Duration 44:42
16+
Play
Video

Citrix Synergy TV - SYN231 - Architecting the workspace for high security

Kurt Roemer
Chief Security Strategist at Citrix
+ 1 speaker
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 23, 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN231 - Architecting the workspace for high security
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
276
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

Kurt Roemer
Chief Security Strategist at Citrix
Mike Nelson
Solutions Architect - Microsoft Solutions at Pure Storage

About the talk

Optimizing productivity and user experience for highly secure environments is not an easy task, especially when highly privileged users can be easily impersonated by bad actors. Attend this session to learn how to architect a workspace that dynamically manages contextual trust across the endpoints, networks, clouds, apps, and services that must operate at the highest levels of assurance. See how analytics and augmentation provide greater visibility and control, and explore design considerations for a workspace that balances security and experience for the privileged user.Note: This session will be available for on-demand viewing post-event on Citrix Synergy TV.

Share

Good afternoon, everyone. Welcome to the session. We really appreciate you coming out and if you're in the right place, that's why on 231 architecting for the workspace for high-security. My name is Mike Nelson. I am a solution technologist with rubber. I am also a Citrix ETA former Citrix ETP. Welcome to the TTP Community that's here today, and I'm almost as your advisor with me today. Thanks, Mike. Hi everyone. I'm Kurt Roemer cheap security strategist for Centrex.

My journey was Citrix began back in the early 90s as a customer. I was responsible for rolling out the Citrix environment and integrating it with iOS to and doing all kinds of fun stuff after 4 years of that moved on around the services Organization for net frame the big super servers 1/3 of our business was running Citrix on those switch was tremendous back in the day Randy consulting firm that specialized in Citrix is one of our practices and along the journey. That's where I met Mike. We've always talked about presenting together and this is the first time we're doing it here live so

so great to be here and just so everybody knows you can hash tag for the session. If you feel free to go ahead and and tweet this out the Citrix Synergy future of work. I'm you can always contact me on Twitter at nail media says he's a little bit too old for that Twitter stuff. So Place for everyone today. There's a brand-new ebook out on helping you to Envision the workspace when you go back in your sharing this information with your with your team with your management in particular your line of

Business Leaders. This ebook is very focused on explaining the business the value of the work space and expanding on a lot of the concepts and use cases were talking about today. We're also going to have some very deep architectural content back behind those. So we're releasing very soon. So you're in the right place to to get a great intro right? And I'll also like to introduce our third who is actually a virtual guest presenter. Her name is Joan and I just to give you a little background. I had the opportunity to interview Joan for different areas

of a topic areas around security and such but she was graceful and allowing us to ask him specific questions and get her feedback from a Christian perspective. introduce yourself So my title is a systems analyst I work in health and human services for a local government. I'm actually an IT person that's located within the business unit of Health and Human Services. I've been there for about 20 years and I've been doing what I do for about 30 years. I'm working

basically for seven different agencies within one Department. I am a HIPAA privacy security compliance officer. I'm responsible to ensure that staff within the department have the appropriate minimum necessary access to information both verbal written and electronic within all of our local application as well. As over about 60 State applications has quite a bit of you know, security responsibilities not around just users but also devices and now will get into a little bit about the you know, the workspace.

Microsoft recently introduced the second Frameworks and where do the Defcon framework different levels and when you look at this you realize that there's a lot of varying security responsibilities within most organizations ranging from Fairly basic security needs up to the most stringent security needs the people who are managing your keys your certificates. Yeah, your domain administrators or Cisco administrators other things along those lines. What were focusing on today is talking about the privileged portion of this chart and so one to show this job helps

to frame a lot of lot of the discussion out. We're going to focus on some of the things to help your most privileged workers. Write to go from here with saying that with you know, the same with great power comes even greater responsibility. Right and this can't be sure then when you're dealing with a privilege workspace because if you think about it, not only you if you're in this situation where you have this privilege, which I'm sure most if not all of you. Do you know you have unwilling power over things that you can control from the user's perspective Vice applications data. So on and

so forth and what you need to do is you need to understand that anyone also that can become you or impersonate. You also will have that power and it's it's it's important to understand that it's important to understand how wide that that privilege can go. So we're going to do is talk a little bit about that. If I became the bad after given my current privileges I could delete I could edit I could copy and I could sell a whole lot of information about every consumer that is ever entered our facilities

