White Paper Get the Most from Your EMM Deployment with Secure File Sharing A comprehensive overview of 10 popular use cases Citrix XenMobile and Citrix ShareFile deliver the most complete enterprise mobility management solution to enable mobile workforce productivity and collaboration with full data security, control for IT, and a consumer-like experience that users love. Citrix offers vertical-specific capabilities resulting in customer operational transformation.
Mobile device management (MDM) is a key element of secure enterprise mobility but it s only part of the solution. To meet the complex needs of your mobile workforce, you also need to provide a single point of distribution and access for business apps, secure mobile email and a secure, controlled way for people to access, sync and share data on any device they use. Consumer-grade apps and services not only lack robust security; they also fail to provide the business-oriented features people need to access data wherever it s stored, and share it securely with third parties. Only a truly comprehensive yet simple-to-use mobility solution can address the full range of enterprise requirements while ensuring full adoption. To realize full value for your enterprise mobility investment, your solution should be fully integrated with existing systems from productivity apps to virtual desktops to provide a truly seamless experience for every mobile scenario and use case. Organizations face the critical need to deploy enterprise-grade capabilities that meet industryspecific compliance requirements. Citrix takes the time to understand the specific needs of these customers, and develops services that offer more vertical-specific capabilities. This paper provides a comprehensive overview of 10 popular use cases * describing how the combination of Citrix XenMobile with Citrix ShareFile addresses enterprise mobility requirements: 1. Optimizing workflows for mobility 2. On-the-go content editing for the mobile workforce 3. Gathering, storing and sharing information securely from the field 4. HIPAA-compliant mobile medicine 5. Signing and printing documents in real time for real estate, banking and financial transactions and legal contracts 6. Connecting to physical and virtual apps and data 7. Data sharing with extra security for industries that require strict IT oversight 8. Supporting secure mobile BYOD 9. Instant and secure access to data for sales, marketing, boards of directors, CEOs and training department 10. Flexible data storage options to meet compliance standards on-premises, in the cloud or a hybrid of both *This list is not all-inclusive. For more information on additional use cases, please contact a Citrix Sales Representative or visit www./contact. 2
Why organizations need an effective EMM solution that includes secure file sharing The fast pace of global business places new demands on the enterprise. To seize emerging opportunities and respond to competitive challenges, companies need to expand beyond core markets and customer segments, and re-engineer existing lines of business to meet new requirements. They must be able to deploy people, empower teams and adapt their organization more quickly, whether by embedding key personnel at customer or partner locations, forming work groups across geographies or completing strategic acquisitions or divestitures. The business as a whole must become more agile, responsive and fluid. IT has a key strategic role to play in this dynamic business environment. By providing self-service access to resources, IT can empower users and lines of business to address their own technology needs quickly and intuitively while freeing its own personnel to drive business and profitability through new types of services. As decentralized information structures proliferate, people depend on IT to make it simple to access and share information wherever it resides. They also count on easy access to their mobile workspace regardless of the device they choose, with a great experience no matter where or how they connect. While expanding access to data, apps and other services, IT must also ensure comprehensive security for corporate resources without burdening users or raising barriers to productivity. The ideal EMM solution: Citrix XenMobile combined with Citrix ShareFile for integrated, full-featured enterprise mobility Citrix offers the industry s most comprehensive solution to empower mobility and manage mobile apps, data and devices. Businesses can now address the full requirements of enterprise mobility through an integrated solution powered by Citrix XenMobile for mobile device management (MDM) and mobile application management (MAM), and including Citrix ShareFile for secure file sync and sharing on any device. The Citrix solution provides the business-focused features people need, with a high quality experience that users love, while ensuring full control and security for IT. XenMobile provides complete MDM and MAM capabilities for secure enterprise mobility management. IT can provide single-click access to mobile, web, datacenter and Windows apps from a unified app store, including integrated productivity apps with a great user experience. XenMobile also provides business-grade secure Worx email, browser and calendar apps to avoid the security gaps that can be introduced by consumer-grade apps. IT gains identity-based provisioning and control of apps, data and devices, automatic account de-provisioning for terminated users and selective wipe of lost devices. Integrated MDX app container technology enables data encryption, password authentication, secure lock and wipe, inter-app policies and micro VPNs to mobile apps. 3
