Duration 1:24:49

Citrix Synergy TV - SYN236 - Citrix Workspace: addressing the security conundrum

George Kuruvilla
Strategist, Worldwide Presales at Citrix
+ 1 speaker
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 23, 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Citrix Synergy TV - SYN236 - Citrix Workspace: addressing the security conundrum
In cart
Add to favorites
I like 0
I dislike 0
In cart
  • Description
  • Transcript
  • Discussion

About speakers

George Kuruvilla
Strategist, Worldwide Presales at Citrix
Scott Lane
Distinguished Engineer at Citrix

About the talk

End-user computing has fundamentally changed over the years as ever-changing ways of working have led to poor user experiences, security risks, and intellectual property theft. In this demo-heavy session, you will learn how Citrix Workspace reduces complexity, provides end-to-end visibility and analytics, and helps organizations address the most common security challenges, all while improving user experience. You will learn how to protect SaaS and web apps from data loss, malware and ransomware and how to address the data fragmentation issue with secure content collaboration. The session will also cover governance risk and compliance, proactive user behavior analysis and risk mitigation as well as device security.Note: This session will be live-streamed during the event and available for on-demand viewing post-event on Citrix Synergy TV.


Alright, welcome everyone. And before we get started for those of your the back, it would be great. If you guys can come forward as you can see it's a large room that's making more intimate because we've been known to give some things away and I can guarantee you if you're sitting in the back of that room. You are not going to be able to find the thing that we're giving away and hint V role might be a good one to sit at Actually, it's great because if you come forward we're recording the session there a lot of people who may have had a party just a little too much

last night. Watch this online. Please do and then it look like Scott and George really drawcrowd. All right. I think we get started. My name is Jorge kuruvilla. I'm a solution strategies with Citrix. I've been with Citrix about seven years based out of Chicago was just cold colder and colder. So happy to be here at the Other Extreme. But as a solution strategist, I work with some of our largest account at Citrix and peanuts cotton I engage in these accounts together a lot of times. So with me, I have Scott Lane and when you know, you talked about why you got that

hat on in the church got this hat on. There you go. Does anybody know why? I'm boarding a playoff beard. But anyway, yes, Scott Lane. I'm just English sales engineer. I actually have a mailing address in the st. Louis area. I'm rarely there. I've been at Citrix 15 years almost now and before that a customer so always always love to do these things. So thank you for coming. And I'll take the head off now George Beck you all right. So the goal of the session is to look at Citrix workspace from a security perspective. I'm sure all of you, you know the last few days. I've heard a lot about workspace

workspace intelligence. The user experience the productivity aspects the sessions really focused around why it matters from a security angle. So that's really the goal of the session and demos, by the way, so hopefully you appreciate that. All right, so I think I love you agree. We live in this any any world not right so users using all sorts of devices accessing applications that are no longer monolithic. They're spread all across the environment you got stuff in public files. You've got stuff in a private Cloud some nice applications. If you got all kinds of issues to deal with

in the same applies to data and this is quite different from how things used to be back in the day of and you just came into an office. You're very well to find perimeter. You give them a call for Donna said you deployed applications onto that device. Everything was under control if they have to work remotely. They go with that device does a VPN well and good, but that just no longer applies. And as a result of this any any world, we brought a perimeter that's constantly expanding right you got different types of workers on different types of devices connecting or various types of

networks accident applications that are different different types, like staff and Rabon mobile and windows. And on top of that deal applications are delivered from different location and the same applies to your content. So it's a major Challenge and this leads us to the next piece which is if you look at any customer out their security is top-of-mind. That's the number one concern and if you look at it budget budget, that's where most of the money lies because that's the number one issue that most Enterprises deal with it and nobody wants to be on the front page of Wall Street. So that's

that's a big big issue. And it's perfect work space that is one of the fundamental challenges that we are trying to solve. So how do we do this? First off? We take a very people Centric approach, right? So in other words we want that uses to be able to use any device that they want. You don't want to come find you if you want to empower you there. So from that perspective, you don't want to limit the users in terms of what they can use the last piece one. Number two, we provide you an application that either the Flight of the user can enroll by themselves and then they can

just deployed on their device and access it on that device and they instead of going to multiple points of Entry there a single place to go to so they can essentially enter URL or you can order and roll them and they get to that workspace app to access all of these applications and data that they need access to the next piece to that is I found the applications go they come from all different locations writer like for instance. I could have stopped and that could be coming from different sources bite from a user's perspective. You want to ask track. So users. He's let's say

or some other application. He doesn't really need to worry about where that's coming from and you can complete the abstract that from them so that simplifies the user experience regardless of whether accessing the application from or what device are going to End of the back NV allow oit organizations to essentially deploy these work clothes wherever they choose so depending on the use case or the application. That might be a particular Cloud that sooner or maybe you want to keep stuff on premises. It doesn't matter V aggregate those resources and make it easy for you those

who consume them but most importantly from a security perspective. Now you you are essentially reducing your car or all attack Surface by providing users access to delete apps in a single app, but also a single point of entry right? So that's that's great and me for why do end-to-end visibility as well. So all the way from the app that uses accident from the device and then all the way back into into the net worth of Ypres. Why do the full visibility required to essentially apply the policies in the contextual fashion as needed? So what are the three pillars of

this vision of arthritis of the first simplified control? So regardless of where the applications hosted and where is being deployed from you can still apply the policies that you want on those applications for that specific user in a dynamic fashion and the user just consumed the toy farmer user that's actually an application from a culprit device versus you know my own personal device. It doesn't matter. The policies are applied in a dynamic fashion. That's as soon as a simplified control aspect. The second piece is the 360 visibility so giving you an to invisibility from an IT

organization perspective. This is extremely critical especially because of the security concerns that most organizations have so giving you that into invisibility the big pieces. And the last piece is an analytics, right? So it's not just about what's happening. Now. It's understanding Trends in behavior and then being able to proactively take action. That's a big piece of this rich in Israel. So over the next what is that like 80 80 minutes or so, we're going to go to some of the security benefits of workspace. So we look at each one of these talk about some of the

aspects of each element and then we'll go into a lot of dentals. So let's start off with contextual access. Right? So most environments are dealing with unsanctioned applications. SAS applications web applications. And if you look at how they tackle these different use cases, you got different point solutions to addresses and Eastpointe solution could be best but then from a user experience perspective. It's a nightmare, right? And even from an ID complexity perspective is its a headache. So even if a large organizations they have in some cases, they

probably have 30 40 different things of points of entry for users to get to so if we use the word leave that organization and you're trying to troubleshoot something or just trying to log to use it down by the time you actually restrict all of the different accounts inside the user might be long gone with your intellectual property, right? So that's a major challenge. So the baby solve this is with our Access Control solution, right? So regardless of the application of application you've got different concerns you want you want to protect your intellectual property you want to protect

against Ransom Ransom you want to provide users the best experience and turn the single sign-on and maybe all of these don't apply to every single yusuke. So depending on the use case, we make it easy for you to apply the security policies that you want and then give them the best user experience as well and Scott will be showing this to you in a little bit. So another nice aspect of a solution is smart access how many of you have heard of small axe by using smart actors today? What if you all right, so it's been it's been around for a while and the fact that we are still talking about

it is because it's still very very relevant. Right? So think about the scenario where you've got uses using virtual apps that stops and then you need to essentially dynamically control what they can access based on the device that connecting from other network error connecting from are based on just the authorization you're able to do that with smart access and this is where if I have a Samsung device, I connecting I go to you Orlando my credentials I can access my set of applications and do whatever I need to know if I go to that same URL from a different device on an unsanctioned

