Strategy for developing proprietary project information on a secure computer.

WaterStreet used Ask the Experts™

I'm proposing a consulting engagement for a client with a proprietary project, which requires that I keep the project's work away from the Internet, due to confidentiality requirements.

I have two windows 10 computers (always updated) that I use on the Internet, and do not want to use any of them for this purpose. I'm thinking of buying a new laptop computer to be used exclusively for the new project.  I use McAfee Total Protection, Malwarebytes, Hitman Pro, and Epic Privacy Browser (proxy mode) on the two computers connected to the Internet.  

I'd prefer to use Microsoft Word and Excel, though I'm not attached to Microsoft products. I'll also need some specialty software (such as 3-D illustration software, and flowchart software), all of which I hope to load via CD/DVD, or transfer the downloaded installation files via flash drive from one of my online computers.

I will create, update, encrypt and store all the proprietary information files on flash drives that will never be inserted, if or when the new computer needs to connect to the Internet.

What what do you think of this strategy for keeping the proprietary project information secure?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dr. KlahnPrincipal Software Engineer

It's a fine strategy.  Now, about the people who will be involved.  Are they willing to sign non-disclosure agreements, have their backgrounds thoroughly investigated, and be security bonded by a reputable bonding company in the amount of at least one million dollars?

The people are the issue, not the hardware.  If there is so much as one disreputable person involved, the project will end up compromised no matter what you do.  All it takes is one person with a $19 pair of camera glasses, q.v. fleabay.
I am the only person involved aside from the client.
Exec Consultant
Distinguished Expert 2018
Suggest explicit mentioned on physical plugging into any port to reduce chance if unintentional Internet connectivity. Good to have even wireless explicitly disabled for this standalone.

Lock the proxy setting as mentioned to manage any web traffic.

Employ application whitelisting to allow only authorised application to run. Can largely reduce attack surface from Ransomware too.

Avoid using admin account as default user account as it increase risk.

Most importantly,remember to BACKUP ALL the working files regularly and off the same machine in case it get infected and encrypted by Ransomware.

Encourage regular update even though it is not Internet connected. Have to strategise for offline patch though either through external media or another staging proxy server connected to Internet internally.
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.


That's the kind of comprehensive answer I was looking for – quick,  focused on my question, and not requiring me to ask for a more detailed explanation.

Thank you very much.

New follow-up question:
See "Windows 10 Enterprise security for just one laptop user"

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial