Editor’s Note: Eric Ogren, a frequent contributor to SearchSecurity.com, is guest blogging today. Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. He can be reached by sending an email to firstname.lastname@example.org.
Citrix Systems’ XenApp can appear complex, but it could boost security by centralizing applications in the data center.
Citrix Systems’ XenApp, its flagship application delivery product line, can appear to require a complex chain of moving parts that can be difficult for prospects to understand. However, existing customers that are saving operational expenses consolidating data centers may also find improvements in the latest version of XenApp to manage user authentication and access control and conduct application auditing as a result of delivering applications from fewer virtual data centers.
Citrix announced improvements to XenApp last month. The latest release is focused on integrating the components of XenApp to enable existing customers to more easily expand the use of Citrix throughout the enterprise.
The primary security benefits of hosting applications in the data center are well known – data remains in the protected data center where it is easier to secure, the risk of data loss through insecure endpoints is dramatically reduced allowing the business to embrace a variety of user friendly devices such as smartphones and shared devices. Applications are patched and upgraded in a centralized controlled environment reducing the risk of skewed software configurations.
- Consistent authenticated access control to applications: The Citrix account authority consolidates administration of authentication, application access controls, single sign-on and user profiles. Users authenticate once to the data center where IT can then use single sign-on techniques to automate authentication to individual applications and virtual desktops. The immediate benefits of this approach is to reduce the security risk of extraneous user accounts and passwords, as well as lowering help desk costs for password support while making it easier for users to run business applications.
- Transparent auditing of application access and transactions for compliance: Citrix SmartAuditor works with XenApp 5 to log application access and record activity for compliance with regulatory requirements. Auditing may be difficult to achieve when applications are distributed throughout the enterprise, but it becomes more reasonable as applications are hosted in fewer data centers.
- Achieve Network Access Control functionality without additional NAC products: The main feature of NAC is to ensure user desktops are configured according to security policy before granting access to applications. This normally includes checks for endpoint security software, but can also include checks and remediation for custom software. IT provides users with secure virtual desktops that are compliant with the latest releases of software and up-to-date security software. XenApp 5 can stream the entire virtual desktop to the endpoint if the user needs to work disconnected from the network or needs to compensate for unreliable network performance. By packaging virtual desktop images with the most up-to-date software that has been pre-scanned for malicious code, IT gets the cost-savings benefits of automated NAC features without having to deploy additional products.
The concentration of hosted applications and virtual desktops in the datacenter is a concept that delivers incremental security benefits with the fundamentals of user identity management, controlling application access, managing the integrity of software configurations and auditing business activity. This is in addition to the operational benefits of efficient administration, equitable service to users, and lesser operating expenses. As you plan to virtualize more applications and increase the density of applications per server, be sure to also look at opportunities to streamline security services and plug security gaps in user and device management.