both their family information medically and financial information. I could print off every social security number and all the medical diagnosis is on every client that has ever come into our facility and I'm pretty sure I could probably make pretty good Dollar in the black market with that information. This is a real person. This isn't someone reading a script. I think it definitely qualifies as privileged and you'll hear a little bit more from Joan but it's not just about locking somebody like that down so that it makes it almost impossible for Joan to do her job in the

rest of us. It's about really making sure that we're balancing security productivity and cost and being able to dynamically dynamically balance those two battle. We've got the best experience at all points in time, but we're protecting very sensitive resources at the utmost level one. We need to write so this is frame up a little bit while we're going to be talked about during the rest of the presentation. We are going to be talking to different aspects defining and defending okay privilege as as we talked through that you're going out you're going to see the different aspects that

I'm going to be looking at the privilege work face and how to actually design it. Then contextual trust if it will explain that a little bit will talk about how did dynamically manage that then we'll go on to what curtain I put together. He has some thoughts tools techniques so on and so forth for optimizing the security product of 80 and the cost. Okay, so we're going to start with a fairly basic definition what is privileged and I'll go ahead and read those cuz it's a little small up there on the screen privilege is defined as a special right advantage or

immunity granted are available only to a particular person or group. All right, how many members are gone. It's interesting. When you look at the definition of privilege doesn't always match through to what we think it is. Let's explore that little further who is privileged. Right? So we're to look at who is actually pretty as you look at yourself you look at the the folks that you work on on your team. The people that are around your department your organization. It's not only in that area a lot of folks tend to kind of compartmentalizing

containerized it into just you know, your your immediate your media teammates and such but it goes beyond that it goes outside to go to third party. External worker even going so far as Auditors internal external board members don't even know that actually board members have privileges that could affect, you know, your users and your data and so on this test is anybody who has responsibility for people process technology or strategy at a material Level is privileged. Okay, take a

look at this list not going to run through this because I'm sure everybody in this room is familiar with things in around here. But one thing I bet you haven't thought about. How to beat the by Your Privilege Workforce, are you doing anything different for your privilege users to help address a lot of the threat sit around this list. NFL why not? We really should be right. So we've got to think about that but we can't make anything more complex because complexity is not just the enemy of security. It also deeply affect productivity and costs. We got to find

a way to address this book makes life a little more easy to manage. Let's hear John has a situation that she she has we did have a situation occur a couple of years ago where a user clicked on something in an email beyond that something brought ransomware into our environment. If something like that had happened with my login, it would be devastating right absolutely would be devastated anyone in this room you can attest to that it would be devastating to to not only you but the organization in the people anyone that's involved. So in that scenario having an actual, you

know privilege workspace to find is critical. So when you take a look at this, how would you architect a privilege workspace? Okay, think about that. How would you actually start even conceptualizing a design of privilege in the workspace? It has to be to buy so we're going to hear another example scenario where Public Works base could be created and security could be situationally aware. He can be contextual an automated. I have the ability to have access to information that no one but our director has access to as well. I have the requirement to do

background checks on all of our staff all of our physicians as well as our managers and our director as a result of that I have access to driver's license numbers Social Security numbers and highly confidential information as well as the results of those background check. I find that incredibly interesting. I really do because if you think about it the amount of information that she has just dinner daily job and doing this types of Investigations and background checks and such like that in a government situation in a public sector type situation that can be almost unnerving and

is it really something that you know you want to do? I don't know if I want to do that now, you know, so I give her a lot of credit for that end of the extent of the secure information that John has access to you know, as well as how high up the chain and goes How high does it go? How how much does she information does she actually have on elected officials? Okay, things like that to me from a security aspect. That's something that just has to be that has to be to find it has to be that, you know put into some kind of a process in a container if you will in order

to exercise the privilege UK. What I want to do is I want to take this a little bit differently. So my history is I've been in it for 35 some year long time, but I started out and I was actually a part of a break-fix part-time break-fix type scenario and then I moved your system administrator. So what I like to do you through a little bit of what I went through as a system administrator and some of you may experience the same things if we have a lot of this admins virtual admin Citrix admin, I'm not sure if we haven't even really see levels or

