Nevada Digital Summit

David PodwojskiDirector, Public SectorCitrix Systems, Inc.

JOE’S IDEAL SYSTEM

• On startup the user would get a browser interface or Logon that required their authentication. They would never authenticate again for anything during their Session.

• Each program, file share or other access would validate their credentials and access or reject based on the confirmed identity.

3© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential

What if ….• Your system checked the identity of each attached

client?• Your system validated the version of the OS and

patches to the OS installed along with the antivirus software on the end point device?

• Your system would terminate the session of any user who disabled the antivirus software after launching the their session?

• You were able to set “use policies” based on user, end user device, and network. The “use policies” also would be used to manage downloading, network and external drives and printing?

• If needed you could record any user session on the system.

4© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential

What if …

• The only computing device the user had was an six or seven years old and didn’t have a hard drive but would boot from a floppy?

• If the only devices available were diskless thin clients appliances?

• You could get all the graphics that Vista can deliver on a thin client appliance?

• A new application or a new version of an application had to be delivered to 100’s or 1,000’s of users within a few hours?

5© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential

A world where any service can be accessed or delivered from anywhere

Our Vision for Government

6© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential

Users Apps

App Delivery as an On-Demand Service

• Application Delivery via a Browser

• Applications and data reside in the Data Center

• Compatible with biometric, smartcard, two factor/key fob

• Manage password with AD or LDAP integrated password manager

Monitor Optimize Secure Control

7© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential

Users Apps

App Delivery as an On-Demand Service

• Highest Security• 128 bit encryption• Transmit only mouse

clicks, key strokes and replace pixels.

• Hardened Linux SSL VPN Appliance in the DMZ

• Smart Access Software – Granular Access Control

Monitor Optimize Secure Control

8© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential

Users Apps

App Delivery as an On-Demand Service

• Fastest Performance• Highest Security• Secure by Design

• Lowest Total Cost• Best User Experience

Monitor Optimize Secure Control

9© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential

Joe’s Ideal State

• Every individual is identified via a two or three factor identification process (biometric, smart card, passport) and are provisioned to access any application or system in the state based on that identity and their need

• Every system/application validates the user via a common interface

• Every individual is setup automatically based on their need and a predetermined profile

• All state and municipal entities have a trust relationship based on a shared/common security model

• Individuals receive access to only that information needed to complete their mission

• Sensitive records are well defined and encrypted or securely stored

10© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential

It would be a very bad day if …

11© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential

• County workers' data on stolen laptop • By Keith Ervin

Seattle Times staff reporter • The King County Transportation Department has informed 1,400

current and former employees that a laptop computer containing personal information about them has been stolen.

• Workers' names, addresses and Social Security numbers were on the password-protected laptop, which was stolen during a Sept. 28 home burglary. The information was not encrypted, department spokeswoman Rochelle Ogershok said Thursday.

• The laptop was taken from the home of a Transportation Department human-resources employee while the employee was traveling outside the country, Ogershok said. The employee routinely carries the laptop from one work site to another.

• Transportation officials learned of the theft Oct. 1 and, after determining what information was on the computer, sent letters to current and former employees Oct. 3 advising them of the incident.

• The affected employees work or worked in the Roads, Airport and Fleet divisions. Managers have held meetings with employees to discuss steps they can take to protect themselves from possible identity theft. The county will provide free credit monitoring for one year, Ogershok said.

12© 2007 Citrix Systems, Inc.—All rights reserved, Citrix Company Confidential

Thank You