let me share my screen for those that might be following this,

12
00:01:59.730 –> 00:02:14.480
Bill Sutton: the video portion of this Um. So what we’re gonna cover today is this blog article by Dmitri Petropolis? I probably said that wrong, but nevertheless it’s entitled to deliver Enterprise Web apps. The citrix workspace browser

13
00:02:14.490 –> 00:02:23.110
Bill Sutton: So I think a lot of a lot of folks that are listening to this call might be traditional citrix virtual apps and desktops, or citrix as users.

14
00:02:23.120 –> 00:02:40.740
Bill Sutton: The days of publishing the browser and and enabling customers access individual applications through a published browser. We can absolutely still do this. Ah! It may not be aware of this. This is actually as I understand it, and I don’t want to get ahead of us. But, as I understand it, this is included in the workspace app

15
00:02:40.750 –> 00:02:54.059
Bill Sutton: now when you install it, whether it’s enabled, or whether you can get access to it. I will talk about that as we get through this. So before we get started. Guys any general high-level comments about this concept before we start going through the blog.

16
00:02:54.750 –> 00:03:09.200
Geremy Meyers: Um, you know so the fun fact that we always. That’s what we always, but it routinely comes up in, you know synergy sessions, and meet ups and just customer conversations as well. And what’s the number one app that’s been delivered historically using

17
00:03:09.210 –> 00:03:23.549
Geremy Meyers: it’s an app. Met a frame. See that we’re doing a call, whatever iteration you’ve got. You know. It’s a long time. It’s just been a browser right for a couple of different reasons. You know. The first one is just it makes sense. If you’ve got an internal web app, and you’re trying to keep the user

18
00:03:23.560 –> 00:03:43.380
Geremy Meyers: number one to try to keep it protected. You know. You can insert all that security control around the browser, which has been excellent, and in some cases it just makes the performance much better, right? So the alternative has been, maybe spin up a Vpn. Especially if you don’t want to publicly expose that internal webex,

19
00:03:43.500 –> 00:03:52.990
Geremy Meyers: you know it could be a little sluggish just depends. But you know that’s been the number one use case for a long time. So this is just sort of an iteration of it. It’s pretty awesome. Actually.

20
00:03:53.010 –> 00:04:17.500
Bill Sutton: Yeah, I I was gonna say that that that absolutely is the way we we used to see it done. But today, with the prevalence of sas-based applications, we still have customers that are published in the browser to get to a Sas app, or from a security perspective, or have for perhaps authentication. Um, those sorts of things. But in some cases. It may not make sense to do that anymore. And this this provides an alternative. Is that right? God?

21
00:04:17.720 –> 00:04:26.860
Todd Smith – Citrix: Yeah, it does. And you know, I think one of the challenges that everyone’s had with publishing those browsers. The reason why they were doing it is because

22
00:04:26.870 –> 00:04:43.230
Todd Smith – Citrix: all of the plugins and the policies that needed to be set on a browser by browser basis, and those were driven by the application requirements. So you know, I had a healthcare customer years ago that they had over one thousand different instances of browser being published, because

23
00:04:43.240 –> 00:04:52.379
Todd Smith – Citrix: this application worked better in, or this this service, or app worked better in ie. Than it did on safari.

24
00:04:52.390 –> 00:05:11.999
Todd Smith – Citrix: Um, But you had to have ie. That had the following plugin to have to have a certain version of the dot net framework. You’d have to have, you know. Ah! Restrictions put in there right. So instead of having to go and do that on an individual app by app basis. What if we could actually give you a browser that had

25
00:05:12.010 –> 00:05:17.629
Todd Smith – Citrix: one single place to manage your policies just like you do in zen app, or in the city’s virtual apps.

26
00:05:18.720 –> 00:05:36.310
Bill Sutton: And so that’s where That’s what this is right, in a sense. So let’s talk briefly about the the browser itself. You kind of touched on it there a little bit. The ability to set policies and and enable elements of the browser remotely. I think when it comes to those

27
00:05:36.320 –> 00:05:58.170
Bill Sutton: those plugins and those add-ins that we saw back in the day, I think, the with the advent of Html five, many years ago that a lot of that’s gone by the way side, not entirely. We still see them particularly in older legacy apps that make sense to publish a browser and have those available for the user but I don’t. I don’t what you you guys agree, maybe, Patrick, that those are largely they don’t see them as frequently as we used to.

