White Paper. Securing Mobile Applications and Data with Citrix XenMobile EMM. citrix.com



Similar documents
White Paper. Secure Mobile Collaboration with Citrix XenMobile and ShareFile. citrix.com

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

The fastest, most secure path to mobile employee productivity

Mobilize with Enterprise-Grade Security and a Great Experience

Citrix ShareFile Enterprise technical overview

Comprehensive Enterprise Mobile Management for ios 8

ShareFile for enterprises

ShareFile Enterprise technical overview

White Paper. The Value Add of Citrix Enterprise Mobility Management over App Configuration for the Enterprise. citrix.com

How four Citrix customers solved the enterprise mobility challenge

The Office Reinvented: Mobile Workspaces are the Future of Work

Deploying NetScaler Gateway in ICA Proxy Mode

Eight steps to fill the enterprise mobile application gap

Secure Data Sharing in the Enterprise

Enabling mobile workstyles with an end-to-end enterprise mobility management solution.

Mobile Application Management with XenMobile and the Worx App SDK

What s Missing from Your BYOD Strategy?

10 Essential Elements for a Secure Enterprise Mobility Strategy

Citrix Lifecycle Management

Powering Real-Time Mobile Access to Critical Information With Citrix ShareFile

Powering real-time mobile access to critical information with ShareFile

Bring-Your-Own-Device Freedom

Enterprise mobility management: Embracing BYOD through secure app and data delivery

Safeguard Protected Health Information With Citrix ShareFile

Citrix ShareFile Enterprise: a technical overview citrix.com

Taking Windows Mobile on Any Device

Enterprise- Grade MDM

Solutions Guide. Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB. citrix.com

The Always-on Enterprise: Business Continuity Scenarios that Work

Microsoft Dynamics CRM 2015 with NetScaler for Global Server Load Balancing

Citrix Enterprise Mobility more than just device management (MDM)

Citrix Workspace Cloud Apps and Desktop Service with an on-premises Resource Reference Architecture

Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide

Top Three Reasons to Deliver Web Apps with App Virtualization

Design and deliver cloudbased apps and data for flexible, on-demand IT

Safeguard protected health information with ShareFile

XenMobile Technology Overview

A Secure, IT-approved Alternative to Personal File Sharing Services in the Enterprise

Defend hidden mobile web properties

Advanced Service Desk Security

icrosoft TMG Replacement with NetScaler

Provisioning ShareFile on Microsoft Azure Storage

NetScaler for the best XenApp/XenDesktop access and mobile experience

Single Sign On for ShareFile with NetScaler. Deployment Guide

Bring your own device freedom

Modernize your business with Citrix XenApp 7.6

Get the Most from Your EMM Deployment with Secure File Sharing

Secure remote access

Mobile app containers with Citrix MDX

Citrix desktop virtualization and Microsoft System Center 2012: better together

Subscriber Engagement Suite

Solutions Guide. Deploying Citrix NetScaler for Global Server Load Balancing of Microsoft Lync citrix.com

Five Reasons Why Customers Choose Citrix XenMobile Over the Competition

Run Skype for Business as a Secure Virtual App with a Great User Experience

Solution Guide for Citrix NetScaler and Cisco APIC EM

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler

Three ways companies are slashing IT costs with VDI

Solution Guide. Optimizing Microsoft SharePoint 2013 with Citrix NetScaler. citrix.com

Delivering Business Value Through Mobility

MDM and beyond: Rethinking mobile security in a BYOD world

Top Five Requirements for Secure Enterprise File Sync and Sharing

MOBILITY MANAGEMENT SELECTION GUIDE

Microsoft SharePoint 2013 with Citrix NetScaler

Maximizing Flexibility and Productivity for Mobile MacBook Users

White Paper. Workplace transformation: Unleash innovation and lower costs with new technologies and work environments. citrix.com

How To Use Netscaler As An Afs Proxy

Citrix Solutions. Overview

Deploying NetScaler with Microsoft Exchange 2016

Citrix Enterprise Mobility more than just device management (MDM)

Solutions Brief. Citrix Solutions for Healthcare and HIPAA Compliance. citrix.com/healthcare