Network just based on the fact that I'm logging in from a different device and post assessments. I can respect that access and applied different controls based on the application that I'm asking. So it's pretty popular in amongst our customers, especially those were more security conscious. Alright, it's time for a first time. All right, so let me switch over here to my Surface and let me mention that I normally try to do all of my demos live. I I'm Wise Guys. I love doing live demos as you guys probably all know. So where do some live some are going

to be by video? It's not because they're not real. They're very real. It's just that I can only carry so many devices and set up so many things on this table in this time. So the first device I'm on is is a Surface Pro. I must start with with the access control service and let's talk about work space as it sits today and has it ships today before we put the intelligent workspace stuff on up on top still incredibly valuable tool to have to secure your Enterprise who he wants more. I've never seen or I

don't know what you what what what's one what's got you all excited for us, but you know just the other day. I'm catching myself. Even with a with a Morgan Stewart having to always reset my password cuz I can't keep up with it. All right and who here has wanted to go to something, but you have no idea on how to get to it. Okay that happens. Right? So what we want to do again, even with work space in its current form is bring everything together your apps for SAS, and of course traditional as well as desktop send files to

the first thing I want to do is go over here and click on G suite. And by the way, I've already asked medicated to this and it can be two-factor authentication using are the time-based one-time passcode. All right. So this point we've been in both the embedded a workspace browser and I'm now in 2 G suite and you can see that watermark on there which would tend to deter me from wanting to take screen. Lots more on that in a moment or a picture. I'm going to go into Gmail. I don't go to call out that fishing is absolutely a real problem. Right? In fact, they want to cry

and Pesci attacks all came through fishing. But tempting thing to click on them actually gave myself a link here and for what it's worth. All the phishing emails we get are much more sophisticated than this. I just wanted to break it down and make it very simple for you. There's a couple of things before I get into that that we can do with the workspace. First of all because we control this browser we can lock some things down in this particular one. You can see we left the print button on but you don't see the address bar. The download button is broken or not. They're actually I

shouldn't say broken if I were to go over here and just try to copy and paste you can see they're very clearly that we are blocking clipboard operations. Probably not a real good idea for someone in our Enterprise be going to The Pirate Bay. So that's where our Access Control service sees that as a blacklist. We are stopping them either by specific site or by site type or keyword. But maybe we have a legitimate reason to go somewhere but we aren't sure if we trust it and this case I've used espn.com and his example and what's

Happening Here is in case this is a bad link we're saying hey call that and I like to call it this the marketing folks probably don't like me calling at this that great big men app server in the sky that magically gets thrown away when I'm done. Okay, it's basic basically a hosted Linux OS and if something goes wrong if this was bad, we just throw it away so that the key differentiator most environments are doing as far as content filtering. It's an allowed then I typically like we have a white blister with Blacklist you filter you have some kind of transparent authentication. We have an

additional option here, which is this launching an application in a secure browser that's running on a completely isolated Network. So you're still giving users access to that URL what is running off of your network? So you still Yost. You are mitigating the real Associated with it. So that's why it's a little bit more options as far as what you can do with those apps. So the next thing I'm going to do I'm going to switch over now George and we're going to move into smart access and we had some folks that actually said that that they are they are using this. So I'm going to tell you the

smart access cool and it's old school. I hope you guys think that about me he's cool. He's old stuff, but I'm going to try to put a little bit of a different switch on it a little bit of a new school attitude with it. I want to show you some thanks. Okay. Again, this is very real. This is this is being done off of video, but this is from my eyes are environment which is of course is fronted by Citrix Cloud app and Desktop Service and a Citrix Gateway that I have sitting in a drawer. So go ahead and click to start the video so

really good offer. So I bought a mini lift something so I go home I get on a Chromebook first thing I go open up open up the Chromebook in the URL here not trusted. So you'll notice that I'm asked for a couple things who I am my passcode and a one-time time bass passcode delivered from the Gateway service. We now include that cyclic on the Enterprise desktop and it's going to connect me up to the desktop and right away. You're going to notice some things and me as a user if I don't log

in a lot in this scenario. I know there's some things right away. You'll notice the watermarking that's fairly new school came along and VA 717 again to deter me from wanting to take a picture of it. Okay some other things here. Let's say that I want to get to work and actually start pulling up that particular workflow that I want to do. First thing to do is launch an application critical to the Enterprise in this case. It's just an sap out that I have in my demo environment how we can watch what's going on next thing. I want to call up a very confidential file its back in the corporate

Network. Do I use connectors through Citrix files? There's the customer confidential. I'd like to take this customer list a few things with it and get my windows all situated up here. What are the ways that I can take this information away? Well, I could copy and paste it just do simple clip boarding so you can see a Broadband org ID and just to show you. Yeah, of course, it works within the session. Okay. Now that must say I were to copy all of those cells for the interest of the stimuli just did one. So it's easy to follow go out to

the local OS and I open Google Docs because nobody is tracking me there right and I can just start to bring that whole list out. So let's get a blank document open here and I'll go on ahead and paste. That doesn't look like an org ID. The reason why is that it's the the Texas in the local buffer of the Chromebook. We have blocked clipboard from the host to the client and that was dynamically controlled and turned on by smart access. Okay. So now let's say that I might want to actually copy something from the whole front of a client into

the host and there's a legitimate business reason I can do that. And by the way HDX policy has been around for a little while lot of people don't know about it. I can lock down what type of information okay next thing if you're familiar with the Chrome client you'll notice or you'll know that there's always when I have the ability to print a chrome print object that shows up here. It's blocked. And then what about saving as well? If you're familiar with using a Chromebook light, you'll notice you'll know that we often don't know. We don't map the the client drives here.

