Re: Outsourcing of User Administration

["Eric Zatko" <EZatko () co lucas oh us>]

Christine,

Great question! Bruce Schneier says that "On the one hand, the promises
of outsourced
security seem so attractive: the potential to significantly increase
your network's security without hiring half a dozen people or spending
a fortune is impossible to ignore. On the other hand, there are the
stories of managed security companies going out of business, and bad
experiences with outsourcing other areas of IT. It's no wonder that
paralysis is the most common reaction to the whole thing."

I interpret him to say that outsourcing your user/security management
is a bad idea.

Check it out here:  http://www.counterpane.com/outsourcing.pdf 

Regards,
Eric Zatko

"Whatever has overstepped its due bounds is always in a state of
instability."
 Lucius Annaeus Seneca (4 BC-65) Roman philosopher and playwright.



> > > <christine_pouliot () cargill com> Sunday, March 25, 2007 5:47 PM >>>
I am interested to know who has outsourced the user admin function
including add, change, delete of Active Directory accounts, business
applications and Directory services.  What controls were used to ensure
that the outsourcer did not have availability to intellectual capital.