Citrix Access Infrastructure

How "Secure by Design" provides comprehensive security
Citrix Access Infrastructure is secure by design, providing secure access as a foundation, not an afterthought.  The infrastructure includes features and functions fulfilling all requirements on secure access to corporate data and business applications. 

Data centralization

In a Citrix environment, all applications and information are stored in a data center, and data processing takes place on centrally located, well protected, and easily manageable Citrix servers.  User terminals show screen content only.  Thus, Citrix’ basic approach alone guarantees security:  While users work with their applications, no corporate data is transferred;  solely screen content and keyboard inputs are transmitted.  During the entire working time, data stays “in house,” no matter where the user is located.

Terminal Security

The centralized deployment of data and applications in a Citrix Infrastructure environment enables consistent, efficient, and easy realization of companies’ security strategies and control mechanisms.  In comparison to decentralized environments, there are hardly any security risks with Citrix.  As users are not left alone with security measures, most of the common security threats do not develop at all.  Central data administration releases users from the duty to regularly back up data, too.  This task is taken over by administrators, who back up all data stored in the data center.  Basically and essentially, corporate data is never saved on terminal devices in a Citrix Access Infrastructure.  Therefore data security is ensured, even in case of theft or loss of a company notebook computer. 

Secure Communication over the Internet

In order to secure external access to enterprise resources, Citrix offers three options:  SSL-Relay, Secure Gateway, and Access Gateway.  All of them are based on the SSL standard and encoding communication reliably.  SSL-Relay and Secure Gateway are integrated in the MetaFrame Presentation Server and MetaFrame Secure Access Manager products, and have proved their value and functionality over the years.

Role-based Access Rights

In a Citrix Access Infrastructure environment, users’ access rights are role-based.  Access rights can be set for different user groups so that only certain applications and data are available to them. This way it is guaranteed that sensitive information is only provided to authorized employees.  Additionally, administrators can make sure that all employees receive exactly the information needed in order to efficiently perform their tasks. 

Single Sign-On and Powerful Passwords

More and more applications require a separate password for access and use.  This results in the need for users to remember a large number of passwords.  Users’ memory hooks - be it post-it notes by the screen, or unencrypted data on PCs – facilitate access to those who lack appropriate authorization.  With its single sign-on product, MetaFrame Password Manager, Citrix offers a solution to bridge this security gap:  Users authenticate themselves only once with their network logon.  From there, MetaFrame Password Manager logs on to all applications that require a secondary logon. At the same time, MetaFrame Password Manager generates automatically new, powerful passwords whenever necessary, according to the rules set by the administrator. 

Strong Authentication thanks to Partner Technologies

A Citrix Environment supports numerous methods to authenticate users, such as multi-layer-authentication with smart cards, tokens, biometric scans, and proximity authentication.  Solutions for two-factor authentication are offered by many Citrix technology partners. 

According to many established security standards and legal requirements, Citrix continuously follows legal and industrial security regulations, and ensures that all its products and services comply with these  regulations.  These include FIPS 140-2, Common Criteria and Section 508 Accessibility.

Audit- Reporting

Regulatory requirements and legal regulations, such as the European Privacy Act of Sarbanes-Oxley, often demand extensive reporting, including entire data histories.  Citrix Access Infrastructure offers audit-reporting options.  These options include interaction between terminal devices and Citrix Servers.