What Hand Sanitizer Can Teach Us About Cybersecurity

Young female nurse, wearing blue scrubs, mask, stethoscope arounI spent the last week at the RSA security conference in fear of getting sick before my talk on Friday, the last day of the conference. During that time I was nearly obsessive about using hand sanitizer to protect me against any germs I might be getting from shaking hands, or touching surfaces.

Two things struck me is about all this. First, it worked. I did not get sick and the talk went very well. Second, I was not employing the practices most used in cybersecurity programs. I did not send hand swabs off to get tested before using hand sanitizer. I had no idea if there were any harmful germs on my hands at any given moment, I used the hand sanitizer just in case. I also did not wait for or look for symptoms. By the time I would see some kind of rash on my skin, or start feeling a stuffy nose, the infection would already be in place.

I also made a real point of avoiding touching my face, particularly the eyes, nose, and mouth. Germs on my hand are generally not a big problem, but once they go from the skin into my respiratory, digestive, or circulatory systems the real troubles start.

I realized that our new secure virtual browser Passages is actually a lot like hand sanitizer for the web.

We sanitize your browser (by destroying the entire virtual machine in which it runs) at the end of every session. We don't look for malware first because we might not find it if it was there. The only safe path is to sanitize every time. Like avoiding touching my face, we also isolate the browser's virtual machine from the local computer and network. Malware can't do much damage while it is just in the browser / virtual machine, but it could wreak havoc if it got out into the business network.

It was an analogy that really struck me as I spent my days keeping my self, and my computer, free from infection.