bhomburg

I landed the not enviable task of having to reconcile the new regulations banning carrying on anything electronic larger than a smartphone on certain routes / carriers with the corporate IT travel policy which operates under a strict "under no circumstances company IT equipment is to be checked in" rule.
This is going to be a major issue going forward should these rules remain in place for some time, which looks like they will. Company would prefer to not have to change the policy.

For now, some staff who have to travel on affected routes that do not allow carry-on laptops with company equipment are required to remove the data drive from their laptops and carry it on separately prior to checking in /gate-checking the laptop if flights cannot be rebooked/rerouted to avoid the electronics ban.
Older Dells (up to Latitude E XX40) and Lenovos (up to Tx30) until about ~2013 had the data drive in a separately-accessible caddy which even technically challenged users could remove in thirty seconds by removing one holding screw, no tools required on the Thinkpads.
On the current models from both manufacturers, this is not an option anymore - starting with the M.2/NVMe form factor SSDs which are largely unprotected, to the operation itself which should be left to skilled technicians equipped with appropriate tools. I guess that's the price to pay for having thinner, lighter and faster systems.

Does anyone know if there's current travel-friendly sized laptops out there from any of the global players in the business market (HP and Toshiba come to mind) still allowing this?

CPRich

Fly a non-affected route. Are there any "can't get there from here" city pairs?

Dubai Stu

Emirates doesn't require you to check it per se. They take it from you at the gate and return it landing. I would send a memo to IT stating that unless you hear from them to contrary, you believe that this doesn't constitute checking within the meaning of the rule because: (a) of the special handling of the devices; and, (b) because of the legal impossibility of carrying the device on the plane with you.

Often1

Depending on where you work and who you work for, sending too cute by half memos which start with "unless I hear to the contrary" is a bad thing.

If the concern is that you lose physical control of your data, the EK solution, customer-friendly as it is, simply does not reach the solution.

Electronics ban or not, I would not travel with sensitive data on a hard drive. The data ought to be backed up in an appropriately secure manner before departure and accessed upon return, e.g. Cloud.

Nothing of value ought to be stored on the laptop. If that hasn't been the case for a number of years, not sure why there is an issue now.

sama

Chromebook and portable SSD drive.
You have email and general files on cloud and what you need on the road, you use from SSD.

This way you don´t have any company files on the computer and it can be checked.

Need

I don't know.. rather than going out to buy new laptops, don't you just want to wait and see what happened? Switch to a non-affected airline for now. The removable hard drive sounds like a security nightmare. People forgot to remove it before checking it in. Bad people installed some device in your laptop so once you reconnected the HD they could steal the data. Airline decided your HD is an electronic device bigger than a smartphone and check it anyway.

txflyer77

Wouldn't it be a lot easier to just route through hubs that aren't affected?

A connection in FRA beats a data breach.

Dubai Stu

MEMORANDUM

To: IT Department

From: Dubai Stu

Re: Upcoming Dubai Trip

Date: March 31, 2017

__________________________________________________ _____

I am not sure if you have been following what has been happening in international travel, but the US just banned people from carrying their electronics (except their personal cell phone) flights from Dubai to the US. In response to this policy, Emirates has implemented a special secured storage procedure where they will take your laptop from you at the boarding gate, place it in a special secure area in the hold, and return it to you on deplaning. The laptop is not checked in the traditional manner and extra security measures are in place with these devices to respect the security and sensitivity of the devices.

I am currently booked at Emirates flight 1235 flying out to Dubai on Monday and returning on Friday. My return flight will be subject to the secure storage procedures. I have read the company policy three times and don't believe that the bar applies. When Harry Jones spoke about the purpose of the policy three years ago, he stated it was because of the danger of laptops being stolen from our luggage. This is obviously not present.

With the impending flight and there be no real practical way around the problem right now, I believe that I really have no choice but trust Emirates with laptop. If you wish me to take a wiped laptop on the trip with minimal data, please advice. I've struggled long and hard whether I could do this trip without any laptop and it is just not possible.

I just learned about the problem. If a scrubbed laptop is the only solution, I can meet you anytime this weekend or swing by the office on the way to the airport. Lastly, but obviously the least preferred method, I can take a disk with DBan and wipe my laptop before heading to the airport on Friday. Call my on my cell so we can discuss this at 212-555-1212. If I don't hear from you, I'm going to have to risk using Emirate's secure storage. It is not a perfect solution, but it seems the "least bad" option.