ShareFile, an integrated feature of XenMobile Enterprise, lets you deliver a secure, robust data sync and sharing service that meets all of the workforce s mobility and collaboration needs. A rich, consumer-style experience makes it simple for people to store and sync data across all their devices from any network location. IT is able to maintain a high level of management and control over file and data sharing, with absolute flexibility to choose where data will be stored, robust device security policies, consistent security policies across devices, comprehensive auditing features and integration with Microsoft Active Directory. As an integral part of the Citrix strategy for secure enterprise mobility, the solution lets you use ShareFile as the flexible underlying data platform for virtual desktops and enterprise mobile app stores, serving as a secure data repository for both Citrix mobile apps as well as third-party apps. Integration with existing enterprise systems extends the solution s utility for both users and IT, while ready adaptability to any future Windows migrations, new platforms and devices ensures a future-proof investment. A comprehensive overview of 10 popular use cases Understanding the importance of both user experience and security, Citrix designed the solution to win adoption through business-oriented features and seamless integrations to aid productivity, while ensuring that enterprise data remains secure. The value of the solution can be seen clearly in the use cases explored below. 1. Optimizing workflows for mobility The Citrix solution is designed to provide a simple, secure and productive experience for a broad variety of use cases. The integration of XenMobile with ShareFile, complemented with the suite of Worx productivity apps integrated with XenMobile, improves mobile workflows by reducing the number of steps it takes to complete a task. For example, someone who wants to create a note containing information from an email can do so directly from the body of the email in WorxMail, which automatically launches the WorxNotes app to create the note. This eliminates the need to cut and paste information from the email, open a third-party note-taking app and then paste the 4
information into the note. WorxNotes supports ShareFile data policies, making it a seamless experience for medical personnel to create HIPPA-compliant notes that follow all relevant data sharing policies. These are among the many ways the integration across the Citrix solution delivers a superior user experience that allows people to work more quickly and efficiently. 2. On-the-go content editing for the mobile workforce Many mobile professionals prefer to leave their laptop behind and carry a tablet instead but still need a way to revise documents while on the road. A salesperson using a company-issued ipad might need to make changes to a quarterly sales presentation en route to a meeting, adding several new slides emailed by a colleague which will make the presentation much stronger. First, the salesperson uses WorxMail, the secure corporate email app included in XenMobile, to access the email. Before connecting to the corporate network, XenMobile checks that the device is in compliance with IT policies, including verifying that it has not been jailbroken or otherwise compromised. The attached slides can then be opened in ShareFile and saved into the salesperson s ShareFile repository, which also holds the original presentation, without actually downloading any content to the device itself. Once the salesperson has added the new slides to the presentation and made a few other revisions using the built-in ShareFile mobile content editor, without the need or security exposure of a third-party app it gets stored back in the ShareFile folder automatically. The report has never been stored on the device and all data has been encrypted while in transit to ensure full security for the sensitive financial data discussed in the presentation. 3. Gathering, storing and sharing information securely from the field Law enforcement officers, insurance adjusters, members of the media and professionals in many other fields depend on the ability to gather, store and share information securely from the field. A law enforcement officer arrives at a crime scene to collect evidence and documentation. To capture the crime scene narrative, video and photographic evidence, the officer uses a tablet managed by XenMobile MDM, which provides complete device security to prevent unauthorized access or tampering. Once complete, the officer can use the Worx suite of mobile productivity apps included with XenMobile to combine the audio, photo and video files into a single WorxNotes, where he will also add any subsequent interview and audio interviews, notes and other information needed to file the report. The officer can securely distribute and share the WorxNotes with colleagues inside or outside the department over the course of the investigation and 5
