mailing list archives
Re: Outsourcing of User Administration
From: "Eric Zatko" <EZatko () co lucas oh us>
Date: Wed, 28 Mar 2007 11:14:10 -0400
Great question! Bruce Schneier says that "On the one hand, the promises
security seem so attractive: the potential to significantly increase
your network's security without hiring half a dozen people or spending
a fortune is impossible to ignore. On the other hand, there are the
stories of managed security companies going out of business, and bad
experiences with outsourcing other areas of IT. It's no wonder that
paralysis is the most common reaction to the whole thing."
I interpret him to say that outsourcing your user/security management
is a bad idea.
Check it out here: http://www.counterpane.com/outsourcing.pdf
"Whatever has overstepped its due bounds is always in a state of
Lucius Annaeus Seneca (4 BC-65) Roman philosopher and playwright.
<christine_pouliot () cargill com> Sunday, March 25, 2007 5:47 PM >>>
I am interested to know who has outsourced the user admin function
including add, change, delete of Active Directory accounts, business
applications and Directory services. What controls were used to ensure
that the outsourcer did not have availability to intellectual capital.