Citrix Workspace: Embedded Browser vs Secure Browser Service vs Secure Browsing

Last week at Citrix Synergy 2018, we unveiled the Citrix Workspace, a brand new user experience for any application — virtual, SaaS, web, and mobile. During the opening keynote, we primarily showcased the end-user experience, however under the hood there’s some fine engineering going on behind this solution.

What I find particularly interesting is how we handle web and SaaS applications within Citrix Workspace. Not only is this a brand new capability, it brings a slew of value to end-users, administrators, your security team, and your compliance team.

With Citrix Workspace we dramatically improve security, data loss prevention and productivity for end-users of SaaS and web applications. Typically, productivity suffers when corporate policies are enforced, with Citrix Workspace we solve for that challenge by improving both security and productivity.

Why do I care?

As the CIO: Citrix Workspace allows your businesses to adopt any SaaS application. Adding SaaS applications to Citrix Workspace will control not only the authentication path, but also control the data path for these apps, enforcing corporate policies and protecting your corporate assets. Instead of hitting the breaks on SaaS adoption in the enterprise, you are now in full control and can encourage your business to adopt SaaS solutions.

As an Administrator: your life just became dramatically easier. Citrix Workspace allows you to set policies across any application whether that is virtualized, SaaS, home grown, web, or mobile. With Citrix Analytics in the background we are detecting anomalies, automatically taking action and providing deep insight in to what happens within your application landscape.

As an end-user: you will love the simplicity of being able to get your work done — anywhere, on any device. All of your applications are at your fingertips in a uniform, clean interface across desktop, web and mobile experience — with single sign-on and tons of productivity gains that simplify the way you collaborate. Citrix Workspace offers productivity tools that span SaaS, virtualized, and mobile applications that no individual application can do. The uber-productivity layer eliminates the need to ever switch contexts and improves overall performance of your applications.

How does it work?

Behind this business value there are some key technology ingredients we use for improving SaaS and web applications:

  • An embedded browser
  • A secure browser service
  • Secure browsing capabilities
  • A new policy engine and policy language
  • Citrix Analytics services
  • Secure Web Gateway services and Secure Gateway service
  • Federated Authentication services
  • Deep integration of our content services
  • SD-WAN

When an end-users launches a SaaS application from Citrix Workspace, we will authenticate the end-user using our federated authentication services with, over time, any identity provider of choice. On top of this single sign-on, several decisions are made dynamically to decide how best to serve this SaaS application to the end-user. We have two ways to serve this application to the end-user:

  • Launch the application in the embedded browser within Citrix Workspace
  • Launch the application in a Secure Browser session — a virtualized browser

The Citrix Workspace-embedded browser is a native browser running on the client machine embedded in the Citrix Workspace security sandbox. This gives end-users the best performance for rendering web pages of SaaS applications. The secure sandbox protects the end-user and the enterprise against malware, performance degradation, data loss and unintended end-user behavior. On top of that, Citrix Workspace actually enhances SaaS applications with new capabilities that improve the productivity of the end-user! These productivity tools are not limited to a single application, they actually cross applications. Something that no single vendor can do since they lack control over the end-user environment.

The Citrix Secure Browser service is integrated in Citrix Workspace as well. Secure Browser Service is essentially a virtualized browser running in Citrix Cloud. Virtualized browsers offer a unique additional level of security and provide unique backwards compatibility features.

The decision to use the embedded browser or the virtualized browser depends on the policies set by IT and the risk profile of the target application. How does this work? Citrix Secure Web Gateway has a very large database of URIs that are risk scored. On top of that, the administrator can set policies on certain domains e.g., to white-list or black-list URIs. Also administrators can set policies on how applications need to be served to end-users.

The way we launch the web applications is not the only decision we make at launch time. Depending on the risk profile, we redirect the traffic of SaaS application through our forward proxy — Secure Gateway services. Citrix Secure Gateway services are deeply integrated with Citrix Analytics services allowing us to analyze the behavior of the end-user, gracefully take action to prevent data loss or collect evidence, and/or prevent certain actions within web applications. This enables IT to not only adopt SaaS applications faster, it also doesn’t penalize end-users who don’t misbehave. It protects end-users and corporations against phishing attacks, content and data loss as well as prevents poor performance. Integrated SD-WAN services in Citrix Workspace dramatically improves overall performance for branch office users. For example, Salesforce could launch and run locally in the embedded browser, however if a user clicks on an unknown URL from inside Salesforce, the untrusted URL would launch outside the organization in the Secure Browser Service. If the URL was deemed inappropriate it would be blocked by the Secure Web Gateway.

At Synergy, we also introduced a new policy language and policy framework. This policy language allows administrators to set context aware policies across all applications. This is a great way to enforce corporate policies around DLP, security and productivity such as copy-paste protection, download protection and watermarks, for all applications. Citrix Workspace is enhancing SaaS applications with uniform policies. Many enhancements will follow over the next couple of quarters that are driven by uniform policies using this new policy framework.

What about Secure Browsing?

Secure Browsing, is a capability of Citrix Workspace to safely browse the internet where Secure Web Gateway inspects URLs of all outgoing traffic to enforce policies. Unknown or risky websites can be automatically redirected to our Secure Browser service to protect end-users from potentially malicious web sites. This transition to Citrix Secure Browser is completely transparent for the end-user which will keep organizations safe while allowing employees to get their job done.

As you can see, Citrix Workspace is not only an easy to use environment for any application in the work place, it has major brainpower behind the scenes to protect our customers and their end-users while improving overall productivity. The most exciting part is that we have only scratched the surface of what is possible with Citrix Workspace. Stay tuned.

Click to learn more about Citrix Workspace App or Citrix Access Control.