One question that comes up with VDI is, "What if someone compromises the endpoint that is accessing that application?"
Before 2019, there was no good answer -- except that organizations with a keylogger or screen capture infection could have a bigger problem. In those cases, attackers could pivot to other systems, just like they compromised the first system.
Citrix wins this round because of its keystroke logging software that prevents keyloggers from capturing sensitive data from applications. IT can create policies to disable screen capture, as well. When end users open an app through Citrix Workspace and attempt to take a screenshot, they'll only capture a black screen. Mitigations such as these rarely last forever, however. Attackers may develop a workaround in the future, so IT should always be on the lookout.