Internal networks can facilitate transfer of information within an organization. For example, corporate networks can be used to support electronic messaging (e.g., email or instant messaging), file sharing and storage systems. Internal networks may also be coupled to external networks, for example, using an intermediary device, such as a gateway, that facilitates transfer of data between the internal network and the external network. One benefit of exposing an internal network to an external network is that users may connect to the internal network via the external network, using a device outside the internal network to access data within the internal network. This allows users to work with data or files stored at the internal network while away from locations associated with the internal network. However, such user access via an external network can present a security risk.
For example, a user at a client computing device connected to an external network may access the intermediary device from the client computing device. The intermediary device may authenticate the user (e.g., by requiring a user identification, a password, a security token, etc.), and, after the user is authenticated, the user may be able to download sensitive information from devices on the internal network (e.g. file servers, document management servers, File Transfer Protocol servers, web servers, revision control systems and mail servers). The downloaded information may remain on the client computing device on the external network and can result in disclosure of the information to unauthorized parties that later use the client computing device.
In another example, a user connected to the internal network may connect to a computing device connected to the external network through an intermediary device. The user may be able to upload sensitive information from devices of the internal network to the computing device connected to the external network, resulting in potential information disclosure to unauthorized parties.