Last week I hosted (for the second time) the EUC state of the union 2021 edition for the My Citrix User Group community.
Webinar Recording (for MYCUGC members here –> https://t.co/MI4rlKY7Yf?amp=1
PPT slides –> mycugc/MYCUGC.pptx at main · msandbu/mycugc (github.com)
However, I also wanted to write a bit about some of the main things that I see is evolving within the End-user space, and especially now with more WFH and with that also requires us to rethink how we solve security. Since we now don’t have the ability to control traffic through some corporate firewall how can we secure our end-users without any type of visibility? Secondly Internet becomes a lot more important in this day and age because of more and more end-user applications becoming SaaS services. If we have a crappy Wifi connection well it means that end-users will lose some efficiency.
One thing that I’m seeing is that increasingly EUC vendors are jumping onboarding the Zero-Trust and SASE train, which aims at solving some of these issues. So how do these services fit in?
Now SASE as term is not new, it consists of multiple components that changes the paradigm of a decentralized security and network services for end-users.
1: Zero-Trust the first piece of the puzzle, where instead of having the traditional perimeter-based access where you are either on the inside or the outside you are always on the outside. Where risk indicators that are collected from the identity, session, device and other conditional that determine if you are allowed to access the application or data. You can look at this is the first entry gate when it comes to connection to a service.
2: SD-WAN is also a part of the mix, which comes in different shapes depending on which vendor you talk about, but most of them provide this as a part of a cloud service, meaning that your computer has an agent installed which is then communicating directly with a Cloud based PoP (Points of Presence) which then intelligently routes traffic to the different cloud services in the backend.
3: Secure Web Gateway which often acts as a firewall service within the SD-WAN service or proxy service. It is used to protect against malicious traffic within the session and to apply services such as DLP policies, such to ensure that you are not allowed to upload/download files within the session. When your traffic is routed to the closest SD-WAN POP it can also come with a web gateway to tunnel your web traffic acting as a proxy.
4 Cloud Access Security Broker which is a cloud service which sits on the outside and uses API based integration to the different SaaS applications (where supported) to investigate activities that the end-users are doing.
Now these services combined provide a SASE (Secure Access Service Edge) service which combines all these elements into an end-user-based security ecosystem. Now depending on which vendor, you are looking into there are also other several types of products which are bundled in as part of the cloud service. This can be services such as Remote Browser Isolation or provide custom services to handle device management and EDR as part of the risk indicator for zero-trust based access.
Ill get this updated with other security vendors as well such as Checpoint, Palo Alto and even Cloudflare. (SASE based services from each of the main EUC vendors)
Another thing that is interesting is that both Citrix and VMware for instance are also providing their own Security mechanisms based upon data intelligence that they are collecting using their own analytics tools.
One thing I find particuarly interesting however is that both Citrix and VMware are looking into workflow publishing instead of application publishing. What I mean by that is that most users don’t need access to applications, but they need access to do certain tasks without needing to navigate Microsoft CRM which can be a cumbersome task.
Now both Citrix and VMware are now investing more and more into this to provide simple workflows that published directly as part of the workspace. (While Microsoft on the other hand is making Power Automate free as part of Windows 10) but again providing this context across multiple SaaS services can become quite powerful and in combination with SASE based security/network context I belive will spark the next generation workspaces and not just providing access to applications and desktops.
There are of course also a bunch of new updates that has happened the last year from other vendors as well such as Microsoft, Amazon and Google Cloud as well so stay tuned for more (and also check the presentation as well)