Citrix: endpoint security is not enough to protect business data

clouds and padlock

Mobile device management (MDM) and endpoint security are no longer enough to a secure workplace IT, Citrix has claimed.

Speaking at a security panel session at the annual Citrix Synergy conference in Orlando, Florida, CTO Christian Reilly said: "[Security] is not getting any less complex and let's not pretend that we are going to win security by securing the device, because by a large portion that is an unwinnable war."

Reilly also pointed out that the proliferation of devices now goes far beyond the bring your own device (BYOD) trend, thanks to the Internet of Things (IoT).

"The sheer number of devices we're going to see connected on these networks is going to surpass anything we have ever seen before ... and all these devices are going to chuck out tonnes and tonnes of data," said Reilly.

"Typical security has been based around user interaction. So I am a user - a human user - interacting with something. What I think we are going to see happen really quickly is machines will effectively outnumber humans in terms of connectivity and data transmission, so again we are going to think about this very differently.

"The question is do you to try and secure them all, or do you just try and secure what really what matters?" he added.

From a Citrix point of view, there are three ways to approach the problem of the changing threat and security landscape: focusing on data rather than devices, using a multi-faceted approach to security, and virtualisation.

Gier Ramleth, chief strategy officer, said in the second day keynote: "[We] want to start keeping the data back where I can control the data, in the data centres. So we do virtualsation. And then if we then have to move it to other devices, we want to containerise it."

"Now we need different forms of security models to deal with that. You have to tie this down. The model I use is 'DDRR': Deter, Detect, Respond and Remediate. We can't plan what happens to us, but we can plan how we deal with it and that's where you have to go," said Ramleth.

According to Citrix, XenApp, XenDesktop and XenServer work to secure data through virtualisation, NetScaler and CloudBridge secure the network, and XenMobile, WorxApps and ShareFile secure data through containerisation.

However, the company has been at pains to state it is not a security provider, but a "security partner" that has its place in a wider picture.

"We understand that we have a really strong play in some security elements, but I don't think there is any vendor on the face of the earth that could throw a blanket over everything and say 'we have you covered' and would stand behind that with a guarantee that if you were breached they would pay for it," said Reilly.

"This is a scary world we live in ... and that is not going to get any less complicated as we move forward with where technology is going. The big piece to remember in this is we have to be prepared and Citrix as an organisation, we have to be able to empower our subscribers of the normal workspaces to be prepared.

"This is not something we do on our own, we are not a security company, but we are a key partner in the fabric of security," Reilly concluded.

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.