Security Basics mailing list archives
Mitigating risks of outsourcing desktop management
From: "David West" <davidawest () gmail com>
Date: Wed, 9 Jul 2008 17:26:29 +1000
Hello, Our Operations team are investigating outsourcing the management of desktops, adds/moves/changes/break-fix etc. One of the proposals on the table is for a vendor to build/add desktops to our AD domain off-site at the third parties premises. They propose to achieve this by extending our AD domain to their premises. I have a number of concerns with this approach, including; extending our domain to an uncontrolled environment; policy and procedure conformance of the third party; access required to add computers to AD; potential to poison AD; identity management issues, etc. Some of these concerns can be limited with tight commercial contractual terms, however I was wondering if anyone can provide insight into how other enterprises solve this problem? Ie, Somehow provide only a subset of AD functionality to the third party; policy conformance somehow; or don't do it at all? Any advice would be appreciated. Thanks, David
Current thread:
- Mitigating risks of outsourcing desktop management David West (Jul 09)
- Re: Mitigating risks of outsourcing desktop management Adriel Desautels (Jul 10)