But up here on the context bar isn't upload or download function again blocked HDX policy invoked because not sure I trust what this guy's doing. He obviously was not coming in from a trusted device. Our guy is determined to take this information away. And I hope that is it administrators. We stop this or we we tracked it. He goes and opens Yahoo! Mail inside the virtual desktop many copies. You think we'll catch him doing that George. I have a pretty good suspicion. We will all rights. We didn't get much luck other than email. So now he

goes to work or eaccess is a work on computer puts in the same URL What closely it detects something again all those different things we can look for in this case. It looks for a certificate it even suggest a different authentication profile because we've got a new layer of trust. It just says enter my password. Okay, so the certificate matches and now I can enter the password for my username launch the same desktop, by the way, you can search on all kinds of things files registry keys different water marks within the registry keys and versions and

latest patches. You name it right just to give you some perspective like back in 2007. I was doing this at a law firm has been around a long time. It's a very mature person, but I'll show you that the new stuff that's with it. So and he's watching over and he's trying to get this information is determined to get this information out George. This guy is really a problem. name, Scott Lake He goes to print because we trust and you'll notice that client print napping so we could print it off but he's not sure that really works. So he

doesn't think that we wish all people didn't do it goes to his local OfficeMax or Staples and he buys one of these thumb drives and he puts the thumb drive into the into the local client. And because we have this wonderful thing called USB mapping it shows up in the session. Okay, so now he goes to save it. And you'll be successful at Saint George cuz he'll be able to walk away with that confidential information. Can we go ahead and let him save it here so that we can set up for the next

section. So there you guys he finds a removable disk. And this guy must be a Bruins fan cuz he's really giving me a hard time. I'm sorry, if you're from Boston. You're cool. Alright. So you can see he saved it. All right, George. You think we caught him? I don't know. Okay, here's the new school stuff. Big brother is watching that whole thing. Session recording has been around almost as long as I've been at Citrix. We've really put some new juice into the squeeze if you will recently and I'm kind of excited about version

19-3 just came out a couple months ago now supports the Citrix Cloud delivery controllers in Cloud connectors. I could not have built this demo in my environment until this came out. That's the new piece of this the quick bull who the youth session recording hear anyone. Interesting interesting. I get a lot of traction and talking about it more and more right now. And if you want to know more about it, we don't want to dig too deep in it. Feel free to talk to George right afterwards, but I can this is another new thing is coming. I can trigger the recording start or stop based up on things

that I detect through Citrix analytics. It will show you that little bit later. And then if I'm really inclined to do so and coding I could actually with with maybe a homegrown solution trigger it to on the Fly start via Powershell. You'll also notice right over here. If you look over here to the side lawn client Drive mapping La generic USB log the app starts and since files and browser usage. I caught him. Yeah, I'll show you. I caught him. I caught this guy. So this is session

recording. I want search for that ass Lane guy. You can see that I've got a special here is blinking. That's because it's still going on. It's live. I can look at it. I can interact with it. He doesn't know I'm looking at it. It's a lot like TiVo, but I'm more interested in the third one down here and you can see look down there in the lower left. There's already some bookmarks in there will dig into this just a little bit and you can see that it plays back exactly as it went, but I can bring it full screen and I can search through to certain bookmarks.

In fact, the first bookmark I'm going to search to is right there. You can see that bookmark down at the bottom of the screen that bookmark is where this user launch that sap app. So if I'm wanting to always track what they're doing a certain app, and they've been working for 8 hours. It's easy for me to scrub and find what I'm looking for. So there you go watching the sap at additionally there other bookmarks in there as you could see for example over there at the side going out and getting to the web and we were able to determine that the the the user was trying to get

out additionally were also saying all of his file access in here. We was actually trying to save it off but it is on the Chromebook smart access had locked everything down turned off all those policies. He didn't get anywhere. So if I'm the security analyst looking at this, I'm like, well I can see he tried but nothing really happened. So can I switch to the live Windows session? And then this is where I really come up with stuff because I see a a client Drive mapping. And actually I can see that I thought he stopped a nap and so on and so forth and I'm actually to able to see

and have Visual Evidence that he plugged in the USB thumb drive cuz it'll show up down in the corner and that he actually copy the file over and by the way, I'm not an attorney but these can be digitally signed. So that becomes admissible evidence to court security access to the USB drive. He wanted using the same posture assessment but in some scenarios, you trusted user you provide them access and even they could be, you know, stealing your copper data. So that's where those scenarios now you can actually detect when that's happening you have actual

evidence and then you can even proactively and I'll take actions with Analytics. All right, George. So the recording goes on but in the interest of time. I'm going to move over to the next thing who here was excited about the armored climbed Emma. What are we officially call it Criss? I mess it up every time during the app protection policies protection policy. I will always call it armor client when this guy first showed it to me Chris about I went crazy tonight. That's right at everywhere. So I'm going to do

it to you right now and try to do it in a little bit deeper fashion than what they did a lot of times when we show customers, you know Foster assessment and the policies that we have, you know, they usually come a come up with a few different use the few UK so that we can address and that's, you know screen captures keylogging right? So guess what now, we're dressed screen captures and keylogging with the solution. So even for that, you know, 1% of Youth cases that we couldn't address before now we have a solution and more important. It's not a solution

that separate from the rest is all cohesive and uses can consume it fairly easy from the financial services firm that that I used to cover as an SE. I won't tell you what city they're in you can probably guess but I remember trying to say why are you why you buying laptops for your financial advisor all all over United States? It seems like such a waste. Why don't you deliver the whole things reached and you let our firm handle and then your financial advisor decided to answer your question on a weekend. He went to his aunt's and you know infected old

Windows 7 with zero-day vulnerability PC and and load up your portfolio. Would you feel comfortable and I had to think about that a bit cuz I'm thinking all the things we can lock down and HDX just like I just showed but there is very little to stop. The keyloggers in the screen scrapers. Okay. So for example here if you look here I've got to a keylogger running on my Windows laptop. But if I go here and let's go ahead and launch Salesforce case a sap

very very important. From the moment we launch workspace and the moment we go to login. What is one of the most valuable pieces of information the bad guy could get My password absolutely, so I'm going to type it in here with a keylogger on. I will tell you that it's not Citrix 1 to 3, but it certainly isn't 4 / V carrot Asterix, Mr. Forest Asterix at creative. Okay. So at that point now I'm up and running and now I'll go into Salesforce. Now. What's

also very important if I'm in Salesforce what's also important to the to the to the bad guy? Oh gosh to find out who I might be working with. I got a couple sales guys up in the front. Can you give me a customer name? This is not live data. Just throw me a name. Cargill they have some good chicken Spelled with two L's, right? I typed in Cargill and it came up up care U bracket 9 F A M I won't find Cargill in here. Guess what happens if I try to do Snipping Tool? Let's say

And just get a screenshot of what I found on Cargill if I go to snip. Everything's great out. So we're protecting not just the password with indication for protecting the Sass apps deliver to work space and if I go ahead and launch HDX, it protects that too and just by the way cuz I'm a guy that likes to prove it's not smoke and mirrors if I bring up something local like the local Notepad. On this device and pull it over here to sign Factory even see there that it saw that I typed in notepad, and now the typing test.

