Case analysis of terminal data leakage prevention

I met a client recently , They have a research and development department. Originally, they used to use diskless workstation for development , There are drawings , Active code . Use diskless , The main purpose is to prevent leakage . initial stage 20-30 Human time , It should be said that the effect is very satisfactory , But now this department has 100 A person , Relevant departments are also fast 500 A person , The R & D personnel make a drawing , Debugging software is as slow as some kind of bull , The reason is , When the concurrency number is large , The network load and server load are too high . They are engaged in drawing design and industrial control source code development , Almost every designer must use AutoCAD,Pro.E and SolidWoks Software that consumes a lot of resources . When debugging industrial control source code , The local serial port must also be used , Parallel port or network , As a result, I had to buy some notebooks that were separated from the diskless system .
         The problem of slow speed , Originally, I wanted to expand the capacity of the diskless workstation , But the cost is too high , And the Department is still expanding , It's not the way to go on like this , In the words of their leaders ： Everyone has a workstation , There must be no speed problem , But where is the value of no disk ？ in addition , Diskless although the file is no longer retained locally , But because the Internet will leak secrets , Cause a lot of inconvenience . By mail , The Internet can still leak secrets . Notebook for local debugging , It can still be leaked .

     Finally, it was replaced by ours SDC Sandbox （ Sandbox is also a cloud concept ） programme , Realization ：
    1） The number of terminals is not directly related to the server load (SDC Sandbox support 5000 Users are online at the same time );
    2） There is no speed problem when the client runs the design software that accounts for a large amount of resources ( And the single machine running loss is 5% within );
    3） Design results and drawings , Source code and documents can only exist on the server , Files on the server , establish , Edit , Save as and wait ( Cannot save locally ); Including notebooks .
    4） Non client or foreign PC Unable to access the server and other clients , Make it an isolated island ;
    5） At the same time of R & D and design , Allow access to the Internet ( Web browsing , Data download ,QQ,MSN Use ), However, the data on the server should not be transmitted to cause leakage ;
    6） Laptop peripherals ,U disc , Compact disc , Floppy disks are read-only ;
    7）WinPE CD boot local client ( Including notebooks ), Or remove the local hard disk , No data leakage .( There is no drawing data locally );
    8） Any files on the server should be taken out of the classified environment , All need to go through the approval process ;