by Lyndon-Jon Martin, CTA, Citrix
Citrix offers a SaaS style model allowing organisations of any size, industry to enable + enjoy safe, secure internet browsing of the World Wide Web (WWW) while improving security and securing (un)sanctioned web traffic throughout the corporate network for centralised (Wi-Fi/Wired) and decentralised (VPNs) use cases and scenarios.
Below are a few personal suggested views on why you should consume the Citrix Secure Browsing Service (SBS) – https://docs.citrix.com/en-us/citrix-cloud/secure-browser-service.html today within your modern workplace + workspace, including a simple (and not 100%) architectural diagram.
Architectural Diagram
Suggested: Why Consume The SBS from the Citrix Cloud – https://citrix.cloud.com/
1. When surfing the internet while consuming a Citrix secure browser session, it isolates the employee’s device(s), any connected (un)trusted networks, local vs. remote data access and, of course denies local app(s) interactivity + access to the websites that the employee is surfing (un)trusted, as you are consuming a safe and secure on-demand HTTPS ICA/HDX overlay to a one-time use internet browser hosted within the Citrix Cloud.
2. It allows organisations the ability or opportunity to offer employees the right to browse personal SaaS websites or complete online shopping tasks transactions, pay bills without interacting with corporate systems. This soft feature seems pointless, but if you consume a COPE or BYO model for device you may want to avoid undesired web browsing traffic on your corporate networks. You can also *monitor usage – https://docs.citrix.com/en-us/citrix-cloud/secure-browser-service.html#monitor-usage, which does provide the DOMAIN\USERNAME within the export if you where wondering.
3. Provide a means of access to (un)authenticated external web apps (SaaS). If authenticated, you’ll need to deploy a pair of Citrix Cloud Connectors – https://docs.citrix.com/en-us/citrix-cloud/secure-browser-service.html#integration-with-citrix-workspace in your preferred Resource Location – https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-resource-locations/resource-locations.html.
4. As employees are surfing the WWW (internet) from within an isolated browser, if they do manage to navigate to a compromised or malicious website that can, for example, crypto-jack their browser – https://www.wired.com/story/cryptojacking-took-over-internet/, at least the compromised browser or tab (not using kiosk mode) is isolated within the Citrix Cloud SBS and after a period of no interactivity (IT admin specified) the one-time use browser session they are consuming will be destroyed including any/all threat(s) along with it.
5. For (un)trusted (e.g. collaboration LOB) apps that need to run executables within the browser (e.g. HTML5/JQuery/Node.js etc.), again it’s now isolated to the user’s one-time secure browsing session in Citrix Cloud, so nothing will be installed onto the employees device(s) thus reducing the surf risk attack.
6. If you are like me, you’ll have 10+ internet browser tabs (okay, maybe 50?). All of these are chewing invaluable CPU, RAM and HDD or compute resources dragging down the user’s experience, interactivity and responsiveness. This opinion/view applies to local (native) vs. remote (CVAD) delivered internet browsers. If you set the employee experience to kiosk mode it will negate this, meaning that employees can only access + consume that available LOB resource either integrated into Citrix Workspace, published into on-premises CVAD or available as a magic link (yes, that’s right, but use wisely + monitor usage*). This approach has the added value of further de-risking IP loss as each LOB resource is also isolated from one another in its own HTTP ICA/HDX session or domain per tab. The final benefit is that when consuming kiosk mode, the employee’s experience is pretty seamless and richer, I believe, as there is way less distraction and things to figure out. They can just focus on completing the assigned task(s). It’s worth noting that you can achieve better responsiveness and interactivity of browsers delivered by CVAD using the Resource Manager part of Workspace Environment Manager (WEM) – https://docs.citrix.com/en-us/workspace-environment-management/service.html.
7. Concerned about your employees’ and organisation’s privacy? It seems every time we visit a (e-commerce) website or consume a SaaS service, analytical data about us is stored and processed including stored website cookies etc., which can be processed in real-time vs. later, so that when we visit that web page or service again, it’s already built up a behavioural pattern either for security reasons or worse, to better target you with current vs. future buying habits or what to watch next on a streaming service. As the browser is one-time use, it’s a bit like DuckDuckGo – https://duckduckgo.com “The search engine that doesn’t track you. Help Spread DuckDuckGo!” give it a go as well.
8. Employees that are required to search and browse the internet’s worst-of-the-worst websites for research purposes (e.g., journalists covering sensitive topics) can now do so without compromising their own privacy. But, you still need to educate them, obviously (e.g., don’t put in personally identifiable information [Pii]).
How do you get the Secure Browsing Service?
The most effective method is to consume it with Citrix Workspace Standard Edition and yes, it’s available in all other Citrix Workspace editions as well. Check out the feature edition matrix at – https://www.citrix.com/products/citrix-workspace/. You can consume it in alternative ways too, but you want to provide users with a proper workspace experience that includes SSO and a common front door available anywhere world wide that is easy to remember https://<orgname>.cloud.com/ and login to securely.
Finally, feel free to engage me on social media at the below conversation, drop a comment in the comments field below or DM via your myCUGC account and until next time, safe, secure and happy internet browsing folks.
The views expressed here are my own and do not necessarily reflect the views of Citrix.
[…] supposed to be a series, but it’s now a 3-part series. The first post is available at “Secure Internet Browsing or Surfing for Every & Anyone.” In part 3, I’ll take a closer look at the integrations into Citrix Workspace and the […]