Why Should I Trust My Network Administrator?

Andrew writes "I'm a manager at a startup, and decided recently to outsource to an outside IT firm to set up a network domain and file server. Trouble is, they (and all other IT companies we could find) insist on administering it all remotely. They now obviously have full access to all our data and PCs, and I'm concerned they could steal all our intellectual property, source code and customers. Am I being overly paranoid and resistant to change? Should we just trust our administrator because they have a reputation to uphold? Or should we lock them out and make them administer the network in person so we can stand behind and watch them?"

On site is more expensive

[kperrier]

You could mandate on-site support only, but you will get charged out the yang for it.

This is what being bonded is for

[Dr_Harm]

If you're concerned, ask them to carry a performance and fidelity (aka surety) bond.

Don't trust them unless you meet them

[Blackneto]

I do a lot of remote support for my customers.
I also make sure I get face time with them.
Learning the work-flow of a company is very important when it comes to administering their network.
If the company you are hiring doesn't schedule regular visits than i wouldnt trust them to work in your best interests.
I'll add this as well. audit them periodically. Hire another company to check up on them.
My customers do this and I've received good feedback from the customer and the auditor.

If you can't trust your admins you're screwed...

[Narcocide]

Seriously? You're thinking about this now AFTER they've put the whole network up with all remote access enabled?

What the hell makes you think they can't steal all your crap in person? Even if you assigned someone to watch every move they make it would be difficult for novices to even be able to recognize data theft happening as they watched if it happened through a command-line interface.

Contractual obligations

[dave562]

If you are so worried about it then have them sign a contract that stipulates they won't do what you're worried about them doing. I've done consulting for the SMB market. We did the majority of our support remotely. We were constantly busy taking care of clients and didn't have the time or the inclination to try to steal from our clients. Look at it this way, if your consultant leaks your super duper secrets to your competitor, and you go out of business, where does that leave them?

Re:Worried about the results of your actions?

[Maxo-Texas]

Outsourcing to IBM has lead to a 30 to 60 day lead time.

No BS.

To make a change to the software, they need to allocate resources away from all the other companies we are sharing the resources with.

To get new hardware requires 60 days after they get an approved PR. And the cost of setting up that hardware is incredible. $14,000 for a server for example-- more than the cost of the hardware.

Main reasons we do it... Sarbanes Oxley (sp?) and Disaster Recovery. If our corporate office is wiped out, we keep going. If IBM site 1 is knocked down, we keep going. If IBM Site 2 is knocked down- we keep going. Sites 1 & 2 are in very stable, very safe areas of the country.

But our productivity has gone to hell and our costs have skyrocketed.

And YET--- it's cast as a "savings" in the annual reports. Really laughable.

When executives set the rules, they *ALWAYS* make their goals.