management in in the audience. I don't know if you want admit it, but you know, okay so good. That's good to hear. So I started out, you know as a young sysadmin. Okay, this is actually my my son. My oldest man. Next week. He is graduating high school and he wants nothing absolutely nothing to do with it, which is you know, kind of a good thing and a bad thing really, but this is my home office as it stood 20 some years ago when I started to work for

a tax and accounting firm and when I take a look at this I think back because the things that I would do remotely, you know via modem dial up at that time, but I would be able to access that data and be able to bring it in my home office and I would actually have that information in my home office. So I started to think about how I actually tried to secure my workspace secure. Let me lose. My son could access the information wasn't secure at all. Really. But I'd like to take you on a brief we know walkthrough of the experience. So

you really given the keys to the kingdom, right? That's that's what you're giving and these Keys unlock so many different doors. They are unlocked so many different privileges. They allow you access to things that you know, sometimes you don't necessarily want access to kind of like and somebody might relate this time like images in your head. You just can't forget that you don't want to have in your head because you know, you see here and do things that you know have a history trailing and may affect other people in different ways. And it looks like all those keys and access privileges

just accumulating are not taken away forever. They keep on growing because people just throw them at you know, they're like, oh you take care of security here. We bought this you can take care of that you bought that you can take care of that but also one thing that really really got to me as a sysadmin. Kind of cross boundaries. It kind of went into my personal life. Not just my professional life and that the reason for that is because like I said I had information at home, right but I was also had information when you like an interpersonal Communications

sitting down talking to someone having a beer with somebody or something like that. You never know when something, you know might slip out something might you know, we might get another conversation about something and I didn't have any boundaries around that back. Then there was really No Boundaries around it. We have a security was like there was no investigation when you know, we never did any investigation may be in the larger organizations. Obviously they did but in smaller shops, they never really did anything like that. So it when you think about it a lot of what I did

was quite honestly acting like a Cowboy until kind of shooting from the hip and hope I get something that's about you know, what my job was when it came to security So in the Kingdom okr proves extends to a whole bunch of different objects, when you're talking about objects that are around all of the different things that you interact with the people going from the home down to you know, that even the recycle bin audio male communication all kinds of different things that that can affect that okay and when you think about all that, how

do you think about it compared to what some other people think? Okay. So when have I was going to get asked you what is the definition? What do you think about the privilege Works Bay? Okay. How would you answer that? Why would around and I asked a few people. I feel really smart people that I know not to give me their thoughts on that. What album was Brian who I work with in the insurance industry was a ciso and he said on paper securing the privilege workspaces easy part gets the people part. That's hard how many people can relate to that? Really? I mean, it's it's it's really I mean,

you can put stuff down on paper. You can create processes you can you know right until you're blue in the face, but if you can't get the people actually do it, that's the hardest part. That's where you get affected. That's where your you know, you get making steaks and things like that. Another one. This one comes from Dennis who is here at the conference by the way independent security consultant and an offer not on security, but I need to see he's a privilege causes problems and depending on how those problems are handled. They very well could be career-ending ones. Let that

sink in for a second. Privilege can cause problems and if you don't handle it, right? Yeah, you could be in a lot of trouble or actually, you know moving responsibility to someone like your boss or something like that and then get them in trouble. Next up we have open it as a good friend of mine. I'm from Wisconsin. He's a part of the hospital Healthcare. Everyone is privileged from the basic user to the seat. What matters is what date is being accessed what app is being used and what physical space they are in

when it's you that's true. It really is because you have to think about all the different aspects when you're looking at the overall workspace. And then lastly we have Mark who is Elite security analyst Consulting Partners security privileges a very Broad and diverse subject with people honestly identifying what it is isn't the hard part for me, but getting people to agree on it is so he even took Brian's and took it even the step back and said I can write all this stuff up but getting someone to agree that that's what it should be is the hard part. We haven't even gotten to the

real people pardoned implementing. It's just the agreement on it. What's take a look at how we would design a privilege workspace to help address? A lot of the issues we've seen when you look at the design considerations, you have to be able to combine the people the process technology and strategy and it's got a bridge both physical and cyber. It has to be very comprehensive because we have physical and cyber Integrations with iot with robotics with a lot of Virtualization technology The Sandlot of visualization Technologies, and it

