Citrix Secure Internet Access
What is Citrix Secure Internet Access?
Citrix Secure Internet Access (CSIA) is a cloud-delivered service that provides secure access to web and SaaS applications, globally. It provides a complete stack of security capabilities such as Secure Web Gateway, Cloud Access Security Broker, Malware Protection with Sandboxing, Intrusion Prevention and Detection Systems, and Data Loss Prevention.
Along with Citrix SD-WAN and Citrix Secure Workspace Access, Citrix Secure Internet Access forms one of the pillars of the fully integrated Secure Access Service Edge (SASE) solution provided by Citrix.
Citrix Secure Internet Access provides secure access to web and SaaS apps inside and outside the Citrix Workspace, irrespective of user location. It adds an extra layer of protection for Citrix Workspace users and also integrates with Citrix SD-WAN for a fully converged Citrix network and security solution.
Features and benefits of Citrix Secure Internet Access
Citrix Secure Internet Access helps provide unified management of services made available through Citrix Cloud. The following list summarizes the key features and benefits of Citrix Secure Internet Access.
- A holistic view and granular control over the comprehensive security capabilities, provided on a single platform. This is provided alongside analytics for identifying security incidents, unusual behavior, reported risks, productivity loss, and policy violations.
- Users with both SD-WAN and Citrix Secure Internet Access entitlements can manage these services from the same pane. As a result, all traffic and users are protected with a combination of network and security architectures in one platform.
- Simple and fast deployment, with automated configuration between Citrix SD-WAN and Citrix Secure Internet Access.
- High performance architecture that scales at cloud speed.
- Single pass architecture for optimal performance: traffic is decrypted once, and all security controls are applied before being re-encrypted.
- Reduced latency with SD-WAN: auto-selection of the closest Citrix Secure Internet Access gateway node.
- Automated updates for the latest protection against security threats.
- Backup links for dual resiliency.
- Faster troubleshooting for IT due to the single, unified view.
Privacy. Each customer’s data is processed through separate gateways and segregated in the Citrix Secure Internet Access service based on enterprise. For GDPR compliance, data is locally inspected and logged.
- Better remote working user experience. Moving network security to the cloud, where the resources that users want to access already live, brings security closer to the users. Citrix Secure Internet Access service has more than 100 points of presence (PoP) across the globe.
For more information about the key features and benefits, see the solution brief.
How Citrix Secure Internet Access works
Your users might access unsanctioned web and SaaS applications using one of the following methods:
- through virtual desktops using Citrix Workspace
- remotely from local host systems
- from a branch or home office
Regardless of the method of direct internet access that the user adopts, traffic is redirected through Citrix Secure Internet Access.
The following diagram is a visual depiction of the different use cases.
As shown in the preceding image, the following three key use cases describe how the process works.
Citrix Virtual Apps and Desktops. Remote users with Workspace apps can securely access unsanctioned web and SaaS applications through Citrix Virtual Apps and Desktops. You achieve this by installing a CSIA Cloud Connector agent on the Virtual Delivery Agent (VDA) to redirect all internet traffic to the Citrix Secure Internet Access service.
Native browsers on host systems. Remote users can securely access unsanctioned applications using their local systems, such as laptops and mobile devices. These devices can be managed or unmanaged. To secure the traffic on these devices, install CSIA Cloud Connector agents to redirect all internet traffic to the Citrix Secure Internet Access service.
The Cloud Connector agent also authenticates the user and installs the appropriate certificates for SSL decryption. Cloud Connector agents are available for the following operating systems: iOS, macOS, Android, Windows, Linux.
Branch offices. Onsite users can securely access web and SaaS applications through Citrix SD-WAN by redirecting the traffic to Citrix Secure Internet Access. This occurs through IPSEC or GRE tunnels, without the need for a Cloud Connector agent.
Citrix SD-WAN automatically creates secure connectivity to the closest Citrix Secure Internet Access point of presence (PoP). Traffic is tunneled through IPsec or GRE tunnels. Redundancy is achieved both at the tunnel level and through multiple links to primary and secondary Citrix Secure Internet Access PoPs.