Advanced Service Desk Security



Similar documents
Citrix GoToAssist Service Desk Security

GoToMyPC Corporate Security FAQs

Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide

Microsoft Dynamics CRM 2015 with NetScaler for Global Server Load Balancing

5 Reasons Why GoToAssist Remote Support and Service Desk Go Better Together

Secure SSL, Fast SSL

Provisioning ShareFile on Microsoft Azure Storage

Solutions Guide. Deploying Citrix NetScaler for Global Server Load Balancing of Microsoft Lync citrix.com

Solutions Guide. Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB. citrix.com

Citrix Lifecycle Management

Comprehensive Enterprise Mobile Management for ios 8

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

Mobilize with Enterprise-Grade Security and a Great Experience

Microsoft SharePoint 2013 with Citrix NetScaler

Powering Real-Time Mobile Access to Critical Information With Citrix ShareFile

The Office Reinvented: Mobile Workspaces are the Future of Work

Top Three Reasons to Deliver Web Apps with App Virtualization

Citrix ShareFile Enterprise: a technical overview citrix.com

The Always-on Enterprise: Business Continuity Scenarios that Work

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler

How To Use Netscaler As An Afs Proxy

Deploying XenApp on a Microsoft Azure cloud

Citrix desktop virtualization and Microsoft System Center 2012: better together

Citrix Solutions. Overview

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

Fullerton India enhances its employee productivity and efficiency with Citrix XenDesktop

Configuring Citrix NetScaler for IBM WebSphere Application Services

Citrix ShareFile Enterprise technical overview

Single Sign On for ShareFile with NetScaler. Deployment Guide

How To Get Cloud Services To Work For You

Using Vasco IDENTIKEY Server with NetScaler

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

Design and deliver cloudbased apps and data for flexible, on-demand IT

Enabling mobile workstyles with an end-to-end enterprise mobility management solution.

Enterprise- Grade MDM

Solutions Brief. Citrix Solutions for Healthcare and HIPAA Compliance. citrix.com/healthcare

The falling cost and rising value of desktop virtualization

icrosoft TMG Replacement with NetScaler

Powering real-time mobile access to critical information with ShareFile

Modernize your business with Citrix XenApp 7.6

Solution Guide for Citrix NetScaler and Cisco APIC EM

Deploying NetScaler Gateway in ICA Proxy Mode

Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview

Taking Windows Mobile on Any Device

Safeguard Protected Health Information With Citrix ShareFile

Trend Micro Cloud Security for Citrix CloudPlatform

Citrix XenServer Industry-leading open source platform for cost-effective cloud, server and desktop virtualization. citrix.com

The Trainer s Guide to Using Video Streaming, Video Conferencing and On-Demand Video

Secure Data Sharing in the Enterprise

Solution Guide. Optimizing Microsoft SharePoint 2013 with Citrix NetScaler. citrix.com

Run Skype for Business as a Secure Virtual App with a Great User Experience

Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall

Bring your own device freedom

Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview

ShareFile Enterprise technical overview

Secure remote access

Citrix Support and Maintenance Services

Citrix Workspace Cloud Apps and Desktop Service with an on-premises Resource Reference Architecture

Optimizing service assurance for XenServer virtual infrastructures with Xangati

Solution Brief. Deliver Production Grade OpenStack LBaaS with Citrix NetScaler. citrix.com

NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

Desktop virtualization for all

Data Center Consolidation for Federal Government

Mobility and cloud transform access and delivery of apps, desktops and data

Virtual desktops in hospitals: streamlining clinical workflows

The fastest, most secure path to mobile employee productivity

NetScaler carriergrade network

Desktop virtualization for all

Maximizing Flexibility and Productivity for Mobile MacBook Users

GoToAssist Remote Support HIPAA compliance guide

Features of a comprehensive application security solution

The top 5 truths behind what the cloud is not

Deploying NetScaler with Microsoft Exchange 2016

How To Install A Citrix Netscaler On A Pc Or Mac Or Ipad (For A Web Browser) With A Certificate Certificate (For An Ipad) On A Netscaler (For Windows) With An Ipro (For

Three ways companies are slashing IT costs with VDI

Windows XP Application Migration Checklist

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

Corporate and Payment Card Industry (PCI) compliance

Deploying XenApp 7.5 on Microsoft Azure cloud

SolidFire SF3010 All-SSD storage system with Citrix CloudPlatform Reference Architecture

What s Missing from Your BYOD Strategy?