28
00:05:59.860 –> 00:06:28.009
Patrick Coble: Yeah, I mean for sure. And I mean to this. This is a big one, because when I do audits and then tests, browsers and email clients are pretty much the top two first applications you can have deployed uh on a regular computer or in a virtual desktop, and it their security is paramount, because that is the tip of the spearfish, right? And since social engineering and those emails and those malicious web links are

29
00:06:28.020 –> 00:06:56.680
Patrick Coble: pain of our existence. In some cases Uh, It’s really really important to have some type of solution to this, because when I do a lot of audits, most people browser settings are like default default, not even blocking any third party scripts, or or cookies, or anything. And so, when you use a service like such a browser, then you are taking that traffic and number one making it originate outside of your data center. Right? It doesn’t look like it. Kind of came from you,

30
00:06:56.690 –> 00:07:06.090
Patrick Coble: you more and number two. You’re getting visible visibility analytics and controlled lockdown to it. Right? So it’s It’s purpose built for that. So I dig it.

31
00:07:06.100 –> 00:07:25.829
Todd Smith – Citrix: Yeah. And and I think to to Patrick’s Point, I I think, for the past multiple years. Ah, we have trained users to just go and add you know say yes to when a plug-in tries to get installed. So the user behavior has driven kind of this. This need

32
00:07:25.840 –> 00:07:27.070
to

33
00:07:27.280 –> 00:07:37.889
Todd Smith – Citrix: put better controls over browsers and email clients and things like that. So this is one step in the one step in securing our environment without degrading the user experience.

34
00:07:38.760 –> 00:07:57.399
Bill Sutton: Yeah, absolutely. So one thing to kind of point out, Here it’s in the blog itself. This is a This is a like a lot of the more common browsers, we’re seeing today it’s a chromium-based browser, but it’s really more enterprise. It is enterprise-focused with security as a as a clear strategy, for for

35
00:07:57.410 –> 00:08:10.050
Bill Sutton: this runs on windows and Mac and can run on managing and unmanaged devices. So let’s talk a little bit about some of the features of this, Jeremy. You want to take the first one there or first couple, maybe

36
00:08:10.060 –> 00:08:25.610
Geremy Meyers: Um, sure. Yeah. So I I think the the big thing to understand is this is a browser that is installed locally runs locally on your endpoint right? It it comes installed with the workspace app. So if you you might even know what to actually install.

37
00:08:25.620 –> 00:08:32.150
Geremy Meyers: So it is a part of a workspace app it can be launched one or two different ways. So if you’re a customer

38
00:08:32.159 –> 00:08:48.779
Geremy Meyers: with secure private access, that feature, and you launch a web app and that web app has been configured to use. You know some of that security. It’ll automatically launch the the Enterprise browser and what’s interesting, and I didn’t realize this until two weeks ago, so it tells you how far out of the loop I can be at times is

39
00:08:48.790 –> 00:09:12.270
Geremy Meyers: um! You can actually launch it on its own. I was like man. This is a chromium-based browser. It’s really fast right, You know So you know I can’t sync it with Google and get all of my plugins, and do you ad to go along with it? So it’s actually a pretty slim and in light browser. Um. But you go to the the system tray right? So I can actually say, open to look for your Citrix workspace app, and actually right click and go open the city’s workspace browser,

40
00:09:12.340 –> 00:09:15.289
Geremy Meyers: and there you go. It’s pretty select. But there you go,

41
00:09:15.300 –> 00:09:17.349
Geremy Meyers: and there it is.

42
00:09:17.720 –> 00:09:37.400
Geremy Meyers: Yeah, I discovered that actually, when I was reading this morning, Jeremy, I I was curious, so I went right clicked on it. Sure enough there was so. Um! It’s pretty interesting, so I mean I will. So let me, so i’ll tell you what my use Case originally was, and it it does tails, and the number two this here. So I don’t know who’s who’s thunder? I’m going to steal here? But

43
00:09:37.410 –> 00:09:50.429
Geremy Meyers: um, you know I find myself so. We have published apps out of workspace that when I launched it will launch in this enterprise, browser, which is awesome. But then I found myself going. There are other internal websites that I need to access, that Aren’t published right. So we have

44
00:09:50.440 –> 00:10:12.230
Geremy Meyers: all sorts of stuff with a, you know, based on an internal domain name, tableau, whatever right? We just have things. And so I thought was, I mean, I would love to just launch the browser and type in, you know, whatever these internal links are, because I get clientless access into them. It’s phenomenal. So um that it’ll be my use case, and it’s really quick like that clientless access is is pretty smoking past. Actually,

45
00:10:12.520 –> 00:10:32.299
Bill Sutton: Yeah, and that correct me if i’m wrong. That’s that’s kind of where secure private access here. That’s what is that? What’s working on the back end here, or a Vpn, or I guess. Technically it’s not a Vpn. But that’s how you’re getting access from your your local browser to that back end resources through

46
00:10:32.310 –> 00:10:34.890
Bill Sutton: workspace or private access. Is it right?