brings in safety aspects as well. So this really needs to be able to help across all of our usage. And of course it's got to be focused on the business. It has to be zero trust from the foundation because if you don't start with zero trust and verify and roots of trust and build on top of that you're building on top of Shaky Ground, so be able to get all the way down to a verifiable route to trust and then build on top of it. The next pieces probably though the key point on this slide. It has to not just be identity enabled but also Persona

enlightened. Why is that? Well, what's identity if you ask most people I don't need to use their credentials, right? That's kind of a common definition. We all know it's a little more than that, but often times even if you express the absolute strongest identity in the world, what if you've got multiple personas what if you're an administrator for multiple different domain different clouds different applications should you be applying the same identity as you make major changes to each of those environments maybe even across competitive boundaries, I would

argue no identities great, but it's not granular enough. We need to move to being able to manage personas a big part of what we're going to be is designing Automation and augmentation into the workforce and Mike's got some really really great thoughts around there that that will work on. And another key aspect is resource delivery. We've got to rethink resource delivery right now resource delivery has been based on Portals and all kinds of other things. Let's think of a resource delivery in a little different. So take a look at what that might be.

If you're delivering resources any resource you have one of the four ways to do that you can go direct do is known as native access this once somebody go right to the technology you pick up your brand new laptop tablet smartphone, whatever and you go right out to the web your sass App Store cloud. The second way to deliver a resource is through a proxy forward reverse content filtering scrubbing rewrites Reader X all the great things that proxies do I caution you on one thing here by the times when people think proxy they think Network proxy one aspect you can have

proxies all over the place including embedded in browser Frameworks, and we're going to talk about that proxies are going to be even more useful as we move to the cloud. Birdway, no big surprise virtualization virtualization allows you to deliver a representation of the experience without actually having to deliver the data down to the endpoint without having to push. I'll let HTML every time somebody clicks on a new link or hovers over something so virtualization gives us some really interesting ways to deliver resources will talk about that more in a second.

The fourth way, of course is containerization when you think a containerization to think Beyond just Docker and kubernetes, very important container Frameworks. There's also mobile container Frameworks, there is project-based container Frameworks containers are basically for mobilizing the experience and they also help to enable an offline use case. So regardless of what resource you're delivering you're using one of these four methods today, but I would argue though is you should use a mix of these four methods and instead of determining this when you purchase the

application or publish the application, you can dynamically determine this based on context and so you can pick the right delivery method for the right situation getting you a couple examples of that. One very common example is using the web web browsing is really easy. Right? Click on the browser. Go to a resource. Well, that's the way it should be but web browsing is also very complicated in the back end most web browsers are extremely over configured. They've got every framework known to mankind built-in from flash Java JavaScript Silverlight.

You got at blockers integrated with their other extensions things that you might have plug-ins for other applications. You've got certificate chains for your country other countries countries, you might not completely trust But guess what? It's all there. It's got access to your file system. Your registry your key is your passwords and browsers are completely over configured, right? Big deal. What do we use browsers for everything these days they're used from the Casual watching a couple cat videos or catching up on some current news

events to while being able to go through and administer the cloud and Cloud resources and then one click be able to create or completely destroy an entire Enterprises Cloud presents. We have to do a much better job at protecting browsers. So with that is it a quick setup for the slide when you look at delivering browser on point run the native one as you see all the way on the left. Typically what comes in batted usually it's a very OS embedded browser with a lot of connectivity. I would say that's only used for some fairly low risk type of

situations increasingly on the device. You can also have a containerized browser and you see that weird things like bromium. You see that with Microsoft with what they're doing with Edge in integrating the chromium aspects even see that was a text with workspace app and some other features that we've announced this week that help you better containerize the browser experience and make it more specific to purpose. So you can launch a containerized browser that only has access to a single application doesn't have all the Frameworks turned on just the ones you need doesn't have all

the different domain access. Just the ones you need the same thing with certificates. You can make your browser much more specific to purpose now I cannot because I can attest to this cuz working on Kirkwood kirtan his presentation. He was using that type of browser and he made that a vehicle. You said he couldn't help me create the dark because he couldn't know you have the right extensions. You didn't have all that stuff and the data center and you're familiar with that. If you're a Centex

