Citrix Systems has announced SmartAuditor, a new feature of Citrix Presentation Server that helps enterprise customers monitor, record and play back specific application sessions as part of their ongoing risk management and regulatory compliance measures.
By incorporating user activity auditing as a core property of a company’s existing application delivery infrastructure, SmartAuditor makes it easy for customers to demonstrate that employees are meeting established guidelines for information access, transaction integrity and intellectual property protection.
In a world where businesses run on applications and highly sensitive data flows easily across international boundaries, compliance and risk management have become increasingly important concerns to enterprises of all sizes. Companies in all industries now face a growing list of regulatory initiatives such as KING II, Sarbanes-Oxley, HIPAA, Basel-II designed to protect consumers, employees and investors from fraudulent acts.
In this climate, security executives report that monitoring employee activity, conducting periodic security audits and protecting intellectual property are now among their top-five overall IT initiatives. Unfortunately, the additional cost and complexity associated with these initiatives can often be prohibitive.
Using the new SmartAuditor feature, Presentation Server customers can now address many of these problems by setting policies that record specific application sessions based on a user’s role, the application being accessed or the sensitivity of the application transaction.
When activated, SmartAuditor acts like a digital video recorder to capture screen activity from a user’s computer and store it in a small, digitally-signed, time-stamped video file that can later be analysed and logged. By recording only relevant user sessions, SmartAuditor is far more efficient and practical than add-on auditing solutions, which often have large storage requirements, are difficult to manage and can be unwieldy to analyse during an audit.
“Most organisations are increasingly information-intensive, with highly distributed and complex information infrastructures. To mitigate the inherent risks of this transfer of information, organisations must implement enterprise risk management programs with sustainable compliance-driven standards,” says Michael Rose, associate research analyst with International Data Corporation (IDC).
“As a result, IT administrators are being asked to leverage technology that not only mitigates risk and meets these compliance standards, but also manages the ongoing costs. Incorporating policy-drive session recording capabilities directly into the underlying application delivery infrastructure makes a lot of sense.”
While SmartAuditor is an important benefit for all enterprise customers, it is especially beneficial in industries like healthcare, financial services and government agencies that must meet stringent regulatory compliance standards and monitor suspicious activity to effectively safeguard company information. It is also valuable for monitoring functions that are outsourced or applications which involve highly sensitive customer information or high-value transactions.
“Many compliance-driven initiatives limit the flexibility of both users and enterprises,” says Scott Herren, vice-president and Gm at Citrix Systems. “Citrix’s application delivery solution automatically secures, monitors and audits data and applications using configurable policies without inhibiting user access or mobility.
"By using SmartAuditor, IT can quickly provide a regulatory compliant environment that satisfies both corporate and end-user requirements, and SmartAuditor can be used with any Windows application without modification.”
SmartAuditor is one of many features that have made Citrix Presentation Server one of the most trusted solutions in the industry for ensuring regulatory compliance and data security. By centralising all Windows applications in the corporate datacenter and delivering them virtually over the network, Presentation Server keeps sensitive application data safely under IT control rather than distributing it across thousands of end user PCs.
By making data security a core property of their application delivery infrastructure, companies can avoid many unnecessary costs and greatly reduce the complexity of achieving regulatory compliance.