47
00:10:34.900 –> 00:10:35.989
Geremy Meyers: That’s correct. That’s correct.

48
00:10:36.000 –> 00:10:48.290
Bill Sutton: Yeah. So one thing I didn’t realize is the the third bullet here. Contextual contextually applied data loss prevention controls. Um Todd, can you take that one and talk a little bit about that?

49
00:10:48.300 –> 00:11:13.370
Todd Smith – Citrix: So So the Dlp. Controls that I’ve been around with Citrus for forever? Um, you know, is really controlling clipboard access right, being able to reduce the ability to cut and paste. Ah, being able to restrict uploads and downloads, being able to ah do watermarking and watermarking on a web-based application. That’s a pretty Ah! That’s pretty huge thing! And then being, although being able to also

50
00:11:13.380 –> 00:11:28.340
Todd Smith – Citrix: ah prevents screen capture and or ah inhibit or limit. Ah! Printing capabilities and things like that. Those are all control mechanisms that people have really grown attached to

51
00:11:28.350 –> 00:11:38.980
Todd Smith – Citrix: in a zen app environment. And, as you know, if I were to put my security hat back on it would be around things like, How do I make sure that,

52
00:11:39.020 –> 00:11:50.900
Todd Smith – Citrix: regardless of where the app resides, whether it’s internal, or whether it’s sitting out is and delivered through Sas, or delivered as a web. App. I want to have a consistency across my entire

53
00:11:50.910 –> 00:12:04.339
Todd Smith – Citrix: security posture. So i’m not making these exemptions based on how i’m delivering the application, I need to be able to go to an auditor. How effective our controls are,

54
00:12:04.920 –> 00:12:11.099
Todd Smith – Citrix: because it’s one thing to have the control It’s another thing to have a deaned or judged as being effective.

55
00:12:11.110 –> 00:12:12.100
Bill Sutton: Yes,

56
00:12:12.110 –> 00:12:23.930
Bill Sutton: absolutely so. It’s in the case here, keystroke, logger, protection to prevent malware. So we’ve got the the the keystroke, logger piece included as well as web filtering. Let’s talk about those.

57
00:12:25.380 –> 00:12:50.709
Geremy Meyers: Yeah. So this key short order, I mean, that’s a part of our app protection. Again, that’s another piece. It’s just a part of the workspace app as well. So if you’ve got that enable, and you’ve got that policy turned on so as a user is typing in, you know. First of all, you should understand that when we’re using workspace app, we have the time of secure private access. We can. We can enable and configure a single sign on into certain, you know. Web apps right, and we can do it on a per web app basis

58
00:12:50.720 –> 00:13:06.230
Geremy Meyers: uh. But let’s just say that you know you’re sending folks to a website where they actually have to type some credentials in right. So part of that app protection package is a keystroke logging, you know. Mitigator. Right? So if you’ve got especially on like a mu Io type device, you know. So maybe you’ve got something installed.

59
00:13:06.240 –> 00:13:20.790
Geremy Meyers: You got a keyword installed. You know we’re actually protecting against that. So as that keylonger is attempting to, you know, capture the credentials you’re typing into that protected browser um the app protection policies. Actually, I can’t ever say this word opti skating.

60
00:13:20.800 –> 00:13:31.729
Geremy Meyers: You got text so that doesn’t feed into the browser. In fact, you can see in real time we do a demo where you can see what the output of the keylogger is, and it has nothing to do with what you’re typing into the browser, which is pretty impressive.

61
00:13:31.900 –> 00:13:45.390
Bill Sutton: Yeah, that’s that’s incredible. So then, the last one here that I’ve got highlighted. This This kind of in some ways is a throwback. But this is really about controlling where users can and cannot go right and what they can and cannot see using your enterprise. Browser.

62
00:13:45.400 –> 00:14:01.540
Todd Smith – Citrix: Yeah, I think, with the web filtering aspect of it. You know. There, there’s so many different solutions that are out there to help block people’s access or restrict access to the urls that are out there.

63
00:14:01.550 –> 00:14:29.310
Todd Smith – Citrix: You know this is this is something that we can do on the Citrix level. Um, and we could also do it on the networking level. You could do it on a you know, as part of your firewall services. I mean, there’s so many different ways to restrict access to Urls. The challenge sometimes is, Do I block it on the Url? Do I block it on the Ip address? Do I block it on something that’s familiar? Or do I block out an entire category of sites?

