Ask HN: Should we allow one of our devs to work remotely from China?
There are two parts to my question: (1) is this even possible? (2) Is this a good idea?
(1) Is this possible?
We use google suite, and many key pieces of our infrastructure (Jira, bitbucket) use Google for SSO authentication and login. My understanding is that these services will be blocked by the Great Wall. Does anyone have any direct experience with this kind of situation?
(2) Is this a good idea?
I understand the Chinese government has something of a reputation for snarfing down content from laptops brought into the country. Our dev’s laptop has source code, private keys, and (likely) personally identifiable information from our customers. I’m not worried about the Chinese government stealing our source code (we’re so early and our code changes so rapidly that, meh, whatever). Credentials (especially to access our AWS services) seems like a bigger deal.
Am I being too paranoid? Is there any official guidance or best practices about this? Has anyone been in a similar scenario who can share insights?
4 comments
[ 3.2 ms ] story [ 18.9 ms ] thread> I’m not worried about the Chinese government stealing our source code
You're contradicting yourself.
Take security seriously, it's not a game. It is ABSOLUTELY an unacceptable risk. Doesn't matter what your software is, you need to cultivate a security mindset.
That said though, you're already compromised. Your developer has family back in China, the Government there won't hesitate to use them as leverage to get him to hand over everything.