The organization should have a number of laptops designated solely for international use. They should be restored to the org's "gold image" and kept "in stock" and available.
Prior to leaving on an international trip, the traveler "checks out" a laptop from I.T. for the duration of his trip. No personal or business data should exist on the data at this point. Once destinated, the needed business data can be downloaded to the laptop over a secure VPN back to company HQ.
Prior to returning, the traveler will run a "clean up" script that I.T. has developed. This script will upload any business documents that have been created or obtained while outside of the U.S. back to company servers (over that VPN) and then wipe the data from the laptop. Alternately, the laptop could have a partition set up that, when booted to, starts the reimaging process (sorta like how consumer PCs have a "restore partition"). This would be done, obviously, before returning to the U.S.
When the traveler has arrived back in the U.S., s/he returns the laptop to I.T. who again image it with their gold image and store it for the next user who needs it.
It wouldn't be that difficult or that much of a PITA, IMO -- it all depends on how important the data is to the company. It would likely require a change in policy and some users would almost certainly complain about it. Oh well.
I've heard of companies that consider any electronics thats ever been taken to China to be no longer useable on the company network. Their approach is to consider those devices "disposable". If ou take a laptop to China, buy a replacement when you get home and give the old one away - its never to be connected to the internal network again.
At a previous job (.edu), we discovered a compromised host and shortly thereafter found that it was the laptop of a professor who had just returned from China.
More like all users would complain. Don't get me wrong, it sounds like like a good solution, but you would be amazed at the recalcitrance of users asked to do something new or different. Plus, your infrastructure and user workflows have to be able to support such a setup. If a user who travels a lot is utterly dead in the water without his dozen 10GB email archive files, and the VPN is a tiny 1mb/s pipe for the whole globe, the above isn't a particularly viable idea.
Most email clients let you store your archive online. Exchange certainly does - I can search from my phone, which only stores the last week's work email locally.
Prior to leaving on an international trip, the traveler "checks out" a laptop from I.T. for the duration of his trip. No personal or business data should exist on the data at this point. Once destinated, the needed business data can be downloaded to the laptop over a secure VPN back to company HQ.
Prior to returning, the traveler will run a "clean up" script that I.T. has developed. This script will upload any business documents that have been created or obtained while outside of the U.S. back to company servers (over that VPN) and then wipe the data from the laptop. Alternately, the laptop could have a partition set up that, when booted to, starts the reimaging process (sorta like how consumer PCs have a "restore partition"). This would be done, obviously, before returning to the U.S.
When the traveler has arrived back in the U.S., s/he returns the laptop to I.T. who again image it with their gold image and store it for the next user who needs it.
It wouldn't be that difficult or that much of a PITA, IMO -- it all depends on how important the data is to the company. It would likely require a change in policy and some users would almost certainly complain about it. Oh well.