64
00:14:29.340 –> 00:14:55.260
Todd Smith – Citrix: Um, which in some cases that makes that make sense. You know we we’ve run into this an awful lot in the education space where you’re blocking out and providing web filtering and the Education institutions are starting to say, Hey, we need to block it out, and it has to be done on an individual basis, because a student that is taking a certain course load,

65
00:14:55.270 –> 00:15:16.870
Todd Smith – Citrix: they may have legitimate reasons to access. Some sites that talk about, you know different topics, and the ones that they that they don’t need to be blocked, or they did. They need to have locked out. So um! It’s becoming more and more prevalent that the institutions that are providing Internet access to their not only their employees, but their guests and customers

66
00:15:17.000 –> 00:15:21.199
Todd Smith – Citrix: have to have some type of filtering and some type of blocking mechanism in place.

67
00:15:21.300 –> 00:15:31.190
Bill Sutton: Yeah, when you take that, I think when you take this these six or so bullets or five bullets here, and kind of wrap them around the whole Security story. I mean, we’ll talk a little bit more about

68
00:15:31.200 –> 00:15:50.480
Bill Sutton: kind of what enables all of this to some degree in in a minute. But this is really focused on access to apps that they need as well as security around data around access, locally versus remotely, a lot of the things that we talked about. We talked about Pdi and and succession hosted

69
00:15:50.490 –> 00:15:58.709
Bill Sutton: the security around those. A lot of these things are what we’ve known for years. And now we’re bringing these to the endpoint as a real solution. Right?

70
00:16:00.180 –> 00:16:09.859
Bill Sutton: So what about this? This last paragraph of your workspace? Browser says, can take advantage of adaptive authentication. Talk to me a little bit about what that means. So for our audience.

71
00:16:09.940 –> 00:16:11.180
Bill Sutton: Tell me

72
00:16:11.420 –> 00:16:21.199
Geremy Meyers: so. There’s actually two pieces to this. So there’s the adaptive authentication piece itself, which is, you know, when i’m trying to log in the workspace for the first time.

73
00:16:21.210 –> 00:16:36.270
Geremy Meyers: It’ll it’ll prom me based on maybe the group i’m in, maybe the security and on the security posture I’ve got maybe the endpoint. I’m on corporate managed view. Id that can. That can sort of give you a different level of access, a tiered level of access, depending on that context.

74
00:16:36.280 –> 00:16:50.410
Geremy Meyers: Um. This can also be tied into the analytic service. So based on maybe a risk score that represents you. Bill Um. Maybe we provide different levels of access as well. Maybe we turn on certain security policies based on

75
00:16:50.420 –> 00:17:00.040
Geremy Meyers: you that access. So, for instance, you know, Bill, I don’t trust you right. You’re coming from, you know, a personal device, and maybe that Hasn’t been a problem in the past. But maybe you checked enough.

76
00:17:00.050 –> 00:17:15.269
Geremy Meyers: You know boxes to where you know, risk or it. So our analytic service is so high that we said, You know you’re gonna You’re gonna launch this web app? That’s going to have certain policies that’s been able, or maybe we’ll turn it off for you right. And so all of these mechanisms, all these security policies can be applied

77
00:17:15.280 –> 00:17:29.110
Geremy Meyers: to any of these web apps, even if they’re running locally on the Workspace browser right? So it’s. This is a different approach here. It’s basically taking those policies that we traditionally apply to C. Bad and running them on a local

78
00:17:29.120 –> 00:17:37.659
Geremy Meyers: Yeah. So when I, when I read this initially, I thought what the adaptive authentication. The first thing came to mind was Mfa. But, as you just described it,

79
00:17:37.670 –> 00:18:05.300
Geremy Meyers: this is the the the policy-based enforcement that that’s more contextual like that. It says that in there, but more contextual like you said it, it’s interrogating me as an individual, my location the device i’m. On all of those things that we could do, all that goodness we used to be able to do between storefront and that scale, or being able to say, if you’re coming from a trusted device and trusted Ip. You get access to these apps, or even, or maybe you get access to all the apps you can’t print. You can’t copy from the clipboard.

80
00:18:05.310 –> 00:18:10.460
Bill Sutton: You can’t do various other things. So we’re bringing all this really down to the endpoint level. Now, right,

81
00:18:10.470 –> 00:18:25.550
Patrick Coble: that’s that dimmer switch where you can have contextual and control at controlled access for who you need it when you need it, you know, instead of everyone on everyone off which is the policies of olden days. Yeah, exactly.

82
00:18:25.560 –> 00:18:37.550
Todd Smith – Citrix: And And I think, Bill, I think the the challenge that a lot of organizations are having is when it comes to security, and especially adaptive, obviously getting authentication.