It picked up every single thing text by text letter by letter Key by key when I used something outside the work space so you can see why I'm very excited about everybody else as well. Alright, George. I'll throw it back to you my friend. Yep, and just to let you know he talked about the local app issue here in functionality. That is definitely something thinking about like around. Dr. Fleck has a message for you. Turn on let's talk about device security. We talked about

contextual access securing SAS applications. Another major concern is you've got various types of devices Inc. Uses coming in with their own devices. Then you've got your corporate assets and it's not a one-size-fits-all solution. Right? So if you look at how Enterprises tackle this they typically have one solution for the time management strategy and they brought a different solution for the mobile device management strategy and the challenges that overtime just if you go through this process using different tools add complexity. The user experience is not great. I see this every day with my

wife who uses some of the competing products and she keeps asking me like, what does this mean? I have no idea right so it becomes really really hard and you know, it's also easy for the bad folks out there to essentially steal data when you've got all these different points of view should So what are we seeing out of the industry is that these Solutions are essentially converging into what's called unified endpoint management and Citrix has a solution in the space as well, which we call Citrus endpoint management. So what does that really include first off? We have mobile device

management. So that is if you think about your own assets, you can apply whatever policies you want on those assets and you know, you can secure to the point where you can just pick specific functions, if you know if the device is stolen you can essentially wipe the device which is pretty intrusive in terms of the policy that you're playing. But if it's your acid, why not if you know you want it, but as far as Citrix goes, we provide some bells and whistles above and beyond your basic Andy and this is where you know, we can do custom security policies based on trigger. So

instead of just having a blast in a black-and-white list of what's allowed on denied. We look for specific conditions and based on the condition. We can trigger a specific action. But more importantly what about BYO right most of us like to carry our own devices. I know Scott and I are both Android fans. We both like our Windows devices. We only accept and the Chromebook. Yes. So we like our devices and we have probably the exception but we like using those right. So in in that scenario and if Citrix one or two and then Romeo probably be upset because I'm concerned about someone accidentally

wiping my device not ideal. So for that scenario, we have what's called mobile application management and the idea here is pretty simple know it's your device, but I'm going price customer when I'm deploying Enterprise application. I'm going to call Walter some space within your device encrypted container and I'm going to deploy these applications within that include the container and I'm going to apply policies on app or application basis, right? So I might have a mail application. I might have some content that deliver their is well, I might have some call for naps. Now all of these

applications don't necessarily need to have the same policies like for instance authentication. Let's take that as an example. My authentication policy for mail is going to be different from let's say more sensitive A Penny RPM, perhaps maybe for the RPF. I want to force a user to login every single time, but for me and maybe from a user experience perspective. I want to have a long a time you can set those policies because our policies are done on a pro-rata basis of our competition is a fairly small number.

So that's an important differentiator as well with Mom and this is Walter what time but still in most cases you have a VPN tunnel that's being established at the device level. So basically all of your traffic is flowing in what we can do is we can apply the the VPN on a pro-rata basis and apply wife. Listen Blacklist on a pro-rata basis. So the time out in such can be set at that level as well. So this gives you more flexibility so much. Show that some of our partners that using this capability when

deploying their moms emission system. This is one of my favorite pieces. I didn't watch truly differentiate Citrix is our Citrix ATC netscaler, you know some of us still like to call an Escalade but nonetheless what really gives us an advantage in the market, right? Because it's an end-to-end solution. We have so many great security features and functionality built into our ADC that we can leverage when using the rest of work space when he talked about Mobility. You can apply multi-factor authentication single sign-on to micro VPN

capability SSL termination to all of these are made possible because of the fact that our Mobility stock is front-ended with our Gateway and ATC. So again, support perspective, you know, it's always supported into him. That brings us to the next demo. I got to show you this man. I got to show you how we manage our unified influences free cool stuff here, man. Unite when we work together we get so wrapped up with forget. We have people around this. You're right, but already got here on my phone. There's got

to be a better way. Yeah. Well. George, this is one of my favorite things to do, right? If it ever comes up it did it go to sleep. Not let me go a my favorite things to do. And by the way, remember we told everybody move to the front and hint anyway. If I can get a hair get it that whole session up there. I'm sold for sure. I think I'm so sorry that I'm going to give one away today. So why don't you guys just look under your seat one of you will find something that looks like

Find anything. Thanks like that. Look hotter. I'll give you a hint. I see someone sitting right next to it. I am standing pretty close to the area in the room where it is. All right, I think we have a better come on out. All right. So, who do we have here? So we have with us. Ian Anderson fan Anderson, absolutely You'll get a pie. Actually. These are RX HDX by in Computing course, there are more down there. Feel free to use that. So George should I be concerned

that I just gave you and that pie I brought you worried about the security. I mean, you just unplugged it and gave it to him know. I'm not actually not at all because here I'll go ahead and show you here. Yeah, and you know, you see right there it says workspace Hub. Yeah Citrix in point management does more than smartphones and tablets now so I can push configurations to that nobody when you go put that thing in. I didn't actually get it done. But have I gotten it enrolled into my environment. I could wipe it as soon as you plug it in. So but it's ready for you

to use and for you to enjoy and thank you for coming to our session. By George, there's actually a better story to security around this. I love pie. Do you know why I like pie so much and letting me what's my birthday. I'm a pie baby by the normal after there's a security story behind that. I mentioned that I used to work for a customer before I came to work for Citrix and that was a financial services company if we walked up to a teller line think back a little bit right now. We open them online but we go to the teller line when I want to open deposit. I want to open

a checking account. Do they make you stand right there to do that know they were saying I'm so glad you're going to be a customer in XYZ Bank and Trust. Let me come around. Let's go out to the personal banker desk where I can take your information for us. The personal banker desk was literally the first desk when you walk through the door and it had a full back then Windows XP PC sitting on it. Anybody could log into and take open a new account now back then I work for the bank and I had to work on a number of those devices and I would always find spreadsheets with

customer information on them. We never had it happen, but can you imagine? One of those walking out the door with a whole bunch of customer contact information on it by us giving that to Ian. Janner Ian. Yes, okay. Sorry. He got absolutely nothing. So that's the security angle if we keep the data off the endpoint and we can do it at a low cost. There's a lot of benefits to that and I think there have been a couple of customer cases that exactly happened right people have walked away with devices and their Los Angeles of property

for the scanner dress it and I think another important differentiator when you talk about it and DM capabilities, we just showed you how we can extend beyond your typical devices Windows Mac and what not to RN phone, you know, he's here so he can essentially get a whole stack of these deployed to your end-users a plug it in its fully configured and ready to go and you can wipe them and if something is wrong with that you just plug another one and able to go and Frank start was doing a presentation. This was before hours. I would recommend you go to it. He was actually showing how he was

pushing all the configurations to them. So they're very easy to manage very very going to take it off the shelf. Right? One of my favorite device is my Chromebook. And you'll notice the map in here. This is for my Chromebook and I actually have my Chromebook manage. So I went in and I could actually track where my Chromebook was. So there's a lot I can do with my Chromebook to control the endpoint. I want to switch to the Chromebook right now. This Chromebook is enrolled in Citrix endpoint management, and I'll stop here and point out as I put in the password that one of the things I can

do is actually lockdown the browse as guest. Well, don't ask how but somehow or another I managed to get myself locked up by doing that so I turned it off for myself, but there's a couple of things to point out that happen here. You'll notice right away if pops up and says, hey enter PIN. Okay. So that's that basically unlocked my ability to browse with this Chromebook. And now this Chromebook being fully enrolled. We have some control over no matter where in the world it is because we have right there in the app the Citrix secure hub Golf course I

also have my workspace on it so I can do all kinds of things right everything that comes to me inside of work space pretty much can do here on the Chromebook. There. We go to the network also important to mention that we just announced extending secure mail to the Chromebook. So when you talk about offline access to mail now you can do it on the Chromebook system and that's one of those things that I need a doctor Flex cuz I'm a big Chromebook guy they got you. Am I good old trusty thumb drive here.

