JOE’S IDEAL SYSTEM
• On startup the user would get a browser interface or Logon that required their authentication. They would never authenticate again for anything during their Session.
• Each program, file share or other access would validate their credentials and access or reject based on the confirmed identity.
3© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential
What if ….• Your system checked the identity of each attached
client?• Your system validated the version of the OS and
patches to the OS installed along with the antivirus software on the end point device?
• Your system would terminate the session of any user who disabled the antivirus software after launching the their session?
• You were able to set “use policies” based on user, end user device, and network. The “use policies” also would be used to manage downloading, network and external drives and printing?
• If needed you could record any user session on the system.
4© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential
What if …
• The only computing device the user had was an six or seven years old and didn’t have a hard drive but would boot from a floppy?
• If the only devices available were diskless thin clients appliances?
• You could get all the graphics that Vista can deliver on a thin client appliance?
• A new application or a new version of an application had to be delivered to 100’s or 1,000’s of users within a few hours?
5© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential
A world where any service can be accessed or delivered from anywhere
Our Vision for Government
6© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential
Users Apps
App Delivery as an On-Demand Service
• Application Delivery via a Browser
• Applications and data reside in the Data Center
• Compatible with biometric, smartcard, two factor/key fob
• Manage password with AD or LDAP integrated password manager
Monitor Optimize Secure Control
7© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential
Users Apps
App Delivery as an On-Demand Service
• Highest Security• 128 bit encryption• Transmit only mouse
clicks, key strokes and replace pixels.
• Hardened Linux SSL VPN Appliance in the DMZ
• Smart Access Software – Granular Access Control
Monitor Optimize Secure Control
8© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential
Users Apps
App Delivery as an On-Demand Service
• Fastest Performance• Highest Security• Secure by Design
• Lowest Total Cost• Best User Experience
Monitor Optimize Secure Control
9© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential
Joe’s Ideal State
• Every individual is identified via a two or three factor identification process (biometric, smart card, passport) and are provisioned to access any application or system in the state based on that identity and their need
• Every system/application validates the user via a common interface
• Every individual is setup automatically based on their need and a predetermined profile
• All state and municipal entities have a trust relationship based on a shared/common security model
• Individuals receive access to only that information needed to complete their mission
• Sensitive records are well defined and encrypted or securely stored
10© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential
It would be a very bad day if …
11© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential
• County workers' data on stolen laptop • By Keith Ervin
Seattle Times staff reporter • The King County Transportation Department has informed 1,400
current and former employees that a laptop computer containing personal information about them has been stolen.
• Workers' names, addresses and Social Security numbers were on the password-protected laptop, which was stolen during a Sept. 28 home burglary. The information was not encrypted, department spokeswoman Rochelle Ogershok said Thursday.
• The laptop was taken from the home of a Transportation Department human-resources employee while the employee was traveling outside the country, Ogershok said. The employee routinely carries the laptop from one work site to another.
• Transportation officials learned of the theft Oct. 1 and, after determining what information was on the computer, sent letters to current and former employees Oct. 3 advising them of the incident.
• The affected employees work or worked in the Roads, Airport and Fleet divisions. Managers have held meetings with employees to discuss steps they can take to protect themselves from possible identity theft. The county will provide free credit monitoring for one year, Ogershok said.