83
00:18:37.560 –> 00:18:53.569
Todd Smith – Citrix: Um, it’s all contextual, right? So think of it as if you’re going to a bar or a nightclub. Right? You have the bouncer that’s at the door. Who’s checking your id and making sure that you’re allowed to get in there, maybe checking you for weapons, or bringing in an additional

84
00:18:53.580 –> 00:19:10.829
Todd Smith – Citrix: additional free alcohol and stuff like that, right? So there’s someone who’s protecting your access in. And then inside the bar you have bouncers or or bodyguards right, who are protecting the assets depending on where you are and what you’re doing. And then the third piece of it is Really, you know,

85
00:19:10.840 –> 00:19:21.149
Todd Smith – Citrix: every every bar and nightclub has has camera systems that are monitoring. You know the back offices and the cash registers and things like that that are high value,

86
00:19:21.160 –> 00:19:37.510
Todd Smith – Citrix: but they don’t want to have someone dedicated to watching that. So that’s more of the analytic service. You put all three of these together, and you have a higher security posture and a higher security stance. And you’re reducing your overall risk and your liabilities based on the fact that you’ve got a

87
00:19:37.520 –> 00:19:56.839
Todd Smith – Citrix: multi-factor approach, or a multi-pronged approach towards providing better security around your entire environment. This is very similar to what we’re doing with our zero trust approach right, which leads in very properly to the next section here, which is a discussion about Z. Dna or Zero Trust network access um, and

88
00:19:56.850 –> 00:20:15.949
Bill Sutton: secure and private access, which is um, which is, which includes the workspace browser. So I think. Um, one of you guys want to correct me here, but I think a lot of the policy and the adaptive off, and other elements that are that apply to the workspace browser are enabled, by virtue of Cspa, is, that Is that an accurate statement

89
00:20:17.220 –> 00:20:29.869
Geremy Meyers: that is accurate? Yeah, you’re spot on. So that is the what’s interesting. And this kind of rules right into it is, you know, compared to Citrix’s lineage, virtual apps and desktops. You know those sorts of things.

90
00:20:29.880 –> 00:20:58.959
Geremy Meyers: Um, it’s a pretty lightweight solution as well. It doesn’t require much on the endpoint. Um! There’s no vdi that’s see bad men, a frame type infrastructure required on the back end. Um! And the thing about that is, there’s no licensing about there, either. Right? So you think about what those ten licensing and Rds licensing and server licensing, and all those sorts of things Um, you know from a licensing from an infrastructure perspective. It’s very lightweight, right? And so it’s all. It’s all delivered from Citrix clouds. So it is

91
00:20:58.970 –> 00:21:00.090
Geremy Meyers: newer service.

92
00:21:00.100 –> 00:21:21.560
Bill Sutton: Yeah, So to to create the policy enforcement rules if you will. That’s that’s handled in the cloud by Spa right you’re you’re you’re configuring things that you know the the enabling or disabling clipboard, the enabling is disabling the watermark, and all of that’s being handled by Spa in the cloud, and being pushed down to the to the endpoint to some degree is that

93
00:21:21.570 –> 00:21:22.429
I You’re it.

94
00:21:23.210 –> 00:21:25.619
Geremy Meyers: Yeah, that’s correct. That’s correct. You got it.

95
00:21:25.630 –> 00:21:54.000
Bill Sutton: Yeah. But what I what i’m, we’ll skip over the next paragraph. But the third-payer record in this section really talks about complementing the existing dazz. Environment. And this, I think, is key, and I think it gets lost a lot of times. We talk about the compartmentalized, I mean, because of our history and our knowledge of of what Citrix has done over the years. Here we have dads, and we’re publishing a browser. That’s great, and that’s going to give us all this goodness. Now we have something on the endpoint. We. We. We talk about them kind of in a vacuum. And really, when you put the two together

96
00:21:54.020 –> 00:22:23.260
Bill Sutton: you really get the best of both worlds. You really do, even though that’s ah, that’s kind of a you know, Cliche, in the sense that the user that that workspace app becomes the the home, if you will, for access to everything they they need access to it, an application that needs to be highly secure, and it’s a client server app that’s very chatty. You do that via a post app, maybe, or if you need access to a Vdi desk full blown windows ten desktop. You do that via Vdi. If you need access to a Sas app, that

97
00:22:23.270 –> 00:22:47.880
Bill Sutton: with the type of security that we’re talking about, or even without it Um, you, you can leverage the same framework, and you click on that icon within your workspace app, and it launches the local browser that goes about its business. It’s completely transparent to the user So I see that as as really a key benefit, you will have some customers that just want to do Sba, which you’ll have a lot. I think they don’t want to do about what do you think

98
00:22:48.440 –> 00:22:50.460
Geremy Meyers: I mean, I think, is um

99
00:22:50.470 –> 00:23:13.929
Geremy Meyers: as administrators. We focus in on the mechanics of the back end right. We we think about the dazz infrastructure. We think about what it takes to deliver. You know a secure private access infrastructure, and all these things are services and cloud right? And but they’re all managed. You know. The those applications maybe come from different places right? But at the end of the day, from a user perspective. You know what we want to present to a user is one portal.