prosecution, and can save the WorxNotes to ShareFile for easy retrieval and distribution in the future. All files are stored at rest with AES 256-bit encryption, and lost or stolen devices can be wiped remotely to prevent data leakage. Similar use cases apply in insurance, press, military and other fields. 4. HIPAA-compliant mobile medicine Healthcare today extends far beyond the clinic walls. A visiting home nurse attends to an elderly patient in her home. He uses a medical mobile app secured by Worx SDK to take the patient s vital signs, and also photographs a rash she has developed on her arm, and uploads these to her patient folder to discuss with a physician at the clinic later in the day. These files are transferred through ShareFile over a secure SSL/TLS connection. A passcode lock feature leverages the mobile device s encryption capabilities to enforce encryption for all ShareFile data on the device. Citrix helps healthcare providers exchange large files with medical groups, health systems, payors, patients and third parties without the hassle of FTP and fax or the delays of courier or postal services, and helps IT address data compliance and security. Users can collaborate in real time and share protected health information (PHI) through a custom-branded portal and secure email anywhere, from any computer or mobile device. On the backend, ShareFile Cloud for Healthcare provides a secure data storage enclave dedicated solely to protected health information (PHI), helping the nurse s healthcare organization maintain compliance with the Health Insurance Portability and Accountability Act (HIPAA). 5. Signing and printing documents in real time for real estate, banking and financial transactions and legal contracts Although many organizations have adopted paperless practices, many vertical markets still require signed hardcopy documents. The real estate manager for a large organization needs to be able to keep up with the flow of paperwork over the course of the day without getting bogged opening, printing, signing, scanning and re-printing each document in turn. This is especially true when the manager hope to maintain full productivity while away from the office with no printer or scanner available. The integration between WorxMail and ShareFile provides a simple, secure way for the manager to edit and sign documents from anywhere, on any device. When the manager receives an encrypted message and attachment in WorxMail, he can open the Word or PDF document within ShareFile without needing to enter additional passwords or credentials, use the advanced editing capabilities in ShareFile to modify the document, and then add his digital signature in the right size and place. Once the document has been signed, it can be sent to a local printer without launching any additional applications. This is also a key feature for sales teams, making it much easier to send contracts to customers and prepare client-facing documents that require signatures. You can easily specify signers, type subject and message, and send from RightSignature, creating a positive customer impression while saving a tremendous amount of time. Digital signatures requires businesses to have RightSignature accounts. 6
6. Connecting to physical and virtual apps and data The XenMobile and ShareFile solution is optimized for use with virtual apps and desktops, including those powered by Citrix XenApp and Citrix XenDesktop. With the ShareFile on-demand sync capability, users are able to view all their files and folders as if they reside within the virtual desktop; however, the file will download and sync only when the user wants to view, edit, save or share, helping IT cut storage costs and optimize performance. But there are instances when connecting to a physical desktop or laptop from another device is needed to continue work seamlessly, without having to start over launching apps and opening files. While apps are often virtualized and data is often available in content repositories, some apps and content remain on your physical PC. The WorxDesktop productivity app provides a simple workflow that can greatly improve user experience and productivity through follow-me data and apps. To set up the app, users subscribe to individual resources; this causes the corresponding application icons to appear in their mobile workspace, which can be accessed on any device. Because subscriptions are indexed in the XenMobile App Controller database rather than a clientside cookie, they are fluidly maintained as a user migrates from one device to the next. All the user needs to do is leave an app or file open on her desktop, and then resume working from a mobile device. This is especially useful for maintaining productivity during ad hoc trips away from the office, such as lunch breaks, doctor s appointments or while commuting. If the app in use requires Adobe Flash a roadblock for ios devices the user can run the app on the desktop or laptop itself, using the mobile device to control it remotely. 