maxkabakov - Fotolia
The current pandemic has forced some employees to access corporate data and applications through their personal devices, leaving the possibility that malware could capture important information. Citrix Systems is hoping its Citrix App Protection, which is now generally available, will help companies address the issue.
Citrix App Protection is an add-on feature for the on-premises version of its Virtual Apps and Desktops platform. It is intended to counteract two forms of malware: keyloggers, which log a user's keystrokes, and screen-capture malware, which takes pictures of a user's screen at certain intervals and thus can reveal sensitive data.
Eric Kenney, senior product manager at Citrix, said protection from malware has taken on new importance in recent weeks, as many firms have been forced to adopt BYOD policies to continue operations.
"We are seeing companies of every shape, size and color adopting BYOD programs," he said. "[It's] great for employee experience; it's great for IT because there's a benefit to less management on devices."
Yet, he said, having so many unmanaged Windows and macOS endpoints can be a security threat, as malware can be lurking on employee devices.
Industry observers said the timely release of App Protection could be a useful part of a larger security strategy.
"Overall, it is a smart and handy tool," said Liz Miller, vice president and principal analyst at Constellation Research.
Kenney said keyloggers and screen-capture malware could pose a threat to securing corporate data and applications. If an employee unknowingly has a keylogger installed on a personal device, he said, the username and password could be harvested and used to steal data. Screen-capture malware could result in the leak of sensitive information as well, he added.
"Think about people in the healthcare industry who are now working from home," he said. "[If] they're reviewing a patient record, and that [screen-capture] malware goes off … that's a HIPAA violation."
Citrix App Protection works to ensure that, even if users have either keylogger or screen-capture malware on their devices, hackers are unable to retrieve any corporate data, Kenney said. It scrambles keystrokes when enabled, preventing hackers from using keyloggers to capture usernames and passwords. To defeat screen-capture malware, he said, it turns all screen shots, when a protected window is visible, into blank pictures.
The add-on, Kenney said, could even help prevent the unintentional leaking of corporate data. An employee, for example, might be working on a project using their personal device, and might then use that device to join a video-conferenced social gathering. Even if that employee accidentally had screen sharing turned on, he said, other participants would simply see a blank screen.
A timely addition
Mark Bowker, senior analyst at Enterprise Strategy Group, said organizations responded in a variety of ways when the pandemic made remote work essential, including companies that set up remote work options without thinking of the risk as well as those that decided maintaining operations was worth the security risks posed by a flood of possibly unsecured endpoints.
Stuart Downes, senior director and analyst at Gartner, said Citrix App Protection would help such organizations with their security stance.
"This feature from Citrix will provide an additional element of security on top of what's generally a secure experience anyway," he said. "It removes some risks."
Downes, though, said this product was only part of the answer to the security question. Well-informed users, multifactor authentication and desktop virtualization itself, he said, were other layers of defense for corporate data.
"These kinds of tools are always a welcome approach, because they provide a degree of choice," he said of options like App Protection.
Miller said Citrix's offering was a good way to enhance a company's security.
"The reality of a newly minted remote workforce is that there are wildly different levels of security sophistication among users," she said. "Some are highly attuned to security and have taken measures in home networks and devices. Others, aka the average worker, haven't thought about their router since they took it out of the box and hit 'install.'"
Citrix App Protection, Miller said, seems to be simple to install and deploy, a benefit for IT professionals.
"Neat, clean and easy … is what IT and [security operations teams] are really counting on in this time of chaos," she said. "[The] last thing anyone wants is an onerous process that can't be managed in a suite or admin environment."
Still, Miller said, it would be good to see the product offered outside of on-premises environments.
Kenney said Citrix has plans to extend App Protection support to cloud-based applications in the future.