Guess what? Yep, can't do it that's yet another policy we can control on Chromebook Windows Max other things 2 Cognito mode. No, I'm not that's yet another saying that I can block on my Chromebook and you don't want George. Oh, well, what the heck? I'm just go ahead and type in that URL anyway. thepiratebay.org not going to do it blocked that brings up an interesting point that we talked earlier about access control and assassin web applications and put in Compton fencing around that we will be extending that capability to the native browser as well. So in

the future in the near future actually see if you wanted to control the local browser on the user then point and do fulfilling you'll be able to do that as well. So now I'm going to transition back to the smartphone and before actually go to the slide how many people here how many people here are our parents World parent who has little kids little kids. Okay. Yeah, I have grandkids. So I guess I'll I qualify the iPad the tablet that you love to use maybe even your phone and so you put a very simple pin

or no pin on it whatsoever because when Junior wants to watch Peppa Pig, Yeah, and I'm the iPad right but meanwhile right there is your corporate mail and those applications delivered to you by Corporate America. And how does Corporate America by George said? So again, this is an Android phone still works with with with apple butt. What I have here on this one. I have to click the start. I'm sorry. Let me get that going. Okay. So what I have here is a phone that has no passcode off the front but I can enforce make that passcode mandatory and that

was actually a three digit passcode or 6 digit passcode. But now when I launched securemail, did you know that asked for a second pass code that was four digit. So now even though you have corporate information. You got to have a passcode even if you don't control it and oh, by the way when you launch the corporate information, you got to have a second passcode something different. So when your kid watches Peppa Pig that same passcode won't get you in the mail. This goes back to the conversation around MDMA and policies that you can apply

on a pro-rata basis. That's a great example. So, I don't know if you caught this yet or not. I let me back up here just a little bit. So there was a link in their Network. You can see this one opened. That's our micro VPN technology. No need to have a VPN client on this phone some companies that talk to do that. We do app specific now, there's an attachment. I open it in the preview or we're going to save it off to remember. This phone is not fully managed. I can restrict the open in

in this case. I can only open in Citrix files. And in this case. I'm going to save it to Citrix files. And then let me see here. Oh, yeah. I know what the next thing is if I go back to the mail and I can't save it anywhere and I got the VPN I get into work, but only certain things. Can I just copy and paste that information out to something local? Well, by the way guys for this recording I hit paste like three times just like I did in the the HDX demo you can't do that. So now that I want to send this email off George

and I've been working on that letter and I'm going to send to a guy who we work with a lot by the name of Adam Nando boom, and I'm not sure I trust Mr. Man to bloom he gets this all the time. I wish you was here, but you know, I got a lot of things I can do like I can share by Citrix files email pay attention to this. I use this feature on an insurance claim and it helps me get a very good insurance claim. So I'm going to send it off to mr. Amanda bloom. And it's for his review. See all of the swipe, right?

Android for the win, but it's not rescues review. Pay real close attention now. I can require the recipient the login. I've got a check to notify me every time their access and look at these options view online only you online with Watermark or let them have full control the story that I'll tell you as an insurance claim of a flooded basement, by the way, I'm going home to another one right now in Missouri. I said a whole bunch of receipts to my insurance adjuster got no notification ear Evernote opened. I went to my agent she said how do you know that he didn't open them? So I sent them to

her she opened her email. She's all here are all the receipts and I got notified that you open them. I never got that when I sent them to the adjuster. I got a good settlement. I really did call him. Anyway, I'm not picking on anybody who might be in the insurance industry. So what about a Chao workspace here getting access to the files? One of the things today and work space on a device like a tablet even more. So on a smartphone is if I went back there and I launched Salesforce. It doesn't open it in the native Salesforce or or work day. And

this is where you get to show you something a little bit future looking right. It actually uses local browser and to be right honest with you while it does so you can give you the contextual controls and puts a watermark on there and all that beautiful stuff. I'm about to George. I don't like using the experience to show you is a mock-up. Okay. This is not real and get to it here. Not real it is a mock-up, but it is due too, and I did get approval Chris by the product

teams to show this. So essentially let me go on ahead and start the demo video for you. oops Oh man, can't get that started on this map. Weather if you haven't figured it out yet. Chris gets to play with all of her all the cool brother. I wish I had his job like that. Let me see that little start arrow down there. Are start Arrow? I don't see it either. Play go there it is. Okay. Thank you George. So I open workspace URL click on it and I'll George check out my super

secret secure password. Nice job. Yeah, this is this is not real. So I go on ahead and log in and then I'm into the workspace on my Android or my iPhone. Just like normal, right and go look and find all my apps my desktops my files and I'm looking for something. I'm looking for work. They saw use Universal search. So I'll type in keyword work. and search And of course we find at that point different things right files as well as apps and there's working at watch when I click on

work day. It opens the native app SSO me in. Okay, so I don't have to remember that password to get into workday to use the native app on the phone again workspace. Was that a syndication at strong athentication workspace was the key that unlocked the door for everything and this is this is coming soon. Alright George. There you go in peace already. So we talk about what's the next big thing as its content? Right? So normally users use their desktops to get to apps and data. Let's talk about data

and how we secured. So most environments if you look at data the challenges that a lot of the data to the lives on premises and maybe someday that will forever live on Promises song will move to the clouds. If you look at the most Enterprise file sync and share Solutions out there a store most of the data in the cloud very few offer the flexibility to keep that stuff on premises. What's nice with our collaboration solution is that we allow you interview give oranges of the flexibility to access data from anywhere, but we abstract the complexity, right? That's what are the uses concerned.