customer, you can publish a Windows or Linux experience. You can use any of the browsers that are out there and you can deliver this through 10 apps on desktop. You can go ahead and deliver your virtual browser on top of each bi as well so that it's got hypervisor introspection and capabilities to protect that the hypervisor level and then you can also Cloud host browsers. And why would you want to do that? Well, sometimes I cloud-hosted browser is a lot closer to the application which makes it faster. Sometimes a cloud hosted browser is within a specific

region which helps make it more compliant sometimes as well as cloud-hosted browser will allow you to have access to a non-strategic traffic things like Facebook that you don't want on your network. You don't want on your systems. You don't want any of that in your lot. You might be running a library where you have to have open access within the United States and no content filtering but you know, people are searching for a not-safe-for-work material. Why have that come across your network and be in your logs? Why not just have that stay in the cloud people are using this

for a lot of reasons and it's one of the other options we on the right hand side. Also a lot of the technologies that you want to integrate with these browsers so that you got additional security capabilities. And now I'm one that I like to call out. Is web app firewall if you have any browser-based portals that are accepting credentials, you know, you're asking somebody to login you're asking for their password their multi-factor credentials. Make sure you've got a web at firewall in front of that. It gives you some additional protections to be able to look for people are

hacking against that site and give you some additional disability more detail on this web browsing actually had a session on this yesterday with bitdefender that went into quite a bit more detail, especially with the HPI aspects welcome you to watch the recording it out. If you want to get into more detail obviously resource delivery applies across everything from Windows and Linux workloads. All kinds of different apps. I want to use browsers and I want to use SoundCloud web-based apps cuz that's the future and the future is here, Trey. So we have the five W's of context. Yes,

we do. So like talked about being able to dynamically pick the delivery method you do that based on context in the contacts is what I like to call the 5 W's who what when where and why for every single access request for every single usage request for every single transaction that's significant. You have to re-evaluate these five W's a contacts and make sure that the device is still at 11 o That's trusted enough to be able to perform this transaction that the location is sufficient to be able to access this resource live here in the office and you get direct access because you're in the

office if you're going to be working on an airplane, that's probably going to need to be containerized in most places. What if your workspace did that for you and it put information out in your container that because of its situational awareness of knowing that you're working on an airplane is only risk appropriate stuff that you should be working on when you're on the Play when we talked about automating the privilege workspace. That's what we're talking about taking these aspects of contacts that previously would have just been a static power login and applying it to everything that

people do so that your situation is constantly being evaluated part of situational awareness and you're always working in a risk appropriate fashion. And by the way, if there's any violations to that you can either just gently nudge the user and say hey I look you're you're trying to send something that would violate company policy or did you know that there is social security numbers in the back of this Excel spreadsheet you're sending and be able to give them some active coaching without calling out the dogs and turning on all the alarms and sending an HR and legal.

But when there is something that's a serious violation you now have disability and do exactly what where and why and you can take more appropriate action even automating that that's right. So now we're going to talk a little bit about that. Some of the thoughts tools techniques that curtain I had come up with that. We think are really important kind of takeaways for this session. We'll start with some of the Insight. No, one of the challenges that we have is privileged workers these days if we don't always have all the intelligence that we need all the insights to be able to do our jobs

properly. Give me a little bit of an example, you know, you get up in the morning which one of the first things that most people do. No, not that for information you go out and check your news weather and traffic you want to know what's going on what's relevant to you. What's important? You want to know what the conditions are what the threat is. Are you going to be able to just go outside on a nice clear day or do you need to go hide in the basement somewhere and then from traffic perspective, you know what your experience is it going to be fairly straightforward. Are you going to have

any challenges working with other people or there certain things that are going to be causing latency your other concerns or what if we built this into the workspace and you had intelligent that was curated just for you telling you exactly what you need? New smartphone or ability came out yesterday on Adobe Flash. Everything needs to be updated. Guess what While You Were Sleeping the workspace took care of that and said everybody is accessing a flash-based app neither patch that for you or we remediated it over by sending you to a virtual session that

has the Flash Player containerized so that somebody can't remotely attack it. And by the way, the guy who is supposed to update flash for everybody is on vacation this week. So we sent it to the next in command. We automatically noticed that sentence here's what's going on in by the way. Here's how the remediation is going for you. The attacks are coming in and here's what you need to tell your customers and suppliers. So think about automated intelligence. It'll be very similar. I'm sure there's a lot you can think about in terms of threats. But what if you had Direct