VDI and Beyond: Addressing Top IT Challenges to Drive Agility and Growth

Mobility and cloud transform access and delivery of apps, desktops and data

CWS- 300: Deploying and Managing Citrix Workspace Suite

Secure SSL, Fast SSL

Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview

Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview

Implement Mobile Device Management to Deploy HCSS Mobile Apps

XenApp and XenDesktop 7.8 AppDisk & AppDNA for AppDisk technology

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

ShareFile Enterprise for healthcare

White Paper. Optimizing the video experience for XenApp and XenDesktop deployments with CloudBridge. citrix.com

Configuring Citrix NetScaler for IBM WebSphere Application Services

Using Vasco IDENTIKEY Server with NetScaler

Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

Secure remote access

Total Enterprise Mobility

Citrix XenMobile technology overview

Citrix Enterprise Mobility Management Solutions

NetScaler carriergrade network

Optimizing service assurance for XenServer virtual infrastructures with Xangati

Effective hosted desktops

Mobilizing Windows apps

What is an application delivery controller?

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

Enterprise Mobility Management: To Improve Clinician Workflows and Patient Outcomes, Think Beyond the Device

Solutions Brief. A tale of three universities: Increasing access, engagement and learning. citrix.com/education

Transcription:

White Paper Securing Mobile Applications and Data with Citrix XenMobile EMM

As enterprises transition from corporate owned and managed laptops, tablets and smartphones to Bring Your Own Device (BYOD) and Corporate Owned, Personally Enabled (COPE) environments, enterprise mobility management (EMM) has shifted from managing the entire mobile device to securing and managing just the enterprise applications and data each device houses and connects to. Why? When employees mix personal and work lives on a laptop, smartphone or tablet, asserting tight device-level control is a sure path to user dissatisfaction and resistance, not to mention reduced productivity. Instead, current EMM solutions seek a strategy that strikes the right balance between security and user personal flexibility and freedom. They do so through a combination of: Containerization, employing a variety of technologies and strategies that cut off or limit communications between enterprise and personal mobile applications and data, as well as between personal use and access to enterprise datacenter or cloud applications and data. Doing so gives the user the freedom to download and run applications, surf the Web and use social media freely without exposing the organization to sensitive data leakage or the introduction of malware into the enterprise network. It also allows organization to provide stronger controls around its apps and data without having an impact on the privacy of the user. Encryption of all sensitive enterprise data both at rest on the device and in transit over WiFi connections and the Internet, in order to prevent its exposure in the case of device loss or theft. Encryption separate from the device s encryption gives organizations the data protection they need without having to rely on device settings--such as strong device PIN codes--that have an impact on the usability of the device. Secure Mobile File Sharing to provide users with the same or better collaboration and convenience they get from consumer oriented Box, DropBox and other similar services, but with tighter enterprise management and security. Ideally any enterprise file sharing capability should integrate tightly with the enterprise mobility management infrastructure to plug any potential security holes. 2

Many EMM solutions on the market today offer both mobile device management (MDM) and mobile application (MAM) and data management options (MCM), but they go about their offerings in different ways and with different architectures. In this white paper we ll delve into the architecture and elements of the mobile application management and security strategy employed by Citrix XenMobile--with some comparison with equivalent features and elements deployed by other EMM platforms--and show how XenMobile provides some advantages in an environment where users mix their personal and enterprise lives on their mobile devices. MDM is Dead, Long Live MAM While most EMM solutions offer complete packages of MDM and MAM for comprehensive management, many enterprises with BYOD and COPE scenarios have begun placing less emphasis on MDM and more on MAM to avoid employee resistance to corporate restrictions and monitoring of their personal mobile lives. In fact today many organizations seek solutions that can employ robust MAM without MDM. That s why it s important to provide a powerful MAM solution that can stand on its own, securing enterprise applications and data completely independently. Citrix XenMobile is just such a solution and is unique in the EMM market in that is both comprehensive and modular, allowing enterprises to deploy MAM with MDM or MAM completely on its own, with complete assurance that enterprise applications and data will be protected in either case. Most other EMM solutions claim modularity, but the truth is, they don t let you deploy many MAM features without MDM. Why? Many of these solutions take advantage of mobile device operating system management API s to leverage the containerization, encryption, VPN and other features offered by each mobile device platform. They may also leverage other device-specific technologies, such as Samsung Knox, offered by device manufacturers on top of the capabilities offered by the mobile OS. Unfortunately, with these EMM solutions, the only way to harness those capabilities is by enrolling end user devices in an MDM solution, and in many cases they require setting of device-level restrictions that don t differentiate between personal and business use. Citrix XenMobile offers its own MAM features on top of--or even instead of--those capabilities offered by each mobile operating system or function. For example, while other EMM solutions depend on encryption technology built into mobile operating system (requiring a device PIN code to be set), Citrix XenMobile actually provides its own FIPS 140-2 compliant AES 256-bit encryption 3

