Were starting to wrestle with a number of decisions about how to best protect our small (3-person) office data.
What I'd like to do is get a handle on the relative level of security that might be afforded by using a firewall-protected, dedicated, 3rd-party-managed server located in a Tier II SAS 70 data center compared to a typical small in-house network (please).
The managed server would be configured with a Cisco firewall and a package of security services would be subscribed to in order to keep the firewall up-to-date. (I have no interest/ability to manage a server or firewall.)
We would access this server via a VPN connection configured with the data centers assistance. The server would be used as storage for all of our office files, work product, etc., but it would not be used to host any actual software applications.
What Im wondering is: How much more (or less) secure a remote, firewall-protected server might be when compared to an in-house network consisting of a router, several PCs, a network hard drive and a Norton Internet Security suite (software firewall and anti-virus)?
Part of what is motivating this is that its getting to be a major PITA to have to sync files before (and after) being out of the office. Plus, a growing level of angst over my doing (or not doing) something that might allow our current network to get hacked.
Costs of the managed server (within reason) are not a factor in any of the above.