However, the company warned that poor installations can have "potentially devastating" security implications.
Too many companies install Citrix without comprehensive knowledge of the design and management of the environment, and do not sufficiently consider how to mitigate risk, according to GSS.
The security testing company claimed that its recent assessments of Citrix environments found that every deployment tested had been vulnerable to arbitrary code execution.
In addition more than 80 per cent of deployments exposed commercially sensitive data, while many were found to breach the Data Protection Act.
"The fastest breach was carried out within 15 seconds of logging-on to the service. Even in the most locked-down environment, five high-risk vulnerabilities were discovered," said GSS.
"These were the result of small errors made in configuration, but typically many more such errors are found, any of which could lead to the network being compromised."
Robin Hollington, director of consulting at GSS, said: "Imagine how your board would feel if they discovered that a junior clerk had subverted controls to gain access to board members' restricted network drives.
"They would have the freedom to browse through payroll, trading and research data, and the facility to export this and other sensitive information such as business plans and customer databases without being detected."
Hollington added that, although hardening guides are useful, simply working from these is not sufficient to secure the Citrix/Windows environments because even a single, small overlooked opening can be exploited to give high-risk access.
_(5).jpg&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
Private AI vs Public AI: How your organisation can securely adopt AI without compromise and excessive cost
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