across mobile platforms. There s no need to enroll a device in XenMobile MDM to take advantage of XenMobile s separate encryption. Another benefit of device-independent encryption: if the device s encryption is compromised in some way, the security of separately encrypted data is not affected. XenMobile also offers its own containerization features via its MDX technology and Worx applications and SDK, which will be discussed later. The advantage of Citrix s independent MAM offerings is not only MAM independence from MDM, but a more consistent application of MAM policies across different devices and device operating systems. Containers are Not All Alike There s another reason XenMobile s approach tends to work better than competing solutions in BYOD and COPE environments. Different client operating systems and even different EMM solutions tend to take different approaches to containerization. One approach, employed by Samsung Knox, Blackberry and some competing enterprise EMM solutions, is to divide the user device into two completely separate workspaces, sometimes called personas: one for personal and one for enterprise use. The enterprise workspace holds all the protected enterprise email and other applications, which are usually available through a specialized enterprise app store, while the personal space contains all the user s personal apps and data. Organizations can leverage these EMM solutions to apply numerous policies to the enterprise workspace, but constantly switching between personas to mix work and pleasure is frequently inconvenient for the user. In fact, users may find this strategy to be the next worse thing to just owning two separate devices. Such a scenario may not only have an adverse impact on productivity, it can lead to user resistance, which in turn can lead to the use of workarounds that expose the organization to security issues, data breaches and malware. Even though these solutions do offer separation between personal and business, they still rely heavily on device-level settings or restrictions, such as device PIN codes, to provide data protection. Citrix takes a different approach that balances enterprise application and data security with a satisfying user experience. Instead of dividing the device and the user experience into completely separate personas, Citrix XenMobile lets users view and access enterprise and personal applications without having to switch constantly back and forth between two separate environments. Instead, using XenMobile s MDX Toolkit and/or Worx SDK, enterprise IT can build MDX into individual enterprise applications with the policies and containerization strategies necessary to protect associated sensitive information. This is important as it provides a more seamless, productive experience for the user at the same time as it provides all the necessary protections for the enterprise. 4

XenMobile MDX Citrix s containerization strategy is based on its MDX technology, which is available to the user via a Worx Home app on his or her device. XenMobile provides its own set of essential enterprise MDXenabled Worx apps in the Worx Store, including a secure but full-featured email client and personal information manager called Worx Mail, a secure Web browser (Worx Web), Worx Tasks and an enterprise-grade note taking application called Worx Notes. WorxMail functions much like the native email and personal information manager client software users know and love on their devices, but adds features, such as suggested meeting times when creating invites, that business users love. A Worx Gallery also offers scores of third-party MDX-enabled enterprise applications. MDX technology includes three core elements: 1. Data protection with active policy enforcement MDX offers more than sixty different policies controlling how MDX-enabled apps can send and receive data and interact with other apps. It can also restrict device/os features when certain risky apps, such as the camera or microphone, are employed. MDX provides the engines needed to enforce these policies within the app at all times without requiring communication to the XenMobile server. These policies are enforced even in airplane mode. 2. Data protection with separate encryption MDX includes its own FIPS-140 validated AES-256-bit encryption library, which encrypts sensitive data within the app completely separately from the device s provided encryption. Separate encryption is offered on all platforms and provides necessary data security without requiring device PIN codes. 3. Data protection over the air MDX technology includes MicroVPNs communicating through the Citrix NetScaler Gateway. NetScaler is also FIPS validated: When combined with XenMobile, it offers an organization a complete end-to-end FIPSvalidated solution. The NetScaler provides the most scalable (with more than 100,000 simultaneous encrypted sessions) secure connectivity to resources located behind the enterprise firewall. In addition to XenMobile and third-party apps. Citrix provides the Citrix MDX toolkit and Worx SDK to organizations and can be used to transform internally developed apps into MDXenabled enterprise applications, often through just a few steps or a single line of code. Once an app is MDX-enabled, enterprises can apply scores of policies and capabilities that ensure the application and its data are always protected. This is a huge benefit for organizations building their own apps. Citrix MDX technology allows the developers to focus on building the 5