They see that folder. They don't really understand where you're coming from, but we can secure that The data and also apply policies that you deem necessary on that data. If you're storing the data in Cloud V still give you the ability to own the encryption Keys as well. So it's a best-of-breed right in the sense that you have the flexibility to keep the data where it needs to be both on premises in the cloud the other big pieces. We talked earlier about the fact that the Gateway the Saturday TC front ends all of our Solutions. So because of that we have inherent Security benefits in this

case single sign-on is multi-factor authentication the big piece of that. We also proxy the all the connections coming into our Enterprise Cloud solution conglomeration through the Gateway service. You have a data source choice. So in other words, you know, if you wanted to aggregate data from various repository, so that doesn't very nice possibility that they use is already using Edition solutions. I think I was in dance photo session yesterday, but he talked about how cheap he is and he uses every free throws that he can use and he will continue to do so, but for him to be

productive he needs access to that data to and guess what we can aggregate all of that data in addition to our solution and no in many cases OneDrive for business as well. So that's available and lastly we have workflows in collaboration built into the solution Del Sol. And then another key differentiator is the reporting and analytics right? So we've had pretty rich reporting right from the get-go with your house. If you wanted to know who is accessing different links. So the links that Scotch odelia left in the shed out if you wanted to track you that cuz I need all you wanted to

put policies around how many times that link and we access we can do that but more importantly you can run reports that show you where those links have been accessed from the IP address what they doing with that says pretty rich in there by myself, but now we've gone even further with the analytics in the integration, right? So now we can essentially drivers indicators based on user Behavior. So how much data is actually being downloaded should a noise if it crosses a certain threshold, perhaps the trigger an action we can do that kind of thing, but we can figure out session

recording or expiring so it's pretty rich in terms of what you can do. In addition to that another common thing that comes up as most environments have almost Enterprise customers. Anyway have some sort of information right solution and my management solution deployed already. Alright, they classify the data and they want it sent to use the existing classifications Battalion to our accountant collaboration Solutions, and we eventually allow that by leveraging the icap protocol with most leading Solutions support. So that's another integration point that allow

customers like to take advantage of And lastly, I think Scott shoulders or live with his demo, right? So when you talk about when you share a file out, perhaps he want to Watermark that fight and make him you only think of it as lightweight irm right for that capability as is available as well and the beauty of it. Is that link. So we showed your DLP TV show DUI RMB showed you the native flexibility of storing your data on premises are in the clouds over for dinner. That's more restrictive more

security can keep that on premises as well. And for the day. That's living in the cloud. You can own the encryption keys. So no demo here in the interest of time so we can move on to governance risk and compliance again. I feel like every customer is worried about this gdpr comes up almost on a daily basis. So it's it's a youth games that we can help you address of want to eat at a high level and Transit GDP of the things that you can most customers are worried about his employees that actually work out of the EU and then customers are in the EU and you want to keep that do you know do

you want to have the authority in this case and you know this content collaboration and white relax and desktops you can actually address that use case. But in addition to that there are various other compliance regulations that need to be addressed and our suite of solutions can essentially help you address those you schedule we've been doing it for a very long time with watch relaxing desktops. I would say that a majority of the use cases for what. The security of later than one big piece of that is compliance. All right. So let's move on to security analytics.

How many of you already heard about security and let you know too much about it. I'm going to see if you were alright, so you know, what? Why does this matter? I'm going to try to take an angle of what customers do that the kind of helping differentiate what we do right? So when you look at the same Solutions the challenges that you've got all kinds of disparate systems, you got all kinds of data flowing and you got to find some sort of an aggregation Point. Can you find the solution that essentially collecting all of this data syslog data, you have a lot of data and now you got to

normalize data make this data actually convey a message and then find out you know, what actions need to be applied on this is not easy, right? If you look at some of that have deployed some solutions at the end of learning curve there. It's quite steep. Now, once you get to a point where you learn the solution is its operational it gets better, but the point is to get to the point. Where you can actually gather some relevant information it takes time and our solution is fundamentally different now a big caveat to that is for for a solution to provide value or induces need to start consuming

works by then. Hopefully, you know, we've done a good job selling you on the security benefits of the workspace. So once they start consuming workspace as they start consuming different Services application all day using device Security account on collaboration or what your lap all of these provide data points into our analytics solution that we can then use to provide you with some calming Christian Wiman and what actions can be delivered but the point is that he said turn key solution. You don't really need to do much. Once you start consuming work space and you just turn it

on your collecting data that won the second thing is because it's a closed-loop autonomous system. We are looking at the user from various Vantage points, and the accuracy tends to be higher. And lastly it is, so we provide you a list of actions that you can essentially enable buy a checkbox. So it's an even though the risk indicated might be worth relax and desktops. Will you could apply an action that's from a completely different product probably if the content collaboration function do we give you that kind of flexibility because it's all part of the workplace. So I can just to kind

of run through the benefits like it helps you identify what happened how it happened and looking at Trends. You can find a predict what will happen and then give you actions are in terms of what to do, and we've also recently mentioned that we have extended capabilities that you can integrate our solution with Splunk and very soon. We will also be able to integrate us with a dresser. The solution is not restricted to customers that Leverage The Cloud public Cloud alone. If your on-premises you can still lovers this or even if you're hyper Cloud customer this can be lovers. Are the timer

switch over here? Do my trusty Chromebook and now we're in the center console and I've landed on analytics. The first thing I'm going to do is actually this is my my live environment. I don't really have anything set up that's on purpose. I want to show you where we kick this whole thing off with session recording and I mentioned that you can dynamically kick in session recording of things going on based upon what do users doing so I'm going to go here to settings just show you how easy it is to do a few things. First

of all to get to the point where you're collecting data. It's pretty doggone easy. You just go in here. These are all the Citrix data sources you just turn them on and then oh, by the way, you can add and hear things like Microsoft security graph. I've already got them on so they're in my environment. The next thing though is you can set up if you if you do nothing, you'll still collect data from the data sources and you'll be able to see the risk scores go up. But now I'm going to set some policies and let's say that I really wanted to do something based upon the session recording.

So if a certain action is Matt, and I can look at several different things here and let me go to Virtual apps and desktops and I will choose potential data exfiltration. Guess what that's what are rogue user was doing at the beginning of this session all those recordings that we captured do the following. Well, I can do several things based up on that one thing there, but I'm going to start session recording and basically I get the policy a name and at that point it just happens. So you don't have to have that recording on all the time. I just happened to do that for the sake of that demo

to show you its capabilities another environment that is actually a demo environment and it has some static number. I want to say, I don't want to say static but some demonstration data in it. It's just a kind of show you what we can do. Rob landed on the dashboard and I want to change the view out the last day look over the last day and I've got some high-risk users coming in here first. I see Georgina and I see Caroline and Kevin. I'm going to look first at Caroline looks like she is starting to Trend up there. She's not yet high high but she's training up

there. So if I look down here and I'm choosing Carolina because you just talked about content collaboration and Caroline here obviously has an issue. We don't know why weather Caroline has had her credentials lifted or whether Caroline is up to no good, but we are starting to see some things here like unusual upload volume. She was using some different devices. If I look at this I can click it out even further and see where even sometimes wear. These. Are you there? You are actually she was using a Windows NT device there when we talked about the smart access that CPA

stand for Here's here's some unusual SAS usage stuff that she doesn't normally use can't we even get the IP address and where that's at, but then we start to see, you know, once we see some of this going on we're going to notify the administrators start session recording if something happens inside the virtual desktop, but look what's going on here DLP alerts potential data exfiltration downloads an excessive file sharing. This is where autonomously automatically we can take proactive action

to stop the breach and this is a big one on content collaboration see what happened here expired all the links by this time. We know that something's wrong Caroline knows something's wrong and everything that she's generated is expired in case somebody's been going in there and getting it on her behalf and sending those out on her behalf. So that's an example with Caroline. I'm going to jump out now and go over here to Georgina kalu. Georgina is an interesting person because we're Georgina actually, you know travels around a lot.