information on threats that were relevant not just your technology but also to your business pulled from the news pulled from internal sources pulled from applications curated on things that are actionable for you and if they're not actionable for you or you don't need to make a decision they been automated for you and then similarly with the experience, how can you make sure that your understanding exactly what to expect as you're working with others as you're making changes to the environment as baby down time when the clouds service causes some some blips. How do you make sure that this is

handled and any of the constraints her noticed as well so built this into the workspace and make our lives a lot easier. This is the first and most basic stuff right and now we have here from Joan here. Maybe not. There is so much time waiting for someone else to do something. When if we just spent some time creating the Automation and did a proactive approach to protect me as well as my employer to make sure that I have the access in the information that I need at a

minimum level. It just seems like the right thing to do. So I personally found that that part of the interview that I had with her very compelling because she's basically saying that it would not only make things easier for her and her her supervisor her management, even her users from an aspect of implementing security. If you can automate if you could bring some of those controls and make it easier for them and make it easier on their lives overall. It would make her her professional life and her personal life a lot easier and

I'm in what would Kurt was talking about Autumn? Things is really key. So I'm going to talk about Jones interview here in a couple takeaways. I want you to want you to get I headed this interview with Joan lasted about a half an hour. I miss recording was cut down to about 12 and a half minutes. You'll be able to download the entire recording on edited except for you know, the bloopers and outtakes and you know, stuff like that, but you'll be able to download that with the deck so you can hear the whole thing in its entirety like we didn't doctor anything or edit anything and you

don't make Jones say something. She never really said the only thing is that she didn't want to give her real name because she works for governor government entity and she didn't want her likeness use because obviously she's not at a position that you can do that but some key takeaways the public sector isn't that much different from the private sector? How many people in your actually work in the public sector? I work for government anybody in here? Okay, so you can jive with what Joan is saying right in terms of you know, how did the processes prophecies and

policies and and hierarchy a little bit more bureaucracy and red tape in the public sector, but it's pretty similar to private-sector today. They're kind of lining up together. You still have to do the same things. You still have to architect for privilege. Are layers and layers and layers as if you listen to the whole interview she goes through and talks about the different things. She has to go through 12 steps just to get just to get someone permission. She has to go through a 12-step process and the 12 steps to know to go to the 12-step process

application processes and policies. Like I mentioned unfiltered access to privileged information both personal and professional. This is what I talked about for when she has access to, you know, private information personal information for people that are elected officials management, you know director so on and so forth that are above her pay grade time that itself can be, you know empowering but at the same time it can be detrimental as well. And I'm finally part of her interview. That wasn't in the clipse was that we I asked the question I said if she

could actually estimate the amount of automation that she currently has today. And if you listen to it you hear her say that she estimates about 20% of what she does is automated now, I think that's extremely generous because we went through some of the things that are automated and some things that aren't automated and I can tell you that we spent a lot more time on the stuff that isn't so I think she's being a little bit generous there, but I think it's a step ahead for her because what she came from 20 years ago with pencil and paper what is now, you know of automated to you

know, what she thinks is automated what what you know, it is better than what I used to do, right? And then finally light would just be easier with automation. I can't impress that enough everyone in this room should you know, I automate all the things it's really it really can do justice in terms of helping you out in your career and general life life in general. Look at home automation things like that. It's Spritz. It's spreading out Beyond just the workplace. So, finally some more thoughts here. I'm not going to go through all these what I would like to highlight

is the first one automate the Monday like I mentioned before I take the opportunity if he doesn't have to cost anything, it could be your own experience learning how to automate learning how to use tools to automate but also, you know take a look at how you do security. Maybe they're just some simple steps. You can break down from five steps down to down to two or you know, and Implement work clothes things like that. And then finally, I believe and it's time to launch your digital twin now I can tell you from personal there. Probably a lot of people that don't want to see a second

me and what I mean by digital twin is the ability to have you know that AI that ain't that that Persona be able to do those tasks for you to automate those tests and Dad Persona would be a virtual Persona that can go out and you just tell it Go do these things take care of this for me and it knocks it out. You have to be careful with that. Obviously a lot of tests you involved so on and so forth, but the digital twin is and what we believe is inherently the future of how security is going to be handled in the workforce