best user experience for their app without requiring expertise in building enterprise grade security and access controls. Some of these policies include: Application interaction, document exchange and data flow policies that block, permit or restrict the opening of documents in Worx and non-worx applications, as well as attaching sensitive documents to emails and copying, cutting and pasting information into emails and other application documents. Printing of documents can also be restricted if necessary. User Authentication policies that can require users to input a passcode to unlock the MDXenabled app when it starts or resumes after a configured period of inactivity. A new alternative adds convenience by allowing the substitution of Touch ID for a passcode, where the user is able to access an application through a fingerprint scan on supported ios devices. Other types of multifactor authentication can also be required on an application-by-application basis. Online session policies that require users to have an enterprise network connection to use an app at all times or after a configured offline grace period Geofencing policies that set a maximum geographic radius for application access. So for example, IT can restrict the use of certain enterprise applications when the user leaves the country, travels to untrusted parts of the globe or even when the user simply leaves the enterprise campus. In such instances policies can be configured to simply alert the user or log the action, rather than always locking the application. Kill Pill is a new feature that allows IT to direct MDX-enabled apps to be either locked or wiped if the device isn t able to contact the XenMobile server beyond a configurable interval. This can be particularly useful if a device is switched to airplane mode after falling into unauthorized hands. Encryption in transit can be applied via app-specific micro VPN s that activate every time enterprise applications need to connect to the enterprise network. Micro VPN s are superior to device-level VPN s as they protect the enterprise network from any other applications on the device. XenMobile micro VPN s also use data optimization and compression techniques to ensure only minimal data is transmitted in the quickest time possible, which is advantageous for both data security and the user experience. 6

Encryption at rest through XenMobile s own provided FIPS 140-2-compliant AES 256-bit encryption, which can be applied on top of or instead of the data encryption offered by the device operating system. This encryption is offered on all platforms and does NOT require that device PIN code be enforced (requiring MDM deployment). Selective remote lock and wipe applied to Worx and other enterprise applications only, either after a period of non use, or if a user leaves the organization or reports loss or theft of the device. MAM Security for Worx Apps WorxMail is XenMobile s provided email client and personal information manager software. It s offered to the enterprise as a secure alternative to the device s native equivalent and allows users to manage enterprise email, calendars and contacts on their devices. With WorxMail, all corporate email, contacts, and calendar items are stored completely separate from the personal applications on the device. WorxMail can be configured to be accessed via single signon after the user logs into Worx Home, and offers the same policy options as other MDXenabled applications, including authentication, remote wipe, kill pill, encryption in transit and at rest. IT can also enforce restrictions on email attachments, and printing and cutting and pasting of information from other applications into emails. WorxMail integrates with organizations existing data leakage prevention (DLP) tools, which can be used to monitor and restrict content sent out in enterprise emails. In addition to a full set of features and a familiar interface similar to that of native device email clients, WorxMail offers additional convenience features, such as the ability to view the availability of meeting invitees, include online meetings and phone conferences in new meeting invitations and join online meetings in a single touch. WorxMail integrates tightly with XenMobile s WorxWeb mobile app, so that all email Web links are opened in a secure, sandboxed Web browser environment. WorxMail also integrates tightly with Citrix s ShareFile file sharing application, which is discussed below, so that ShareFile links can be embedded in emails, rather than file attachments, for tighter control over content sharing. Finally, WorxMail integrates with Microsoft Rights Management. Users get single signon to WorxMail when they sign into Worx Home. With the use of Citrix s secure NetScaler Gateway as part of the XenMobile solution, IT can deploy Exchange ActiveSync servers behind the firewall, rather than in the less secure DMZ. 7