It may appear so against you start your day off logging in from a variety of unmanaged devices and jailbroken broken or rooted devices. Now, first of all, most people aren't like George and I We have one device that you use ride. We will you and I use many but most people have one device that you use and so that's something they're concerned. They're one of the boys say, why do I said we have many that we use so, you know, but most users only have one device. Okay. She also has excessive file downloads as well. We started the session

recording we can see DLP alerts in authorization failures. And if we look here at the we can dig in and get even more information about what types of things that she was trying to access through the the ATC usual login access and look at this. It's coming from Grease now in the interest of time. I will tell you that I've dug into some of these many many deeper and deeper and you will see in some cases the user and see if this one actually shows it. No, it doesn't but in some cases the user will be in Greece and 1 in in 15 minutes later. They'll be in

Australia and that's clearly a breach password. So what do we do we can set the actions that the system takes. Depending upon what type of business we are Financial trading organization will tell me that if something like this happens for real. I want all sessions killed all links expired. I want to notify admins. I want to lock the accounts and I want to notify her now at an executive breathing. The next customer came and we had this discussion and they said we're Healthcare. What is Georgina is a critical care nurse and the

critical I see you in that case. I want to notify Georgina put her on that watchlist. Make sure I T know something's going on. But whatever you do start session recording to buy the way while she's in the Epic system, but whatever you do do not terminate her a cat her access because she may be at the patient bedside taking orders from a doctor that is giving life-saving Care at that very moment. So it's all up to you. Here's the thing about analytics. If we never create a policy we can learn a lot just by watching the risk scores rice and it's just that easy to set

up and that's only the recommendation read. The first thing you want to do is enable. I kind of try to understand what the normal behavior patterns are before you go ahead and enable actions. Alright George. I think I am wrapped up with that. Alright, so I just want to give it to promote a deep dive on analytics of what number. Next room for 15. All right, if you want to learn more about spending a whole session on analytics on like 3 minutes like I did write Anna.

Yep, and another important thing to talk about out of the day. So in the past one of the complaints with your from users is hey, I'm completely on premises. I was relaxing desktops on premises. I can't really take advantage of analytics because I'm not going to start using workspace just yet. So you could technically use workspace entirety on premises were closed for them. So we've heard that loud and clear and we are going to be extending capabilities, but you can use existing storefront and tie. Back into our analytics service to take advantage of the same

people that's coming soon. But the important thing there to is that you're using not staying back on a version of receiver. You going to be on workspace app, correct? Exactly like So now this is probably why most of you came here, so we've got you didn't come here to see us fix ecology fellow was going to show us a glimpse into the future if you're pretty excited about this is a all right? So what are one of the show is a couple of demos and and some videos as well, but wanted to follow up to what was presented earlier

here talking about security and work space and some of the things that were announced here this week. So one of the things that was announced that that didn't the store to get a lot of detail underneath it was the hybrid configuration for Access Control. So what what Scott demoed earlier is a great new value-add for SAS and web applications that you can add to Security and compliance add watermarks excetera although up until now what that's required is a you to move your your storefront

Chris. Sorry. I didn't realize you needed to do. Okay, so we'll do that before the right, which is you've got a perimeter. You've got storefront on Prim you've got genap on Prim and for your remote users or for an internal user, they would go to storefront and then connect to there an app for xendesktop and have a direct connection and we recognize that that's a common configuration that people don't want to change this early cuz it gets the best performance and and and provide a direct connection. Similarly if your got external users are go

through a Gateway and then connect in 2 as an obsession that that's running inside the what we're showing the different now and the way to enable access control for gas and web is to be able to now with at user would effectively route outside only for the SAS traffic. So in other words if you want to enable workday Salesforce any of you that the new additional SAS applications that you might be delivering to your employees, or maybe they're getting through their

lines of businesses where you lose control what you're able to do now is provide the access control service, but don't touch her storefront and the way that that happening is we basically created a new utility that allows you to sync the access control. Did the security policies that URL the icon all of that actually gets pulled out of access control and then inserted into your storefront into the DDC. And so that way you are xenapp mission-critical applications are untouched your storefront son touched but you can add the security and the access control benefit that

goes up to the cloud only so let me go through it. Okay, here's the view of the the actual control where you would pick the apps that you want to deliver the SAS apps the web applications the sink utility that talks through an API to the cloud service and then gives you that same ability to launch a SAS or web application without having to impact your your on Prim infrastructure. Millburn absolutely, Chris. So so what you see here is again, this is looks like a an existing storefront, right? Cuz it is but what's new is

these icons the Salesforce then again? What we're showing here is this is not Salesforce running on a hosted browser on xenapp and then launching it's actually launching natively inside the embedded browser in workspace at so again workspace app and is much more than a name change from receiver. We've got an embedded browser with security policies that does things like the watermark like to download control the restrictions the analytics and your effect without all the overhead.

So this didn't take any at its servers. It didn't take any added storage didn't take any added infrastructure or Microsoft licenses or anyting else. I were able to launch and protect Salesforce and any other SAS application like that and do it without the traditional overhead door without the risk that a lot of companies are taking when they allow their lines of business is to deploy SAS applications to employees through a standard browser. You might be able to control the the authentication front but then you have no control after that. And so this

is a dramatic Improvement terms of the security posture for any SAS application. What's your last name. Stops today in to deploy browser-based apps in the primary reason for that is Ida performance or security. So what he essentially showed you is now, you know, you have another option you can use this hybrid SAS model to use the embedded browser to apply the same HDX Life policies for your app for U of M application that no longer have that added infrastructure required to do with the old. Something to think about health care, right Chris

where we have though the workstations that are pointing to a local store Front because they're running a local Estes of epicurus Turner One Of Those EHR step and they aren't quite ready to make all wet move to the Cloud yet. And so therefore they still want to do this ass up stuff. They can nuggets right this way. So how many here have a storefront on Primm? Hands went up there. This is for you. This is a way to add security to SAS applications that maybe you're not doing today or has George said you might be

