> I remember how Google's internal guidelines for travel circa 2011 required to remove any material under NDA from your laptop when traveling to China or Russia; you had to restore it over the VPN after a safe arrival.

I made this suggestion when I served on the security team at a major cybersecurity player.

When we had our company-wide annual internal conference it was always in person. This meant that basically everyone, with basically cumulative access to everything, and all our code, would be traveling across a multitude of borders at once. Some of which were less friendly than the US (at that time).

This was rejected as impractical for developers and redundant for everyone else. So I suggested locking the accounts of everyone who was traveling between the time they left and the time they arrived. This would have the side effect of signing them out of our most sensitive systems and removing certain highly confidential data from laptops. This was also rejected as “unnecessary”.

That company now counts a healthy proportion of the Fortune 500 amongst their customer base. I hope things are not so cavalier anymore.