Citrix last month significantly expanded its business with the $500 million acquisition of XenSource, which makes tools to help companies virtualize applications and storage. Much has been said in the aftermath of the deal, but many people are still overlooking a critical aspect of the Citrix-XenSource merger: security.

The crown jewel of XenSource is its open-source hypervisor, a software technology that allows multiple operating systems and applications to coexist on the same physical server. XenSource gives Citrix the potential to build out its application delivery infrastructure inward – into the virtual data center – and outward, onto the endpoint.

Citrix is now well positioned to take advantage of the growth driven by disruptive vendors and technologies such as VMware, Cisco, and Intel's vPro. There is no free lunch – Citrix still has to brilliantly execute – but it has good tools to work with.

Many security pros are fans of desktop virtualization, because it allows applications to execute in a secure data center instead of on untrusted endpoints. Endpoint security creates holes that security teams sometimes find impossible to plug, in both customer and business partner devices. It is all too easy for an untrusted home PC to store working copies of confidential data, keep sensitive information in temporary buffers, or record username and password keystrokes via spyware.

In centralized environments, however, application delivery technology can be deployed to handle authentication requirements and to display the application for the end user as if it were running locally. In healthcare and finance environements, I often see an integrated chain of tools that work together to create this centralized environment:

One of the problems with centralizing applications in a virtual data center is that some applications still need to execute locally to maximize performance. This processing might be required to correlate data from multiple sources, to allow the user access to data when disconnected from the network, or even to offer a secure environment to process compressed streamed multimedia content.

In a classic, thin-client virtualized environment, there is a lot of underutilized processing power at the endpoints that could be exploited if the application delivery system had end-to-end intelligence.

Citrix isn't ready to divulge its plans for XenSource, but it's still fun to conjure up a few of the possibilities that could change traditional approaches to enterprise security:

Virtualized data centers are great, but end-user applications still need secure application delivery mechanisms to the endpoint. Citrix is nicely positioned to use its application delivery strengths to change the way that IT crafts its applications for safe and efficient business communications. Isn’t that what security is supposed to do?

— Eric Ogren is the principal analyst and founder of the Ogren Group, a firm specializing in consulting services for security vendors. Ogren's background includes more than 15 years of enterprise security experience with both the Yankee Group and Enterprise Strategy Group. Ogren has also served in a variety of senior positions at vendors including Tizor, Okena, RSA Security, and Digital Equipment. Special to Dark Reading.