A person goes to China for a month, visiting family and they want to continue to collaborate with team while there.<p>VPN seems to be a no-brainer, but even in that scenario - VPN's allowed to operate in China, most likely collaborate with the Chinese government?<p>Is there a secure way to get access to company data and systems of a western company while traveling in China?
You could set up your own VPN and if it works great, if it doesn't that's life.<p>I think the question that's more important is how big of a target are you? If you/your company/your co-worker are all ultimately nobodies, then it probably doesn't matter.<p>If you have highly desirable state secrets or advanced tech, then from a technical perspective you're probably out of luck.<p>Your problem might not even be the connection, but the device connecting.<p>Chinese (PRC) people will almost all have WeChat on their phone. It's not hard to imagine keeping a list of all Chinese citizens in the US who come back to china, catch messages that say "I have to work for several hours" and launch a targeted attack with Pegasus like software.<p>A border agent could say "your data or else."<p>If you buy an iPhone in China, that data, like complete backups, is probably open to the Chinese government probably unencrypted. I am not sure what happens when a person who bought an iPhone outside of china and brings it to china, or who sets their locality to PRC.<p>A password vault could be compelled to be opened.<p>So to answer your question, first we have to understand what you have of value and what your threat model is.<p>From an ultra paranoid perspective, no physical device with privileges should enter China and even the employees personal devices shouldn't have anything company related like 2fac codes.<p>From a completely practical perspective, connecting to a vpn on a laptop while tethering through a "state approved" vpn is probably fine.<p>I think most valley companies would give completely new devices for e-mail and meetings and maybe local development, but completely restrict prod access, then destroy those devices when the employee comes back, but maybe I misremember.
Serious question - is the staff member _that vital_ to the company by which they cannot be unavailable for one month?<p>The first thing I'd do is involve a lawyer familiar with working for a western company in "hostile" environments and involve InfoSec for a risk assessment.<p>Coincidentally I know of a Chinese citizen, living & working in EU (western employer), who needs to be in China for 1-2 months for medical reasons. He casually (well, naively) believes it will be no different to working remote in EU, and therefore not a problem for his employers.
From my understanding companies in China can apply for non-blocking Internet so people can visit Google/Youtube/etc. freely. However, if your concern is that the general Internet in China is not safe enough (monitored), I'm not sure what solutions can solve that. Maybe there is some end-to-end encryption software that you can use?
Does anyone know if Amazon Workspace hosted in Tokyo, could be accessed from China? Latency to AWS Japan would likely be one-of/or the lowest from China to an AWS datacenter?