WorxWeb is a secure browser alternative that allows IT to place policies and restrictions on Web browsing, particularly when connecting to the corporate network and intranet. WorxWeb now includes PAC file support, which extends proxy access configuration (PAC) files from behind the firewall to the roaming device. This allows all mobile Web traffic to be sent over an encrypted micro VPN to the enterprise or cloud Citrix NetScaler Gateway, which then routes the traffic according to IT configured rules. Organizations can apply policies that govern which Web sites users can and cannot access, what enterprise firewall proxies are used to access them, and analyze and filter URL s to ensure they re safe. Microsoft Office apps can be deployed by the organization via the Worx Store. Organizations can also deploy Worx email apps for Exchange and enforce OS containerization features, cloud backup, open in restrictions, geo-location and numerous other security policies. ShareFile ShareFile is XenMobile s enterprise-class mobile file sharing application, which provides the same or better features and convenience as consumer friendly Box and DropBox, but with enterprise-level security and management. Some of the security features of ShareFile include: Flexible Storage Rather than forcing users to store all information in the cloud, organizations have the flexibility to choose one or more options for file storage. Customers can choose to leverage ShareFile Storage Zones to store shared files either on-premises behind the firewall to meet stringent security, compliance and data sovereignty requirements; in the Citrix ShareFile cloud service; or in another public cloud storage service of their choice. ShareFile can store files on internal CIF based network storage systems and provides connectors for Windows network shares and Microsoft SharePoint so that files don t have to be migrated to another service in order to be shared. Metadata security A special Restricted Zone feature encrypts ShareFile metadata with a customer key so Citrix cannot see or access the names of files and folders. IT can also require users to authenticate to an enterprise server in addition to the ShareFile cloud in order to access their files. DLP and MDX integration allows organizations to apply their existing data leakage prevention tools and policies to ShareFile file sharing. Organizations can also choose to leverage ShareFile s own DLP data classification and restrictions, such as restricting opening of files to certain applications and cutting, copying and pasting text into other files and applications and emails and attaching and printing files. View-only access can 8

be applied to files as necessary. Users can also be required to use ShareFile links in emails instead of file attachments for ShareFile content security, and incoming email attachments can be sent automatically to ShareFile folders. Finally, organizations can use the Worx Store (the XenMobile enterprise app store) to provide access to Worx apps, other mobile apps (either commercial third-party or enterprise developed), Web and SaaS apps, and even Windows desktops and applications based on Active Directory group policies. XenMobile integrates with Citrix XenApp and XenDesktop to provide secure virtual access to enterprise desktop applications behind the firewall when required, with all the security and management advantages these tools provide. As more and more mobile users mix their personal and business lives on their smartphones, tablets and laptops, enterprises will have to adjust to the flexibility and freedom users demand, while still managing and securing the use of enterprise mobile applications and data. MAM provides the key to this crucial mobile balance, increasingly instead of, rather than in addition to, MDM. Citrix XenMobile provides the best EMM solution for deploying robust, comprehensive MAM and enterprise data security in a user empowered mobile environment, without impinging on the user s mobile freedom and productivity. Corporate Headquarters Fort Lauderdale, FL, USA India Development Center Bangalore, India Latin America Headquarters Coral Gables, FL, USA Silicon Valley Headquarters Santa Clara, CA, USA Online Division Headquarters Santa Barbara, CA, USA UK Development Center Chalfont, United Kingdom EMEA Headquarters Schaffhausen, Switzerland Pacific Headquarters Hong Kong, China About Citrix Citrix (NASDAQ:CTXS) is leading the transition to software-defining the workplace, uniting virtualization, mobility management, networking and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power business mobility through secure, mobile workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. With annual revenue in 2014 of $3.14 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at www. Copyright 2015 Citrix Systems, Inc. All rights reserved. Citrix, XenMobile, XenApp,XenDesktop, ICA, Worx Home, WorxWeb, WorxMail, NetScaler Gateway, ShareFile, GoToAssist, Citrix Receiver and StorageZones are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies. 0416/PDF 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information