White paper. Microsoft and Citrix VDI: Virtual desktop implementation scenarios

Solve the application visibility challenge with NetScaler Insight Center

XenApp and XenDesktop 7.8 AppDisk & AppDNA for AppDisk technology

Advanced virtualization management for Hyper-V and System Center environments.

BlueCat Networks Adonis and Proteus on Citrix NetScaler SDX Platform Overview

Transcription:

Advanced Service Desk Security Robust end-to-end security measures have been built into the GoToAssist Service Desk architecture to ensure the privacy and integrity of all data. gotoassist.com

Many service desk operations regularly deal with sensitive data, and support organizations and IT teams are rightly concerned with security. With the worldwide surge in privacy breaches, malware, viruses and denial-of-service attacks, it s important to scrutinize each and every IT solution to see that it is employing the most up-to-date and effective security measures available. This white paper outlines the measures that GoToAssist Service Desk utilizes to minimize security risks. Citrix considers the security of your information to be of the highest importance. Security is not an afterthought to functionality, but a key element that is designed and built into our systems from the ground up. Security encompasses all aspects of GoToAssist Service Desk, from the software to the facilities to the personnel developing and operating the service. Extensive measures have been undertaken to maintain the privacy and integrity of all data managed by GoToAssist Service Desk. This white paper describes some of those measures, including access controls, physical and operational security, data security and software development lifecycle security. Protecting the front door An essential element of information security is the reliable identification and authentication of those accessing the information. Every manner of application, data and network security could be applied to a system, but if we were not able to reliably identify those accessing the system, all our efforts toward security would be in vain. For this reason, GoToAssist Service Desk, as with all Citrix SaaS offerings, places great emphasis on user authentication. To begin with, all users must be registered using a valid email account, which is associated with an identified organization. No guest or anonymous access to the system is permitted. In addition, numerous techniques are employed to detect and prevent unauthorized account access, such as complex password enforcement, soft and hard account lockout triggered by repeated unsuccessful log-in attempts and the logging and continuous monitoring of account probing and other anomalous behavior. Once a user is authenticated, continued access to the system is dependent upon the presence of a set of security tokens exchanged with the client during the authentication process. These tokens, or session identifiers, are protected using advanced web security mechanisms, including the use of cryptographically strong pseudo-random number generators and session hijacking/fixation countermeasures. All access to GoToAssist Service Desk, whether pre- or post-authentication, is permitted only over connections that are secured with SSL/TLS. Any connection attempt that is not using SSL/ TLS will be refused. Because of this security requirement, organizations and users can be gotoassist.com 2

confident that information passed between GoToAssist Service Desk and the user s browser or mobile app will be safe from would-be eavesdroppers and potential man-in-themiddle attacks that rely upon an initial HTTP (unsecured) connection. A secure foundation Although protecting the front door is essential, if the networks and systems that host a service are not themselves secure, the service may still be vulnerable. The successful penetration and compromise of the service can occur without passing through the front door at all. This, of course, is the reason that GoToAssist Service Desk is built upon a foundation of network, host and physical security. All web, application and database servers supporting Service Desk reside within highly secured worldwide datacenters. Physical access to these datacenters is actively monitored and restricted to authorized personnel only. The servers themselves are hardened to stringent Citrix standards and dedicated to running only those services required to support GoToAssist Service Desk. Citrix policy requires that all servers remain up to date with the latest security patches and undergo periodic reassessment through both internal and independent auditing and penetration testing. Network access to the systems hosting GoToAssist Service Desk is strictly controlled through firewalls and other network security devices designed to detect and respond to various attacks, including but not limited to denial-of-service (DoS) attacks originating from the Internet. Backend servers and services are never directly accessible to external systems or personnel. Furthermore, multiple levels of host and network security are employed to ensure that only authorized access is permitted between backend systems, effectively containing any potential internally leveraged attacks. Access to and activity on all systems is centrally logged and actively monitored for anomalous patterns or behavior. How safe is your data? Once your information has been entered into the GoToAssist Service Desk system, it is secured with multiple levels of access controls. Only those users explicitly granted access to your information may view or modify it. The design of the system requires that every access request pass through an authorization subsystem that verifies the access rights of the user before allowing the request to proceed. Unlike some data management systems, GoToAssist Service Desk does not include the concept of root access. This helps to ensure the privacy of your information, even against inadvertent or other internal exposure. Sensitive configuration information, passwords and keys are secured using the latest in cryptographic technology. Passwords are secured through a uniquely salted, one-way (irreversible) password hashing mechanism that ensures protection against exposure even to internal personnel with access to the storage systems and/or encryption keys. Security by design In addition to the many security measures already described, GoToAssist Service Desk was built and continues to be developed using processes that guarantee the priority of security at every stage of the development lifecycle. At Citrix, every significant design and architectural decision must undergo a review process known as threat modeling, in which all foreseeable threats to the system are evaluated and measured in light of the gotoassist.com 3

