Solved

Staff want to build his own server- Suggestions and IT policy

Posted on 2016-10-17
4
68 Views
Last Modified: 2016-10-17
Hi

I have a Staff who is from a different department  and has some IT knowledge  and  says that he has his own PC and he want to build as a server ( Using open source software) and give access to 40 users within our network.
I had told him that we can setup this, but is in a hurry to set this up by himself.

The PC is his own and I may have to give additional permission to install the software and our Antivirus is licensed only for our organisation PC, he may say he will purchase the AV.

I bit concerned about the security implications and wondering a staff who is not in the IT department maintaining own server and don’t want others to think that IT is incapable of setting this server. I have not looked into the staff IT policy still.
Please suggest,  any suggestions much appreciated.
Thanks
0
Comment
Question by:lianne143
4 Comments
 
LVL 7

Accepted Solution

by:
No More earned 250 total points
ID: 41846281
Simply tell him no ! Personal computer / server don't belong inside the company, as you never know what he will have installed on it.

And again, company software = company computers only

You are correct to be concerned about security, last thing what i would like to see is, some wanna be IT messing up the network

Also, if you allow this and his server will have some major hardware failure, which would cause damaged port on switch, it goes on your head and personally , I would be quite upset about this
0
 
LVL 23

Assisted Solution

by:masnrock
masnrock earned 125 total points
ID: 41846383
Who is supposed to support everything? And what are the current IT policies?

Have everything go through official processes. Company owned equipment, company owned software, and managed by IT. Also should have to follow company standards and guidelines. Otherwise, you open the door to other users requesting the same thing. And they will all point to this one project as a precedent.

Here is another issue that you open up if you allowed his project the way you want it: Since he owns the hardware and software, what happens if he leaves? Does he get to take that with him, along with any data on the server? Leaves potential for network, policy, and potential legal issues.

Get upper management involved if necessary, but do not allow this. Also, that user could already be trying to get the system built and running.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 125 total points
ID: 41846441
A simple no as personal issued asset and a managed server system will have different risk profile and measures to harden to reduce the exposure to internal and external threat.

It is not so much that the user is not in IT dept or the user is not IT savvy as compared to a true server admin. But this once off turn key approach using open software is going to open up more concern and review on the
- accountability for the compliance of the security baseline,
- access control based on role and least privileged,
- proper segregation of network,
- data protection of company sensitive info and
- incident handling and response processes

The above need to clear and sorted out as a personnal and actual production server will differs. The risk increases as measures are lacking if they are not addressed and go ahead hastily.
0
 

Author Comment

by:lianne143
ID: 41846535
Thanks you so much for your sugessions, you all have been so helpful.I will award your points
David Fiala
masnrock
btan
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now