100
00:23:13.940 –> 00:23:43.730
Geremy Meyers: It has every type of application that you would need front center, right? So it’s not up to the user to figure out all right. This is a virtual app, or you. I got to go to my citrus infrastructure right? And, by the way, I have these web pages I need to go to salesforce. All right. Let me pull up edge and go log into that and figure that out right. And then i’ll get this internal web app that maybe i’m going to a a citric tap for maybe i’m publishing Google from. Or maybe i’m doing that across a meeting like that is cumbersome for an end user to do so. The idea is, Let’s make a simplified

101
00:23:43.740 –> 00:23:49.949
Geremy Meyers: portal that just gives you all of it right, and wherever it’s located, and how it’s delivered, and whatever app it’s required.

102
00:23:50.050 –> 00:24:03.729
Geremy Meyers: Just i’m just clicking a button that’s it and back out. So so it’s. It’s really the tale of two stories here, right? So it’s fun for me to pick apart exactly where my resources sit, and what cloud they’re on, and how my authentication works. But

103
00:24:03.990 –> 00:24:16.360
Geremy Meyers: we just offer the users right. I want to click a button and just have it work. It’s all I care about At the end of the day the user doesn’t really care about how it’s running, or they just need to get access to their information and keep moving on right.

104
00:24:16.710 –> 00:24:35.920
Geremy Meyers: And on top of that I think Patrick would say he would use a word called frictionless security. Right? So You know, when this is all said and done, we want the security to be there. But basically transparent, we just want it to be on without a user really having to interact with it. So that’s a whole idea of frictionless. And and that is one of the underpinnings of all of this

105
00:24:35.930 –> 00:24:38.010
Geremy Meyers: is making it simple, yet secure?

106
00:24:38.020 –> 00:25:07.070
Geremy Meyers: Exactly. I I was going to pass it over the battery to get his thoughts on some of this, and kind of kind of inquired over there in those gpos. So what are your thoughts? Yeah, I know. I mean, I think I think it is dead on. Is we always with all security policies to control have to find that balance of like usability, secure ability. And sometimes it means we have to be able to adjust that that dim or not, but also to be able to have that kind of visibility that solutions like this green

107
00:25:07.080 –> 00:25:10.920
Patrick Coble: um that otherwise wouldn’t be there. And so

108
00:25:10.930 –> 00:25:27.640
Patrick Coble: that’s what makes me excited about seeing stuff like this and seeing the possibilities of doing it. The only thing I do in my hacker brain is, I think, of all the cool ways. You can subvert this, too. So as an employee. So.

109
00:25:27.650 –> 00:25:32.050
Patrick Coble: But uh, you know, hopefully your normal people aren’t doing this kind of stuff.

110
00:25:33.500 –> 00:25:43.640
Bill Sutton: So I notice here the last paragraph in this section that talks about the fact that the that the browser is embedded in the workspace app for Ios and Android, so that we might want to touch on that and just

111
00:25:43.650 –> 00:25:57.060
Bill Sutton: emphasize that as well. So this is not limited to, not limited to just the workspace app on an endpoint or a full-blown Pc. It’s also included within the mobile workspace apps as well,

112
00:25:57.100 –> 00:26:18.060
Todd Smith – Citrix: and and I think that so so with bill on this one. You know the the movement away from having to manage the device, the endpoint device, especially these mobile devices, and still be able to control the application itself. We, you know, Cmdm versus mam conversation right?

113
00:26:18.070 –> 00:26:31.059
Todd Smith – Citrix: There’s not a lot of value sometimes in managing the device itself. It’s managing the access of what the person can do on that device, and specifically what applications of data they have access to. So So it really kind of

114
00:26:31.960 –> 00:26:45.510
Todd Smith – Citrix: addresses some of the critical Ah! Security risks that people are having, and especially around mobile devices they want to have, and they’re just adding it in as yet another endpoint that can be to the user

115
00:26:45.520 –> 00:26:59.580
Todd Smith – Citrix: interacts with, to get to their application, their data and have that same consistent level of security control. Um, And you know, if you have security and control, you’re also going to be able to talk about things like experience and reliability

116
00:26:59.890 –> 00:27:02.220
Bill Sutton: Right? Absolutely.

117
00:27:02.530 –> 00:27:12.920
Bill Sutton: So The last section here talks about the secure browser service. So someone want to explain what that is and how that helps security for customers.