7. Data sharing with extra security for industries that require strict IT oversight The XenMobile and ShareFile solution provides complementary security capabilities that let IT empower complete enterprise mobility with application-level and device-level security while ensuring security for corporate data on any device people use. ShareFile allows IT to determine how sensitive data is stored, accessed and shared. Advanced security features including remote wipe, device lock, passcode protection, white/black listings and data expiration policies ensure complete control of enterprise data. Robust reporting and auditing features enable IT to track and log user activity in real-time and create custom reports to meet corporate data policies and compliance requirements. ShareFile supports integration with Active Directory via SAML or XenMobile. Two-factor authentication can be added for a higher level of security. ShareFile encrypts all user documents in transit and at rest. IT can exert tight control with granular policies, similar to those of WorxMail, to prevent leakage of sensitive enterprise information and access to sensitive files in the event a device is stolen or a user leaves the organization or changes roles. XenMobile provides mobile device security by enforcing device-level security policies and allowing IT to push down profiles and certificates to enrolled devices for even greater configuration and control. Using ShareFile with XenMobile provides IT with enterprise directory (e.g., Active Directory) integration capabilities for easy, enterprise-wide provisioning and deployment of user accounts. The combined power of XenMobile and ShareFile enhances authentication and data security while giving users the freedom and flexibility to access, share and sync data on multiple devices. 7
Layered Security Features Companies are able to keep business information safe on any device and support privacy and compliance with robust reporting and auditing. With the MDX wrapping capabilities built into the XenMobile product, companies can rest assured their data and mobile devices will be secure. 8. Supporting secure mobile BYOD To fully empower users on BYOD devices while maintaining security, IT needs a way to ensure that corporate apps and data will remain separate from any personal content the devices may contain. The integration of XenMobile and ShareFile enables IT-managed mobile apps to intelligently interoperate with ShareFile to open, edit, sync and share data within a secure container. IT can use XenMobile to manage the apps and data that go into this container; any app that is MDX-ready can be fully containerized for store, sync, share and edit. Apps in the container can be updated, provisioned and modified automatically based on IT policies. Network settings such as SSL, encryption and app-specific VPNs can also be included in the container to make it simple for people to connect the right way in any setting. The container can be wiped remotely in the event of loss, theft, and device upgrade or employee departure. 9. Instant and secure access to data for sales, marketing, boards of directors, CEOs and training departments IT needs an efficient way to manage and secure mobile access across devices and scenarios. The Citrix solution allows granular policy enforcement to control the resources people can access and how they can be used. IT can grant users download-only access to data or full upload/edit/delete rights depending on their location, network location, role, device and other criteria, and can also define required password complexity, restrict the number of downloads available to a given user and expire links to files for even stricter control. Email domain blacklists and whitelists let IT set parameters for data sharing. For authentication and authorization, ShareFile integrates easily with Active Directory via SAML tools including ADFS, Ping, CA and Salesforce.com. IT can also use XenMobile to support role-based provisioning and deprovisioning, two-factor authentication, policy-based controls and real-time application monitoring. 8
Sales teams use ShareFile for instant access to the latest and most up to date sales presentations, videos, product catalogs, training materials, and contracts. This makes them more productive, so they can spend more time talking with customers and closing deals. Marketing groups and training teams can easily make the latest marketing collateral or training material available for the mobile sales force on mobile devices, distribute sales enablement resources quickly, collaborate among the group and ensure communications are secure. The user location security feature is gaining popularity among many organizations that prepare company confidential board books that contain highly secure content. Once board books are prepared, they are stored electronically in ShareFile, where the administrator can assign specific viewing rights and location requirements to control who can view them and where. For example, the board book can only be viewed while in the corporate headquarters; once the user exits the building, he can no longer view it. This prevents company secrets from being viewed by nonauthorized users and also helps protect against issues that arise when an authorized user s computer is lost or stolen. Secure file management is also important. The Citrix solution offers additional security features including remote wipe, device lock, passcode protection, white/black listings and data expiration policies to allow you to determine exactly how sensitive data is stored, accessed and shared. IT can track and log activity in real time and create custom reports to meet compliance requirements. Customers can also maintain data encryption key ownership with ShareFile StorageZone in Microsoft Azure. 