wife. Think of all the time that you're not spending working attacks are still coming in business issues still happen customers still have needs and desires. So the digital twin will be there helping to take care of that for you. But even when you are working one of the other things on this slide that we really need to address is the disruption and distraction house backed up all of our jobs if we could just take that away. We would be so much more effective and so much happier. So

that's also something we build into the workspace and have to concentrate on that. Couple of other things to think about passwords. We all know we have to get away from multi-factor off is something you have to have if you are privileged and we've got to make sure that that's out there and look for anybody who is privileged to his does not have two-factor multi-factor a table and get that fixed right now as we talked about dynamically deployed resources, and we talked about the five W's of contacts and being able to do everything so that it's situationally

aware and risk appropriate that's not just for Access. That's not just that login. That is all throughout life cycle usage. That is another really big change as we move to the privilege workspace is we're focusing on usage lot of technologies have to be integrated. We have to constantly be thinking about how to how to reduce the attack space or how to properly mitigated based on those deployment options and Does the last pieces one that I want everybody to think about quite a bit because their projects out there for infrastructure as code and probably many of you and

this rumor engaged in those those projects and that's great to be able to automate your your it processes but take that even further so that configuration is code is working for not just the infrastructure technology, but other Technologies and also as business processes and practices onboarding off-boarding, so you have somebody who gains a certain level of privilege their flag and as they leave rolls or leave the organization that privilege is appropriately reduced or taken away and that's something that can be completely built in and scan for

as you have code. And as you're making changes to privacy policies because you're making changes to appropriate use policy in some of your internal it best practices if those were expressed his code. Much easier to look at the impact of that change model the impact that change and be able to go back and do retrospectives on where things were in the past and guess what the ultimate expression of that takes it all the way through to your culture. So they're many organizations that are embarking on improving their culture to be able to better manage security and get people

to have more of a security-focused if you can express culture is code and build that into the privilege workspace. You're helping to constantly be coaching people to do the right thing. That's right so I can take away from the session we're down here to our our final minutes privilege is the currency of digital transformation. Okay buzzword alert digital transformation. Everybody's kind of using that those buzzwords but really black cats and white hats already know. This is not a secret. It's you know is something that everybody knows so protect your privileges, but not only yours, but

any highly privileged That you have you as a responsibility even as just from a good citizen standpoint. You need to help out in the end do that as a cyst. Admin has it administrator in it in general personas are the new perimeter. We've got to make sure that we're moving beyond just simple Expressions that identity and will really thinking about what is the Persona that you need to be expressing? What are the boundaries that Persona how does an interface with your other personas or isolate from your other personas and make sure your building that into the workspace as well. And now

the definitely helps as your further automating and augmenting and engaging your digital twin because you definitely want to set some boundaries there. Right and finally, you know, just like it says in vision and embrace the fairways were stationed as a massively, you know, disruptive Force for transformation you now have super powers when I wish I had the superpowers and I realize those superpowers that I had because I would have probably use them, you know in a much better way I would have I would have thought about a lot of things before I actually acted on them and with more

forethought to use them wisely. App that is it for us? We'd like to thank everyone for coming we have about a minute-and-a-half here if anybody has no quick question for us you have anything else you want to add before we intro the bond. So this is just been posted. Nobody else has this right now and it's something where the links up on the top if he can take a quick picture. Otherwise, you'll get get this is part of the slides. Like I said, this is something that you can hand out to your line of

Business Leaders to people who don't even know what a workspace is why some of the concepts were talking about in here? So essential it's going to help you intro what you need to do to the rest of the organization. This is step one of a lot of content that we've got developed that will get you into developing the privilege workspace Concepts that Mike and I have talked about her today. Stop with that we have about 30 seconds left. We thank you very much for coming over tonight. And we hope you enjoyed it. Then you learn something. If you have any questions for you can talk to us

afterwards, or you can reach me on Twitter right now media, and I'm sure if you, you know, send a homing pigeon over the Kurtz way, you'll be able to answer. Thank you very much.

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN231 - Architecting the workspace for high security”
Available
In cart
Free
Free
Free
Free
Free
Free

Access to all the recordings of the event

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “Software development”?

You might be interested in videos from this event

September 28, 2018
Moscow
16
128
app store, apps, development, google play, mobile, soft

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN231 - Architecting the workspace for high security”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
523 conferences
20459 speakers
7482 hours of content