26 June 2014
Last year we spent our vacation at the U.S. East coast. We started in Boston and headed north to Acadia National Park, a really wonderful place for German tourists.
Vacation in the U.S. is for Europeans a somewhat strange experience. You have to take some hurdles before you finally arrive at your destination.
First of all your eligibility to travel in the U.S. is determined. All Visa Waiver Program travelers have to get a travel authorization via ESTA (Electronic System for Travel Authorization). If ESTA rejects your application you have to apply for a VISA. It would not have been possible to step on-board the plane in Düsseldorf without a valid travel authorization.
But authorization via ESTA is not the final permission to enter the United States. In our case the U.S. Customs and Border Protection officers in Atlanta determined the admissibility during the intermediate stop.
This is an easy to adapt security concept for business critical data:
 Isolate your business critical data from the company network into a Core Data Services Network (CDSN). Figuratively speaking the CDSN is the United States.
 Boston is a data service, Atlanta an application or terminal service inside the CDSN. Access to the data in Boston is possible only via the applications provided by Atlanta. The way back to the company network is blocked! Export regulations are fully enforced!
 Düsseldorf is the gateway to the CDSN. Access to Atlanta is only possible via Düsseldorf!
 An employee must login to Düsseldorf first and open a remote session to Atlanta. On Atlanta he has to be authorized for the applications to access the data in Boston. At least for login to Atlanta a Two Factor Authorization should be in place to prevent eBay like attacks.
Many thanks to the U.S. Department of Homeland Security for this really easy to adapt security concept.
Sometimes you have to export data from the CDSN into the company network. U.S. Customs is involved through export regulations, but this is another story…