A recent number of news reports have picked up on the extraordinary measures some people take to protect against online security threats when traveling to "hostile" regions (read China). Below is an excerpt from a New York Times article that describes what a senior official at the Brookings Institute is required to do:
He leaves his cellphone and laptop at home and instead brings “loaner” devices... which he erases before he leaves the United States and wipes clean the minute he returns. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop. (See full article here)
Research suggests that this isn't an isolated practice. Government employees, university researchers, and private sector individuals are forced to take similar precautions with troubling frequency. (See links below for further examples)
It sounds like paranoia to most of us, but there's good reason if your work involves highly sensitive information and you go to a region where people have both the incentive and capability to nab it. It makes sense that organizations will do what they can to prevent a breach and minimize its impact, but it doesn’t make any sense to assume the risk of a security breach is neatly contained within geographic borders.
The uncomfortable reality is that people with the incentive and capability to launch such attacks exist the world over. Their skill and sophistication may vary, but as with the distinction between a high-end art thief and neighborhood burglar, there's a place for everyone on the ladder.
But how is it that data is so easily exposed? Well, much of the risk arises from two fundamental conditions: (1) the integrity of the device used, and (2) the trustworthiness of the local network. Both are hard to ascertain and harder to indemnify.
- Our local browser is the dumpster for all web code -- good and malicious. We'd like to think that the toxic stuff is filtered out with the aid of browser improvements and security software, but the pace and variety of exploits makes this virtually impossible. It becomes a question of when -- not if -- our computer gets infected. And when it does, any number of things can happen: our local data is extracted, spyware is installed, our surfing is redirected to bad destinations and more.
- Open WiFi networks are inherently insecure, yet we connect to them indiscriminately at places like hotels, coffee shops, and airports. But our traffic can be seen by anyone else on the same network running the right traffic sniffing tools -- many of which are open source and free. Not so bad if you're just free browsing, but disastrous if you're logging into sites by entering your credentials or using previously stored authentication cookies.
The China trip described above seems to make some sense in this light. Take a new machine that has no data on it. Connect only over highly-secure and encrypted networks. Don't enter credentials directly. Quarantine the machine once you get home until it's been wiped.
A solid plan with only two snags. First, anything that can happen to you in China can happen to you anywhere, but the China bogeyman distracts us from seeing the same vulnerabilities when they're sitting next to us at Starbucks. Second, even for those that see the risks, these procedures are wholly impractical for most organizations. IT can't support them and users will reject them. The tradeoff between security and convenience has only one winner (Hint: it's not security).
This is one of the core issues that we set out to solve at Authentic8. The proliferation of web applications results in users accessing those web apps from multiple devices and from different locations using a variety of networks. But with this liberation has come challenges around security, control, and policy management. Our goal was to design a holistic solution to better address these risks while at the same time be practical enough for the majority of businesses and users. There's a lot to the solution we've built, but the core elements go something like this:
- Allow the user to go online from any computer including their own, but relegate its role to that of a simple display and interaction device
- Shift the local browser to a secure and sandboxed environment running on a trusted machine in our cloud environment. Access it using an always-encrypted connection
- Insulate the user and their computer from any and all web code, and also insulate the secure browsing session from a potentially infected end-user machine
- Implement a rich array of policy controls within the browser, including the submission of credentials to downstream websites so that users don't have the pain and risk of entering them locally
- Leave zero data residue on the local computer once the user quits the browser
Said more simply, the Authentic8 solution shifts the user to a clean environment that we control, over a network that is always secure, and where sensitive data is contained and protected. We provide full insulation of their web session, their network traffic, and their private data from prying eyes.
It's a radical idea designed for a world that's getting more treacherous. But also a practical approach for organizations to embrace. Sign up for early access, and try it out for yourself.
- University Policies for International Travel
- FBI Recommendations for Business Travelers Traveling Abroad
- Experts warn against using personal mobiles, laptops in China (April 10, 2012)
- How to manage cybersecurity risks of international travel (September 15, 2010)