118
00:27:14.360 –> 00:27:42.349
Todd Smith – Citrix: So so the secure browser service is really for organizations that Don’t want to have everything back ended in into their environment. Right? So you don’t want to have it uh using services that are inside your data center. Uh, and it could be for a variety of different reasons. It could be a security risk. It could also be from a cost, perspective, or a performance perspective. Um! So the secure browser service actually allows you to have the same capabilities that are in the enterprise. Browser.

119
00:27:42.360 –> 00:27:56.300
Todd Smith – Citrix: Um. But actually it’s hosted as a service delivery by by Citrix. Um, and it actually does things like it allows you to use like an air gap firewall um between the users, and that that

120
00:27:56.310 –> 00:28:10.310
Todd Smith – Citrix: uh unsafe contact. But more importantly, it’s like a burner. Phone. It’s like a throwaway browser right you Once you disconnect from it it’s gone. You don’t have anything that’s that. There’s no remnants or footprints in the sand that were left over

121
00:28:11.690 –> 00:28:13.110
Bill Sutton: cool. Yeah,

122
00:28:13.520 –> 00:28:26.520
Bill Sutton: um. So the last section here talks about analytics. So maybe give a plug there, Jeremy, for the Citrix analytics, for Security service, the ability to monitor and do a lot of other goodness related to these two solutions.

123
00:28:26.660 –> 00:28:55.959
Geremy Meyers: Yeah. Yeah. So I I touched on this a little bit when I told you that I didn’t trust you, Bill. But you know what’s going on under the hood as you’re accessing. You know anything when you’re trying to log in um. You know anything you’re doing that would involve Citrix, and we’re we’re capturing data about to where you’re coming from time of day activities within your session. Things like that. The idea is to be able to basically risk profile. You are doing things that risky, you know. You logging in from two different locations That just seems impossible, something we call it possible. Travel,

124
00:28:56.080 –> 00:28:57.550
Geremy Meyers: are you?

125
00:28:57.560 –> 00:29:23.289
Geremy Meyers: Um, you know, accessing from a new location a different kind of device. You know things like that. But anyways, all this data all feeds into the Citrix and Security analytics engine, and based on that feedback, You know we can. You can talk about how risky you are to the business, assign you a score, and then, based on that score, you know, actually feed that into the context, the context ending right? So we can turn things off just to sure you have the proper level of access, so maybe we don’t

126
00:29:23.300 –> 00:29:42.889
Geremy Meyers: let you have access. If you have a certain risk, or maybe we enable certain kinds of policies, if you have a certain risk or And so, you know, although you can define what those policies are, you know the risk score is basically machine learning in action, right? It’s just taking all that data. Um, it’s feeding that into an algorithm That’s the sort of profiling, if you will.

127
00:29:42.900 –> 00:29:45.590
Geremy Meyers: So it’s like much like the credit card companies. Right?

128
00:29:45.600 –> 00:30:10.689
Bill Sutton: Yeah, I was gonna say, this is why, when I take my laptop and go down to my Parents’ place down in Chesapeake, and sometimes they’ll ask me to mfa at certain locations uh where I use their browser instead of mine, to access my bank site, and asks me to Mfa or I go to San Francisco for a conference, and all of a sudden it realizes that i’m in a different part of the world part of the country. Um, that that’s what a lot of this is doing in the back end is enabling that kind of

129
00:30:10.870 –> 00:30:19.089
Todd Smith – Citrix: kind of behavior of monitoring that behavior and making sure that I am who I say I am, and i’m not somebody trying to get in.

130
00:30:19.100 –> 00:30:38.829
Todd Smith – Citrix: And, Bill, I think I think if you look at it. Um, you know we’ve We’ve come to expect that out of our credit card companies, you know. Now traveling back and forth to Canada. Um, I get text messages from the Credit Card Company, saying, Hey, this is the first time you’ve done a charge in Calgary for a while. Um! Is it still you

131
00:30:38.840 –> 00:30:56.570
Todd Smith – Citrix: right? You know I can re authenticate or respond to this text message as an example. Right? Um. Same thing goes with, you know, when we sign on. We want that same experience when we’re connecting to our corporate networking and our corporate resources, and, more importantly, our corporate applications and data

132
00:30:56.580 –> 00:31:05.719
Todd Smith – Citrix: the other piece of it. And this is kind of what’s again coming out of my security, and it audit work, background.

133
00:31:06.040 –> 00:31:12.609
Todd Smith – Citrix: You know more and more people have to be able to show that their controls that they have in place are

134
00:31:12.820 –> 00:31:30.249
Todd Smith – Citrix: actually, you know, working right? So are they are. They effective controls. And The only way to show effective controls is to show Oftentimes you know how you’re how you’re reporting on that, and there’s too much data for someone to go and sift through.

