Peter Lefkowitz, Chief Privacy and Digital Risk Officer at Citrix, did us the honor of a fascinating interview. Aviva Zacks of Safety Detectives asked him about Citrix Workspace.
Safety Detectives: What has your journey to cybersecurity been like?
Peter Lefkowitz: In 2003, when I was an attorney at Oracle, we had the realization that privacy needed to be more than just policies and public policy, that there needed to be a practical, on-the-ground aspect to it, which was a somewhat novel concept at the time.
So, we built a practical privacy program looking at the balance of privacy and security, figuring out how to build privacy into business routines, products, and services. That was the start of it. I was a one-man-band doing privacy within the legal department at Oracle. Nearly 20 years later, their privacy function is a very large group and I think the world has come around to the notion, particularly post-GDPR, that privacy is part of a robust global data protection program.
SD: Tell me what the company does.
PL: Citrix is a really interesting place. The flagship offering is the Citrix Workspace, which provides employees a simple, secure, and reliable way to access core systems applications and information needed for work.
The secret sauce is building security into the employee experience in a user-centric way. When employees log into a system, they’re trying to get to their data, and that data is available to them and can stay server-side. Citrix Analytics Services, which looks at whether this is in fact the person that purports to be logging in, is happening in the background. The employee is aware of it, but it doesn’t interfere with the experience, so you have the balance of a good employee experience, being able to access their applications and data, with strong security.
SD: What types of companies use your services?
PL: Our user base spans the spectrum from small to medium businesses to government and large enterprises. We have always had a sweet spot with regulated entities, such as large financial services, healthcare, and government.
SD: How do you feel that Citrix stays ahead of the competition?
PL: I think the key to what we do is providing an opportunity for users to be at the center of the experience without sacrificing security that is so critical. Our contextual security policies are unique in that an employee logging into Citrix has a whole lot of security elements working in their favor, but it doesn’t interfere with their day-to-day experience.
SD: What do you feel are the worst cyberthreats out there today?
PL: I think COVID has accelerated all of the major security threats. We used to work principally in the office. We had firewalls, and IT departments knew exactly how people were coming in and could block a lot at the office door. Today, everybody is working remotely, meaning that people are working from their homes and publicly and using home machines, mobile devices, and office machines interchangeably. And criminal actors have taken advantage, using phishing schemes, ransomware, and other techniques to exploit our dispersion.
We saw the evolution of cyber-risks in the past year. Nation-state and criminal hackers now work together, and ransomware has now become a fundamental existential problem. And we saw with SolarWinds and JetBrains that the malicious actors are now trying to find their way into code lines and then use novel ways to avoid detection.
There are even ransomware actors that have technical support departments that support people getting their data back in multiple languages. Once they’ve been paid off, the criminal activity around computing has become more sophisticated, has taken advantage of everybody working from home. And now, with more wealth, through ransomware, they have become more pernicious.
The biggest cyberthreat is the current IT landscape and our best hope is to protect users and data in a more seamless way.