publishing browsers ons an app which comes with a overhead in the cost of some of the things we've heard about recently is companies that have been doing that but they've got servers that have got Windows Server 2008 3rd, whatever they going to other aspiring and now they have to do something about it. This is a way to actually improve security with some of the same type of H E X features, but without the overhead of doing that for the old man have a legacy application that has certain Java plugin to watch now, you're probably still going to use

the Virtual Lab methodology all his performance is a huge concern. Maybe that's still an approach for the point is for a majority of use cases. You don't need to do that. You have this this year and they can do side-by-side year as well. As you mentioned. There. Are you stationed there better browsers based on chromium. So it's if your app works in chromium, it'll probably work here. But if it does have special requirements of putting it on a host of browsers is still the right thing to do is chromium of all, the tests to be done with browsers is probably the most broadly compatible

one fact as you may know actually even Microsoft has kind of thrown in the towel with Woodedge and they're basing that on chromium now as well. Here is also a new feature which is basically internal web apps. So I'm pointing to an intranet site that's behind our firewall in Miami Datacenter, but you see how fast that launched and his works well and yet it still has the the security Benefits on it. And again, we're adding security to Native web applications without the overhead with great performance. Great usability. Basically a micro VPN back to that site. That's exactly exactly what it is

micro tpn the phone inside the embedded browser with the security controls. So let me move on to some additional. Let's see. What's this one? Okay. So this one got some Tuesday when we announced it and what we've got here is so how many of you have users employees that have native applications desktop apps Windows apps everyone else knows a bunch of hands right as much as we loved virtual there still lots of use cases and lots of users millions and millions that use stop apps what you're seeing here in what we just announced is and is a recording but it's it's showing

launching from work space in this case one note was actually install the ready you just click and it launches but it's Inside the work space environment and then the next out there what we're showing is its private was not installed at this point. We're using the Citrix endpoint management server and an MDM to push down the application. So it's being pushed down and now just clicking launch and run it locally. So that's a big Advantage. I think for companies that want to again put all their applications in one place where there is virtual whether it's local weather its web whether its ass whether

you know, any we keep saying any any but we had a couple of big exceptions before this one thing that comes to mind with this right and then I've had this discussion with some folks inside the product groups. We want the workspace to be that one place where you go to work. That's right everything all inclusive there. I just put Works based on It's really acidic 8 to it and my world is unlocked for me. And I don't worry about any passwords beyond that point. I don't worry about how to

connect. But if I'm traveling out of the work space to get back to a local app, it's kind of a disjointed experience. So I'm really excited about this cuz I think this is something that was that's been missing and work space and one which we lay our on all the intelligent workspace on top of that Nirvana work done one place. Now, this is coming out next quarter and you'll be able to use endpoint management to integrate and deliver native applications like this about you can think beyond what we're not announcing yet, but you can

probably speculate like, okay. So now we have this armor technology broke ligers. We've got this screen capture technology. We've got great analytics for user security. We've got great analytics performance so you can imagine obviously we're going to be able to apply these Technologies to Local app. In addition to HDX that's in addition to SAS apps in addition to mobile app. It's not does aggregation. It's the entire lifecycle right? It's the flying the application aggregating the application and then reporting on the application. It's all of the above and ask customers go down. This transition to

work space is not going to happen overnight for a long time that still going to have those native application that will eventually transition. So this gives us a way to essentially aggregate those applications and also give customers a strategy in terms of how they go about moving suddenly collapse into that was for valders a squirrel or whatever. It might be in the future and Chris on excited about this one. Folks here and someone told me recently either they have it or they want it and if they have it they paid too much. But anyway what we're

showing here in this is not available yet. But again that shows the new stuff that I'm always looking for feedback as too. You know, what what should we do next? And what's the priority and so what we're showing here is extending the functionality of our endpoint management, which already going to what's a robust proven system that has users and AD synchronization and tokenization and we've got this ability to enroll devices. Well, what if you could enroll your badge and so

that's what we're able to do now is actually enroll badge. Is into our endpoint management system and so what you see here is an enrollment process where the the admin would initially when the single time use in tap a badge and give it a you associate with a username and then that one site username is established. The first time a user would would actually click to our tap their badge that they would have thought they would need to enter it as soon as you see the the bad. She just got enrolled in our device management system.

The first time the user uses it they would have to enter their password. But that's a one time use only so they may then login and from there a user would basically just tapped into their session and that's going to Launch a session or could launch a app within a session and were able to effectively use tap to enter and we can also again because we've got endpoint management and enrolled mobile devices we can use the the Bluetooth connectivity to to do disconnect a disconnect based on proximity. So even if the physician forgets to

tap out when they walk away and they're out of the out of the room it'll disconnect automatically and that's one of the things that we are addressing as well as the complaints we hear is the the window the time out window is typically very short because you guys right b i t doesn't trust the physician to tap out and you don't want the EMR screen left up there for 10 minutes or however long, but if you know that When that physician leaves the room that that sessions going to disconnect anyway, then you can give them a longer session without having a

short neck. So I'm dying. I mean obviously Healthcare is a place where I see this a lot, but I mean recently I had an inquiry from a large manufacturer of had an inquiry from a retailer very very large big warehouses interested in Tap & Go Solutions. Do we see it going Beyond Healthcare are there but they're only dealing with health care but there's lots of other industries that could use this stuff. So yeah, we're interested in feedback on this. I'm interested in feedback on it. What what

actually happened under the covers here as well is single sign-on to Legacy apps. So earlier with The SAS apps is we're assuming that that it's a saml enable new modern SAS app and for that hour access control works great. But as you know, there's still a lot of Enterprise applications out there that have credentials usernames ideas passwords that are different than a d and we've got a solution for that now as well aren't that guy? Who said he wanted more passwords apparently left. I think we were solving a problem break. The password

management is something that I'm interested in feedback. We're not announcing it here, but we do have a working where he we've got it demoed it both these things all of these things at the at the end of a shin Hub if if you want to come by and get a more in-depth demo awesome Chris before you leave one last question, which I bet everyone's thinking here. Where do we find those shirts? Need to find me answer your question the clearance rack often. Are you ready for this? I mean he shops

off the clearance rack. This is summarized. Hopefully through this session. We were able to show you that work spaces Beyond just user experience and productivity that are various Security benefits not argue that if you look at most customers at lovers to fix today, it's primarily that security use case and we were hope hopefully me show you all the different aspects that we can address with the workspace still some old-school stuff up imagine that summer. I kind of thought I

felt it, but I appreciate it. Thank you very much for your thank you.

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN236 - Citrix Workspace: addressing the security conundrum”
In cart

Access to all the recordings of the event

Get access to all videos “Citrix Synergy Atlanta 2019”
In cart

Interested in topic “Software development”?

You might be interested in videos from this event

September 28, 2018
app store, apps, development, google play, mobile, soft

Buy this video


Access to the talk “Citrix Synergy TV - SYN236 - Citrix Workspace: addressing the security conundrum”
In cart

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
523 conferences
20459 speakers
7482 hours of content