Skip to main content

What is Citrix Secure Access?


There’s no doubt that digital transformation means very different things to different people. You don’t have to look hard to find plenty of industry rhetoric about Covid-19 and the resulting lockdown being a massive driver of digital transformation. For some, that driver resulted in more VPN, which kind of works but in turn has resulted in a whole spin off conversation. You know the one, about the precedence that a user needs full network access to get to an app or a piece of data and the ensuing argument that there’s some VPN hack risk associated with that access all areas idea. And no one likes risk.

The other thing that happened was probably more transformational. When we couldn’t communicate over desks, many of us hung out, zoomed and ‘teams-ed’. From the antiquated accountant to the artisan doughnut store, practically every organisation that possibly could went ‘more’ digital overnight. The adoption of ‘aaS’ was huge and ultimately spawned literally thousands of combinations of traditional data centre, public cloud, SaaS and other ‘hybrid’ services in to what have become our familiar, digital workspaces. Users rapidly de-coupled from the safety of the office (and corporate network), and all the data that was in one place, was inadvertently distributed across various clouds and user locations.

There’s an added twist. Users got really UX focused, really quickly. High def video conferencing became a basic demand overnight so network latency came in to play and things got really complicated. Not familiar? Check out Microsoft’s 365 Connectivity Principles, network latency between user and MS PoP became such a common support case factor, it became, well, this >

Condensing all of the above, think about your own current services, what they are, where do they come from, who accesses them, from where, using what. Now add those thoughts to these ones…

  • It’s risky to give users access to all areas of the network when what they actually need is access to apps, services and data.
  • Users are hybrid workers, they are increasingly accessing services from more locations than before, home, the office and co-workplace or coffee shop.
  • More often than not, users don’t all have the same kind of end point either or at least they have a mix of devices including a variety of BYOD.
  • VPNs connect users to a specific place, usually a data centre but hybrid workers don’t typically consume services exclusively from one place anymore. The current service footprint typically involves traditional data centres, Iaas, PaaS, Public Cloud, Private Cloud, hosted service, managed service and SaaS like Office 365.
  • There’s a lot of data spread all over the internet so managing access to VDI, virtual apps, web apps, SaaS apps and whatever else a user needs to access is  a bit beyond a VPN. Actually, it’s a long way past a VPN.
  • If we’re going to be effective at managing risk, we have to inspect traffic on the move especially now the internet became our new LAN, recognising risks and protecting against data loss way beyond the traditional perimeter.
  • Latency breaks UX and bad UX harms productivity.



Balancing security and productivity

So back to Citrix, and our traditional virtual desktop, a single place to access everything the user needed to do to go about their day. Everything was in one place so it was easy for the user to find what they needed to be productive. IT could control who got to the virtual workspace and what they could access when they got there. Need to lock data down, control downloads, disable screen capture, or restrict access to sensitive data, if the end point, network or time of day made it look dodgy? That’s Citrix all day long.

What’s needed today is a way to provide VDI like service aggregation with security, access control and data loss protection but for everything the user consumes in their day, including SaaS, web and cloud hosted apps. Now, there are a lot of security vendors who are looking at this as a security problem, but the problem isn’t just security. Services can be too secure so it’s a security and productivity problem which is where Citrix Secure Access comes in.

Citrix Secure Access is a modular, cloud based security stack that can be specified to match the risks associated with your unique service delivery model. It combines common, adaptive access control for all users on all devices with machine learning and artificial intelligence to dial up and down security posture based on the risk in any given access scenario. It gives users a single place to logon and access everything they need to do to go about their day. With added protections for web apps and APIs the solution is completed with detailed analytic capabilities for compliance management. Citrix Secure Access comprises of 4 key components that can work independently or together to be greater than the sum of their parts, each with their own customisable feature sets to match the individual requirements of the organisation.


A typical Citrix Workspace end user experience with everything they need to be productive securely accessed from one place.

Citrix Secure Private Access (SPA)

For services published to internal teams

Traditional VPN replacement and foundation keystone of a Zero Trust architecture. SPA aggregates all services including VDI, IT published web apps and all SaaS using Citrix Workspace with dynamic, adaptive authentication and access control capabilities that and dial security up or down as the risk dictates to remain compliant.

Read our Citrix Secure Private Access blog post


Citrix Secure Internet Access (SIA)

For services consumed from the internet

A suite of cloud based products that work together to protect users from the often hidden risk of internet exposure when working from anywhere. SIA inspects all traffic to and from the internet to identify and block threats like malware, ransomware and phishing attacks. It provides classic VDI data loss (DLP) tools such as anti screen grab or key capture for SaaS and web apps, with advanced cloud access control (CASB) and sandbox browsers for risky use cases.

Read our Citrix Secure Internet Access blog post


Citrix Web App & API Protection Service (CWAAP)

For services published to wider audiences

A cloud based Web App Firewall (WAF) and API gateway with significant DDoS protection capability. Used to protect published services across all cloud locations with automated signature updates and machine to machine communication protection for our ever increased dependency on IoT, APIs and Robotic Process Automation.

Read our Citrix Web App & API Protection Service blog post


Citrix Analytics for Security

For a better balance of risk and productivity

Uses Machine Learning and Artificial Intelligence to learn what good behaviour looks like. Automated mechanisms are then able to identify risky users who behave unusually and automate security responses to real time threats. Detailed analytic capabilities simplify compliance management for distributed users and data.

Blog post coming soon



If you would like to discuss the benefits of Citrix Secure Access and see how you can deliver a unified secure access solution based on zero trust call 0330 010 3443 or email