10. Flexible data storage options to meet compliance standards on-premises, in the cloud or a hybrid of both While IT works to empower users with freedom of movement, it must also control the location of data storage in order to meet data sovereignty, corporate security, compliance standards, performance and costs. The ShareFile StorageZones feature in ShareFile lets you choose where corporate data is stored: either in Citrix-managed secure cloud storage options, in customermanaged StorageZones to leverage your own on-premises or cloud-based storage infrastructure, or in a combination of the two. With Citrix-managed StorageZones, you can choose to store your data in one of several worldwide locations managed by Citrix, including Microsoft Azure or Amazon Web Services enterprise-class datacenters that use the most advanced encryption standards available. To meet data sovereignty and compliance requirements, you can also choose to place some or all of your data in a customer-managed StorageZones within your own datacenter. Customer-managed StorageZones can be integrated easily with your existing infrastructure as the solution is designed to support any Common Internet File System (CIFS)-based network share and Microsoft Azure s binary large object storage. The flexibility to choose where your data is stored also helps you optimize performance by placing files and folders in close proximity to the people who use them. 9
The Citrix solutions also lets you mobilize existing network shares, SharePoint or any other ECM system. IT can provide instant mobile access to data on existing network file drives and SharePoint, which can t ordinarily be accessed outside the corporate network or on mobile devices. In addition, through the use of the ShareFile StorageZones Connectors SDK, IT can develop connectors to any enterprise content management (ECM) system, thereby expanding the types of data people can access and edit on the go via ShareFile. XenMobile Architecture Figure 1 shows a high-level, simplified view of the Citrix EMM solution architecture. It s important to note that Citrix has the unique ability to deliver any application to mobile devices. Windows apps represent the largest majority of apps today, and they re not going away any time soon. Customers who also use Citrix Receiver and XenApp or XenDesktop can publish and deliver any Windows application through a private unified app store. We also make it possible for people to download all their apps, of all types mobile, web, SaaS and Windows from the same, single store to their mobile devices. No other vendor can offer this today as part of a complete EMM solution. Figure 1: Citrix EMM solution architecture ShareFile Architecture Figure 2 shows a high-level, simplified view of the ShareFile architecture. It consists of three components: 1. The client, accessing the ShareFile service through one of the native tools, or directly through the API. 2. The control plane, which performs functions such as storing file and folder metadata, account information, access control, reporting and various other brokering functions. 3. The storage plane, where the actual customer files are hosted, which can be hosted by Citrix or on-premises by the customer. Clients communicate with both the control plane and the storage plane, and the control plane and the storage plane communicate with each other as well, but customer files will never travel from the storage plane to the control plane. 10
Figure 2: Citrix ShareFile architecture Conclusion MDM is an essential capability to enable secure enterprise mobility, but it s only the beginning. To close the security gaps introduced by consumer grade email and file sharing apps and give people the business-oriented features they depend on to be fully productive your enterprise mobility management solution needs to include enterprise-grade file sync and sharing. Citrix XenMobile Enterprise Edition includes Citrix ShareFile Enterprise Edition to enable people to sync, share, open and edit data in corporate apps on any device they use while IT maintains security and control. The combination of consumer-like ease of use, features and workflows designed for business, and enterprise-class security provides an optimal user experience for use cases throughout the enterprise, from BYOD and follow-me access, to on-the-go productivity outside the office, to storage compliance for IT. People and organizations are empowered to achieve full productivity wherever business takes them. Corporate Headquarters Fort Lauderdale, FL, USA India Development Center Bangalore, India Latin America Headquarters Coral Gables, FL, USA Silicon Valley Headquarters Santa Clara, CA, USA Online Division Headquarters Santa Barbara, CA, USA UK Development Center Chalfont, United Kingdom EMEA Headquarters Schaffhausen, Switzerland Pacific Headquarters Hong Kong, China About Citrix Citrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to enable new ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler and people more productive. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at www.. Copyright 2014 Citrix Systems, Inc. All rights reserved. Citrix, XenMobile, ShareFile, WorxMail, WorxNotes, WorxDesktop, XenApp, XenDesktop and StorageZone are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies 1014/PDF 11