1. Field of the Invention
The present invention relates generally to computers and data processing applications and, more particularly, to system and methodology providing a secure workspace environment.
2. Description of the Background Art
Growth of Internet-based remote access technologies has lead to an increasing number of users working in unprotected or untrusted environments. Home users connect to their corporate networks via different VPN clients. People on vacation check their emails via public kiosks. Sales agents connect to their databases via wireless services in airports. Large networks now are not just broadband lines that connect offices in several states or countries, they are far more complicated and far less controlled at the end-points (e.g., at individual personal computers). As the number of mobile users grows, the number of potential threats also grows. Potential threats include, but are not limited to, phishing attacks, identity theft, trade secrets theft, and the like.
A network of the typical large organization can be protected with various tools. For example, a firewall is installed to protect a company's gateway. Anti-virus software is installed on the company's mail server to scan incoming and outgoing email. Anti-virus software can be also installed on individual end user computers. For remote users, SSL VPN or IPSEC VPN is available to connect to the company's network from remote sites. For managing these environments, IT departments typically develop and deploy a set of security rules (security policy) to endpoints. Notwithstanding the availability of these foregoing tools, corporate IT departments today still face difficulties in protecting managed computers within the corporations from the threats from the Internet.
Consider for instance a firm, XYZ trading firm, which employs a clerk named John Doe. John works with a firm-owned personal computer to connect to a business client-server application running on another one of the firm's computers. This “business application” allows him to access all-important data: customer information, invoices, and inventory availability of items. Most of the data available to John is confidential. Sometimes John stays after work to browse and download free music from web sites. Recently, he downloaded and installed (without permission) a Tetris game for his own amusement during free time. Both of these seemingly innocent activities of John can lead to the leakage of important data, however. For example, many free music sites contain “spyware,” “adware,” or other malicious software (“malware”). Free game downloads (e.g., Tetris download) in particular often conceal malware intended to steal confidential data. In this scenario, corporate firewall and antivirus software installed on an employee's computer often will not help. Corporate firewalls, for example, are frequently configured to allow HTTP traffic (i.e., port 80 is open); the HTTP protocol, in turn, can be used to download files, including unintentional (or intentional) downloading of malware. Importantly, antivirus (AV) software that may be running (e.g., on John's machine) is not guaranteed to detect spyware programs, especially those particularly developed to bypass the antivirus software.
Given the risks posed by the above, some attempts have been made to address the problem. The simplest way is to apply a strict security policy: prohibit Internet traffic for computers where important business applications are installed. In many cases this will not work, however, since Internet connectivity is a daily tool for many people. Employees need Internet access in order to get news, search information, visit site of competitors, get email, use online applications and services, and so forth. The simplest approach is therefore not a practical solution for most firms.
Another approach is to use two computers, one for internal business applications and one to access the Internet. This is the most secure approach, but also the most expensive and inconvenient. The cost grows not only because of the hardware duplication, but management of the firm's IT (information technology) infrastructure becomes more complex and expensive. The total cost of ownership (TCO) eventually grows to an unsustainable level. For example, consider how an employee or clerk should send and receive email. If email (client) software is installed on the same computer where an important business application is installed, special precautions must be taken to prevent malicious software distributed by email. Although the firm's system administrator may install antivirus to scan email on-the-fly, malware can easily bypass such protections; for example, malware may be hidden in a password protected archive (e.g., ZIP) file. If the email client is installed on the computer with HTTP access enabled, the system administrator must also worry about how data may be safely imported from the email system into the business application. Given these shortcomings, the approach is reserved for situations where high costs and inconvenience can be justified, for example in banking and military deployments.
Another approach involves the use of separate user profiles. When working with the business application, the employee (e.g., John) is required to use a special OS (operating system) profile—that is, one requiring that he log-in under a username with special privileges. When working with Internet, he would use another profile. Microsoft® Windows XP supports somewhat fast profile switching. In spite of these improvements in this area, this approach is not widely used, perhaps for obvious reasons: interference with usability and difficulty of configuration make the approach relatively unattractive.
What is needed is a solution that protects unmanaged computers from threats posed by Internet connectivity. For example, such a solution should allow a user to do online payments from his home personal computer without the worry of Internet-borne threats. However, such a solution should provide this protection without high costs or inconvenience. The present invention fulfills this and other needs.