
Ask HN: Should we allow one of our devs to work remotely from China? - citeright
 One of our devs will be going back home to China for a few weeks. Is it an unacceptable security risk for him to work remotely while he’s away?<p>There are two parts to my question: (1) is this even possible? (2) Is this a good idea?<p>(1) Is this possible?<p>We use google suite, and many key pieces of our infrastructure (Jira, bitbucket) use Google for SSO authentication and login. My understanding is that these services will be blocked by the Great Wall. Does anyone have any direct experience with this kind of situation?<p>(2) Is this a good idea?<p>I understand the Chinese government has something of a reputation for snarfing down content from laptops brought into the country. Our dev’s laptop has source code, private keys, and (likely) personally identifiable information from our customers. I’m not worried about the Chinese government stealing our source code (we’re so early and our code changes so rapidly that, meh, whatever). Credentials (especially to access our AWS services) seems like a bigger deal.<p>Am I being too paranoid? Is there any official guidance or best practices about this? Has anyone been in a similar scenario who can share insights?
======
new_guy
> Am I being too paranoid?

> I’m not worried about the Chinese government stealing our source code

You're contradicting yourself.

Take security seriously, it's not a game. It is ABSOLUTELY an unacceptable
risk. Doesn't matter what your software is, you need to cultivate a security
mindset.

That said though, you're already compromised. Your developer has family back
in China, the Government there won't hesitate to use them as leverage to get
him to hand over everything.

------
SCAQTony
Presume the worst case scenario so you can own the decision. If you make the
presumption that anything you have your dev[s] do or may or may not have
access to will soon be public domain in China, would you have a problem with
that? If the answer is no, move forward.

------
jacquesm
It depends very much on what you work on. If you are in the security business,
write software for networking gear or anything like that I'd say no, really do
not do that. If you make software for ovens that bake cookies I see no
problem.

------
masonic
How much of your IP do you consider expendable?

