Staff want to build his own server- Suggestions and IT policy

Posted on 2016-10-17
Medium Priority
Last Modified: 2016-10-17

I have a Staff who is from a different department  and has some IT knowledge  and  says that he has his own PC and he want to build as a server ( Using open source software) and give access to 40 users within our network.
I had told him that we can setup this, but is in a hurry to set this up by himself.

The PC is his own and I may have to give additional permission to install the software and our Antivirus is licensed only for our organisation PC, he may say he will purchase the AV.

I bit concerned about the security implications and wondering a staff who is not in the IT department maintaining own server and don’t want others to think that IT is incapable of setting this server. I have not looked into the staff IT policy still.
Please suggest,  any suggestions much appreciated.
Question by:lianne143

Accepted Solution

No More earned 1000 total points
ID: 41846281
Simply tell him no ! Personal computer / server don't belong inside the company, as you never know what he will have installed on it.

And again, company software = company computers only

You are correct to be concerned about security, last thing what i would like to see is, some wanna be IT messing up the network

Also, if you allow this and his server will have some major hardware failure, which would cause damaged port on switch, it goes on your head and personally , I would be quite upset about this
LVL 34

Assisted Solution

masnrock earned 500 total points
ID: 41846383
Who is supposed to support everything? And what are the current IT policies?

Have everything go through official processes. Company owned equipment, company owned software, and managed by IT. Also should have to follow company standards and guidelines. Otherwise, you open the door to other users requesting the same thing. And they will all point to this one project as a precedent.

Here is another issue that you open up if you allowed his project the way you want it: Since he owns the hardware and software, what happens if he leaves? Does he get to take that with him, along with any data on the server? Leaves potential for network, policy, and potential legal issues.

Get upper management involved if necessary, but do not allow this. Also, that user could already be trying to get the system built and running.
LVL 66

Assisted Solution

btan earned 500 total points
ID: 41846441
A simple no as personal issued asset and a managed server system will have different risk profile and measures to harden to reduce the exposure to internal and external threat.

It is not so much that the user is not in IT dept or the user is not IT savvy as compared to a true server admin. But this once off turn key approach using open software is going to open up more concern and review on the
- accountability for the compliance of the security baseline,
- access control based on role and least privileged,
- proper segregation of network,
- data protection of company sensitive info and
- incident handling and response processes

The above need to clear and sorted out as a personnal and actual production server will differs. The risk increases as measures are lacking if they are not addressed and go ahead hastily.

Author Comment

ID: 41846535
Thanks you so much for your sugessions, you all have been so helpful.I will award your points
David Fiala

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
To share tips on how to stay ALERT and avoid being the next victim - at least not due to your own poor cyber habits and hygiene!
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question