I recently learned about SurfEasy, a startup that makes an embedded SSL VPN browser on a USB key that connects to a proxy network. With this device, a user can easily bypass corporate firewalls and policies to access any website they want. Anyone who thinks that nerdy computer whiz kids are the only people that are going to be doing this FUIT thing should be on the lookout, because with companies like SurfEasy in the space, everyone will be able to get around IT.
(See the FUIT tag on this site for more on this subject. Essentially, FUIT describes the trend of users circumventing IT policies with tools and techniques made available thanks to the consumerization of IT. FUIT is not always malicious—often it’s just the best way to get a job done.)
SurfEasy’s USB device consists of a custom version of Firefox that has a built-in SSL VPN, which connects to SurfEasy’s network of proxy servers. All of the data associated with the browser is saved to the USB key, which has firmware-based password protection. From the proxy servers, which are available in different geographic locations, users can surf the Internet un-restricted. The USB key is in a unique form factor that slides into a credit card sized holder, the idea being that people keep it in their wallets with all the other cards and things that they always have with them and keep secure anyway. The first round of SurfEasy devices was pre-sold via a Kickstarter campaign, with promises of more available soon. I’ll be able to check them out at the Consumer Electronics Show in January.
The idea is that a user can take their own settings, history, passwords, and bookmarks anywhere they want, and then securely connect to whatever website they want to. When the USB key is unplugged, the browser and all of the data goes with it, leaving nothing on the computer because the native browser was never touched. There are number of use cases: worry free browsing when on public computers, having personal data available to users when on other public computers, and getting around restrictive firewalls. That last one is most important for the FUIT discussion: SurfEasy can allow users to browse BBC news from inside China, watch Netflix through a Canadian proxy (different copyright laws = more content available), and say FU to IT by visiting whatever websites they want to while at work. Naturally, SurfEasy encourages its customers to make sure they’re not doing anything illegal.
(This is one of a few videos on their website describing the various use-cases.)
As in other scenarios, there are a few ways that users could be prevented from going wild with SurfEasy. IT could choose to only allow certain types or brands of USB devices or simply turn off USB access entirely. Alternatively, IT could block wherever it is that the SurfEasy VPN traffic goes to hook into the proxy network. But if SurfEasy takes off, there will be a stream of vendors with similar products that users can jump to, leading IT on a never-ending path, always a step behind.
Of course the whole point of SurfEasy isn’t just to get around corporate policies (in the same way that the intent of many FUIT activities isn’t to be devious, just to get work done). I can certainly understand these other use cases, too. (Back in college when I often used public computers in labs and libraries I would have loved to be able to take my personal browsing environment with me. If I had to do something sensitive like check my bank account, I’d always get a little paranoid and clear the history and empty the cache.)
Products like SurfEasy will continue to add to the "consumerization of IT" trend. There have always been ways for power users to subvert IT, doing things that normal users would not do. IT has been dealing with these people for years, and they’ll probably never go away. Beyond that subset, the next step are the tech-savvy (read: all of them) younger users that are coming into the workforce. They grew up with computers, and know how to do things like use a proxy to access a blocked website from work. Now, with companies like SurfEasy marketing solutions with plug and play simplicity, all users will be able to FUIT.
Bottom line: FUIT is getting easier every day.
(Note: You must be logged in to post a comment.)
If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.