135
00:31:30.320 –> 00:31:51.899
Todd Smith – Citrix: Ah, the log files and things like that Through’s why companies like Splunk and some of the other data data aggregators that are out there. But, as Jeremy said, you know, this is using machine learning to provide real time information about you know what the user, risk store is, and you’re not having to wait till the next day to find out that you’ve had a that you’ve had a user that has been

136
00:31:51.910 –> 00:32:07.700
Todd Smith – Citrix: ah behaving in in a risky manner, right? So they’ve got some behavior that has changed. It elevates their risk of support. So you need to be able to do that in real time and be able to act on that quickly. And that’s one of the things that’s one of the benefits of the analytic service.

137
00:32:08.030 –> 00:32:18.429
Bill Sutton: Yeah. Absolutely great. Thanks for that todd um, Patrick, I mean any closing words. Here. We’re at the end of the article, so i’ll just go around the room and see if anybody has any closing thoughts.

138
00:32:18.440 –> 00:32:27.220
Patrick Coble: No, no, I mean, I think, overall. I think everyone that is listening. This needs to think about just

139
00:32:27.340 –> 00:32:41.359
Patrick Coble: what was said by Todd, and having a more advanced instrumentation for there I know I deal with a lot of companies and their cybersecurity. Insurance has gone up drastically over the past couple of years, as R. And smart payoffs have gone up,

140
00:32:41.370 –> 00:33:10.200
Patrick Coble: and if you can’t answer yes, that you’re looking for unusual at login activity, then that may be ten thousand or hundred thousand dollars more a year. So some of these features that we’re looking at, especially when you talk about like analytics on the citric side and multi-factor authentication, and secure browsers, and all the things related to secure browsing uh could save you the money that it could cost to buy that license and or implement right um depending on where you’re at and your

141
00:33:10.210 –> 00:33:16.469
Patrick Coble: So I think it’s important for our people to understand these solutions exist, and to go kick the tires.

142
00:33:16.910 –> 00:33:19.530
Bill Sutton: Absolutely, Jeremy. Final thoughts,

143
00:33:19.730 –> 00:33:26.630
Geremy Meyers: I mean. I’ll be honest. I think it’s interesting that the Enterprise Browser is just now in two thousand and twenty two

144
00:33:26.640 –> 00:33:54.260
Geremy Meyers: become a thing I mean not just the centric Enterprise browser, but just, you know, considering the risk profile we’ve had with browsers over the years now there’s been sort of different takes on how this should work. I I think it’s interesting that we’re really just now seeing this hit the marketplace. Right? Um, For the same reason that Patrick mentioned before. You know, email clients and web browsers are two of the tips of the the spear in terms of um, you know fishing right? So it’s. It’s kind of interesting that we’re. We’re just not talking about this, but it should be an important part.

145
00:33:54.270 –> 00:34:01.419
Geremy Meyers: Your application. Delivery strategy, right? You know. How are you protecting? You know, access, and that the point of entry which is interesting,

146
00:34:01.430 –> 00:34:02.590
absolutely

147
00:34:02.600 –> 00:34:04.990
Bill Sutton: Todd. I’ll save you for the for the last There,

148
00:34:05.000 –> 00:34:20.750
Todd Smith – Citrix: Yeah. And and to add on to uh Ted on the what Jeremy and Patrick talk about. You know this is, you know the Enterprise Browser was something in the dazz world we would solve by giving the user a published or virtual desktop,

149
00:34:20.800 –> 00:34:39.140
Todd Smith – Citrix: which was very expensive to maintain, and it was overkill. I mean he was using a sledgehammer um to solve a very basic problem. And you know the the sledgehammer becomes very expensive, very unwieldy, and you know it requires a lot of care and feeding to do it. And you don’t always need that level of power

150
00:34:39.150 –> 00:34:57.629
Todd Smith – Citrix: um, and that cost associated with it. So so the enterprise browser and the you know, the the secure private access of what we’re offering here. What we’re talking about has been extremely, not only effective for the user from an experience perspective, but also improves the security and at the right price point.

151
00:34:57.900 –> 00:35:15.829
Bill Sutton: Yeah, I agree completely. I think This is a great move for Citrix to to expand into these areas and really improve the security of of of Ah End users um and their organizations. So I appreciate you guys joining us today for the Citric session. Um, thanks, everyone for listening. We’ll see you again next time.

152
00:35:16.140 –> 00:35:16.890
Todd Smith – Citrix: Thank you.

153
00:35:16.900 –> 00:35:18.099
Alright, There you go.