My company is increasing travel back and forth to China. I've read a lot about the PRC deploying spyware to machines. How are you mitigating this when the laptop returns to your office? I know we're not the only company dealing with this and any advice is welcome! Up to this point, we've been wiping the machine when it returns to our office (before putting it on our network).
Thanks!
Before the machine even gets to china, we swap out the filevualt encryption keys, having an individual one for each machine going to china.. Then we firmware brick the machine, and tell the employee to contact us when they get settled, which we then give them the key.
Haven't gotten one back to NA yet, so can't comment on that part.
There was a great session at JNUC14 on this.Here
Rather than have folks take their own machines, I recommend having a stockpile of loaner machines and give them to folks travelling to China.
When they come back, keep the loaner off of your network and make sure anything they need is off of the laptop. Once that's done, wipe the loaner completely.
I think there is no really way to secure and be 100% sure about it with any computer. I think you have to use iPads.
I read somewhere that Apple added a verification wipe to the newer iOS devices, but I couldn't find the page.
C
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.