Re: Mitigating risks of outsourcing desktop management
- From: Adriel Desautels <adriel@xxxxxxxxxxxxx>
- Date: Wed, 09 Jul 2008 11:13:25 -0400
Hi David,
I've read your email quickly and have the following comment.
I'll make a bet with you. If we can hack your provider and gain access to your AD server on their network, then you give me 15% of your businesses revenue for the next year. If you can't make that bet comfortably, then you should not outsource your AD to that provider.
It is my opinion that most hosting providers are *insecure*. I would certainly not trust mission critical systems to those providers without first having their security throughly tested. Specifically, I'd want them to be tested by a security provider that can recreate the real world threat, not just some automated junk.
Does that make sense?
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn
David West wrote:
Hello,
Our Operations team are investigating outsourcing the management of
desktops, adds/moves/changes/break-fix etc.
One of the proposals on the table is for a vendor to build/add
desktops to our AD domain off-site at the third parties premises. They
propose to achieve this by extending our AD domain to their premises.
I have a number of concerns with this approach, including; extending
our domain to an uncontrolled environment; policy and procedure
conformance of the third party; access required to add computers to
AD; potential to poison AD; identity management issues, etc. Some of
these concerns can be limited with tight commercial contractual terms,
however I was wondering if anyone can provide insight into how other
enterprises solve this problem? Ie, Somehow provide only a subset of
AD functionality to the third party; policy conformance somehow; or
don't do it at all?
Any advice would be appreciated.
Thanks,
David
- References:
- Mitigating risks of outsourcing desktop management
- From: David West
- Mitigating risks of outsourcing desktop management
- Prev by Date: Re: what should I do when....
- Next by Date: Citrix Web Interface - VPN - public computer...secure??
- Previous by thread: Mitigating risks of outsourcing desktop management
- Next by thread: Citrix Web Interface - VPN - public computer...secure??
- Index(es):
Relevant Pages
|
