this post was submitted on 02 Jan 2024
142 points (95.5% liked)
Technology
59402 readers
2816 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Sounds like your company never had major issues with cyber attacks. Allowing unmanaged hosts into the environment is a cybersec nightmare, even if just through web apps. Also citrix is a worse experience than any underpowered work laptop.
Sounds like you don't know about the current security philosophy, which is "zero trust". You don't trust anything, not even managed hosts. We operate under the assumption that we are already comprised and that there are already bad actors with access to the network, and therefore the risk is managed accordingly, using modern security controls such as conditional access, RBAC, PIM/JEA, PAWs, AIP etc. Not to mention the use of SIEM and XDR solutions to detect and contain evolving threats. We even have a 24x7 security team who manually monitor all our environments.
Also, our BYOD laptops connect via the Internet to cloud-based services, so it's not like they're connecting to some traditional LAN/VPN/domain etc.
Our zero trust security model isn't something we whipped up out of thin air btw, it was established in consultation with Microsoft and another security agency which specialises in this stuff. Many major organisations around the world now follow a zero trust model, so it's been battle tested. We are a MSP who provide IT services to several organisations - so there are many regulations we need to adhere to, and compulsory external audits are done every year to maintain our certification status. Never had any major issues in any of our audits.
Not really. Have you even used modern versions of Citrix Workspace recently? It works just fine. If you had a poor experience then it's likely that whoever provisioned your VMs underspecced them, or your VM host was underspecced or misconfigured, or you were probably accessing some ancient version of Citrix.
Also, it's not like I'm in Citrix all the time, we only use it when accessing certain traditional apps or isolated environments. Most of our stuff, at least the stuff I mainly work with, is cloud-based.