Sorry to burden you with this at the last minute.

Stu

Dubai Stu

PS: I just saw the Qatar airlines has loaner laptops for business class traveller with super cheap ($5) wifi.

oneant

I personally don't see it as "changing" the policy if you simply carve out a very specific exception for this special circumstance. But if the company wants to stand firm anyway, route so as to avoid the issue.

If neither an exception, nor re-routing are options, then the question I have is what the primary concern here is: 1) hardware loss (cost of replacing device, loss of productivity); 2) data loss (mission-critical data on the drive would be lost if device goes walkabout); 3) data breach (data on the drive is compromised).

1 is probably not is as that would be silly in these days of cheap hardware

2 should be covered by IT InfoSec policies on data redundancy; no SPOF device--especially a mobile one--should house critical data

3 drive encryption has come a long way, and proper encryption will essentially make the drive useless as anything more than a paperweight

CPRich

Our company's published policy, in order of preference.

1 - Re-route your trip
2 - Take a laptop from the burner/loaner pool if web-access is enough. Access email on the web and load needed files in our secure cloud storage location. Burners are cheap machines loaded with browsers, Office, and other basics
3 - get written exception from security, privacy, and everyone under the sun. Purge your Deleted Items, unneeded Inbox items, Recycle Bin, etc. Have IT verify your drive encryption is enabled, etc., etc. Pack in your suitcase, not a laptop bag. Use a lock on your bag. Upon return, have your machine reviewed by IT staff before connecting to the network.

Error 601

Our China-Russia policy applies, although we have relatively little business in the Middle East other than a large but mostly self-sufficient customer in Saudi Arabia.

If you anticipate good connectivity travel with a thin client notebook, these are HP ProBook 4320Ts.

If you anticipate poor connectivity travel with a "low-value loaner" (IT refers to these by the acronym DGAF) they are typically consumer grade PC notebooks and a few older MacBooks covered in stickers and have no inventory tags, something that no espionage functionary would waste their time with as opposed to say a ThinkPad E-Series or or Dell Latitude with a big silver tamper-resistant inventory tag. DGAF users can take data on a FileVault or Bitlocker encrypted USB stick or SD card.

DenverBrian

Kind of wordy, and it's "please advise," not "please advice." Otherwise, it's a good balance of "need to follow policy" vs. "need to do actual work."

bhomburg

Thanks for all the input. I`m in IT and actually did get a bunch of emails to this effect. .

Rerouting flights will cover most of the issues, but there's a few cases where this is not possible, or very inconvenient. We're looking at maybe two such trips per month across all of the company (with offices in both the UK and the US which have different laptop bans), so really not much of an impact.
The issue is that those laptops are used to acquire and subsequently process data in a highly regulated environment (clinical field, involving patient data). This is a largely offline process, and the software environment is very specific. All this is integrated into contracts and validated, audited processes, changes to which are best avoided as they'd trigger a lengthy and resource-hogging review process involving multiple external entities. The company wants to avoid this.

The solution we came up with after some brainstorming is easier than I first thought. The handful of affected users will be issued a bootable external SSD drive which contains a clone of their system drive with all the needed applications for these trips. On unavoidable trips with mandatory checked laptops, they will have to start their laptops from the external drive and use this device to store the acquired data. The laptop may then be checked/gate checked while the external drive with the data stays on the traveller.

Tests have shown this to work well, with minimal extra complications for traveling staff (who just have to remember to power down their laptop, insert the drive, and press two buttons at startup to select the alternative boot medium).

Correct. The problem is that the data needs to be gathered, then stored locally (with proper backup in place of course) until the travelling staff return to the office.
Cloud solutions are not an option as access to the internet on site (mainly hospitals) usually is either not available or severely restricted.


Yep. But tell that to regulatory bodies in the healthcare field who are for the most part firmly stuck in the paper days of the mid-20th century.

tentseller

At the present time I travel with a full win10 Lenovo M700Miix, plenty fast with m5 and 8g inboard and 256SSD. There is a micro SD slot that I put either personal business, NGO business or personal 200g card into.
All data are stored onto the removable card and I have a wallet of them with their backup in my "wallet"

That could be an option to protect client data.