proposed design/architectural features. Additionally, all code is required to be assessed for security flaws via static analysis, while all new and updated systems must be scanned and tested for security weaknesses using industry-leading manual and automated application vulnerability assessment tools. Finally, the entire deployed system is subject to continuous 24/7 vulnerability scanning and security analysis by an independent, industryleading security firm. Our attention to secure product design is one of the reasons Citrix is the global market leader and one of the most-trusted names in IT support solutions. Citrix customers include 100 percent of the Fortune 100 and 99 percent of the Fortune Global 500, as well as hundreds of thousands of small businesses and individuals. Availability All the protection measures in the world will prove meaningless if you cannot access your information or systems when needed. Thus, one of the primary concerns with information security is availability. With GoToAssist Service Desk, the continued availability of your information is achieved in several ways. First, the Citrix datacenters that host your information incorporate system redundancy throughout in order to ensure resiliency in the face of outages due to failure or attack. Additionally, for the purposes of scalability and reliability, load balancers transparently distribute incoming requests among multiple Citrix servers. As mentioned above, security devices are also in place in every Citrix datacenter to implement countermeasures to denial-of-service (DoS) attacks. With regard to the prevention of unintended destruction or corruption of information, all Service Desk systems are backed up daily, and encrypted backups are securely replicated to multiple, geographically separated datacenters for disaster recovery purposes. Additionally, the Service Desk interface includes two independent protection mechanisms that require explicit user acknowledgement before executing any destructive requests and additionally provide for the recovery of inadvertently deleted data. Summary Security of data is more important than ever, and Citrix places a major focus on this across all levels of GoToAssist Service Desk. We have put in place a formidable array of security countermeasures so that our customers can use GoToAssist Service Desk with confidence. Nevertheless, we recommend that you perform your own appropriate best-fit analysis to make sure our service meets your security requirements. We invite you to talk to a GoToAssist Service Desk representative today to discuss your needs and answer any questions you may have. gotoassist.com 4

Corporate Headquarters Fort Lauderdale, FL, USA Silicon Valley Headquarters Santa Clara, CA, USA EMEA Headquarters Schaffhausen, Switzerland India Development Center Bangalore, India Online Division Headquarters Santa Barbara, CA, USA Pacific Headquarters Hong Kong, China Latin America Headquarters Coral Gables, FL, USA UK Development Center Chalfont, United Kingdom About Citrix Citrix (NASDAQ:CTXS) is a leader in virtualization, networking and cloud services to enable new ways for people to work better. Citrix solutions help IT and service providers to build, manage and secure, virtual and mobile workspaces that seamlessly deliver apps, desktops, data and services to anyone, on any device, over any network or cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler and people more productive with mobile workstyles. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million people globally. Learn more at www.citrix.com. Copyright 2014 Citrix Systems, Inc. All rights reserved. Citrix, GoToAssist, GoToMeeting, GoToMyPC, GoToTraining, GoToWebinar, OpenVoice, Podio and ShareFile are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies. 11.25.14/293302/PDF gotoassist.com 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information