Between friends Don't extend trust too far

摘要

What if you learned that your closest competitor had an in- direct network connection to your company? Would you be worried? If you outsource any aspect of your company's functions, and that outsourcing vendor has your competitor as a customer, an indirect link could exist. In today's world, we have already become familiar with other ways in which network boundaries have been made fuzzy: remote access from home users; back-end access from customer-facing web servers; out-of-band maintenance access for hardware vendors, and so on. Now there is outsourcing. Depending on the nature of the contract, in an outsourcing situation, sensitive customer information is likely to be shared. In extreme cases, such as outsourced system administration, all of a company's resources may be exposed to all of the outsourcing vendor's employees. So how serious are the risks of outsourcing security, and what steps should you take to minimize those risks?