Enhanced SaaS Security

A SaaS app exists in the cloud, which basically means the organization’s IT and Security teams have no control over what users can capture, save, print and distribute. In the SaaS world, the approach is often “be on your best behavior”.

This is similar to all of the self-service check-out lines we now have at grocery stores and home improvement stores. Either intentionally or by accident, it is extremely easy to take something that you didn’t pay for.

In both cases, what’s the cost to the business? If we are talking about groceries, the cost is probably small. But what about the SaaS app? What if the user takes sales data, technical data or financial data? This is worth a lot more than a $2 loaf of bread.

The Citrix Access Control service focuses on providing enhanced security for SaaS and web apps. Overall, I’d say Access Control currently provides 3 distinct capabilities

  1. SSO to SaaS and web apps
  2. Enhanced security for SaaS and web apps
  3. URL filtering within SaaS and web apps

Enhanced SaaS Security
The challenge with trying to improve security to a SaaS app is that the app runs in a browser on the endpoint device and the device might not be managed by the organization. Do you trust the unmanaged endpoint device? I hope not. It is scary how much accumulates on these unmanaged devices.

But when we enable enhanced SaaS security for a particular SaaS app, the initial launching of the SaaS app no longer uses the local browser. The SaaS app now uses either the embedded browser within Workspace app or the Secure Browser cloud service.

Take a moment and compare this diagram providing SSO to SaaS with enhance security versus the diagram showing SSO to SaaS without enhanced security. You will see a few changes.

Once enabled, if the user accesses their Workspace via Workspace app, they will use the embedded browser. If the user accesses their workspace via Workspace web (local HTML5 browser), they will use the Secure Browser service, which is a managed web browser, running in the cloud and managed by Citrix.

Enabling enhanced security is specific for each SaaS app definition and part of the SaaS App configuration wizard.

In this example, in addition to the watermark, the user is restricted from

  • Clipboard access
  • Printing
  • Downloads

However, we still allowed navigation.

Hopefully, that helps explaining how the Access Control service enhances SaaS security, which is just one aspect of the Access Control service.

  1. SSO to SaaS and web apps
  2. Enhanced security for SaaS and web apps
  3. URL filtering within SaaS and web apps

Daniel (Follow on Twitter @djfeller)
Citrix Workspace Poster
XenApp/XenDesktop On-Prem Poster
XenApp/XenDesktop Cloud Service Poster

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.