We are setting up a citrix solution for co-workers from an external partner to access applications in our organisation. The question is if it's a bad idea to allow Citrix Client Drive mapping from a security perspective? Does anyone know of any best practices?
We have no control over the state(of for example antivirus software) of the clients from where they connect or their network.
This is probably a question for the Citrix forums, but here are my 2 cents:
With Citrix XenApp you can granularly control which level of data exchange between the client (where the user sits) and the server (where applications are executed and data is stored) you want to allow. One extreme is to disable every form of exchange, including the clipboard. In such a scenario the only way users can copy data from the server is via screenshots.
The other extreme is to allow everything including clipboard and client drive mapping. In that case you can copy data to and fro, both via the clipboard and via the file system.
There is no best practice, you need to define which level of security you want and act accordingly. But beware: think of the users, too, and do not restrict them unnecessarily.