Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 115
  • Last Modified:

Staff want to build his own server- Suggestions and IT policy

Hi

I have a Staff who is from a different department  and has some IT knowledge  and  says that he has his own PC and he want to build as a server ( Using open source software) and give access to 40 users within our network.
I had told him that we can setup this, but is in a hurry to set this up by himself.

The PC is his own and I may have to give additional permission to install the software and our Antivirus is licensed only for our organisation PC, he may say he will purchase the AV.

I bit concerned about the security implications and wondering a staff who is not in the IT department maintaining own server and don’t want others to think that IT is incapable of setting this server. I have not looked into the staff IT policy still.
Please suggest,  any suggestions much appreciated.
Thanks
0
lianne143
Asked:
lianne143
3 Solutions
 
No MoreCommented:
Simply tell him no ! Personal computer / server don't belong inside the company, as you never know what he will have installed on it.

And again, company software = company computers only

You are correct to be concerned about security, last thing what i would like to see is, some wanna be IT messing up the network

Also, if you allow this and his server will have some major hardware failure, which would cause damaged port on switch, it goes on your head and personally , I would be quite upset about this
0
 
masnrockCommented:
Who is supposed to support everything? And what are the current IT policies?

Have everything go through official processes. Company owned equipment, company owned software, and managed by IT. Also should have to follow company standards and guidelines. Otherwise, you open the door to other users requesting the same thing. And they will all point to this one project as a precedent.

Here is another issue that you open up if you allowed his project the way you want it: Since he owns the hardware and software, what happens if he leaves? Does he get to take that with him, along with any data on the server? Leaves potential for network, policy, and potential legal issues.

Get upper management involved if necessary, but do not allow this. Also, that user could already be trying to get the system built and running.
0
 
btanExec ConsultantCommented:
A simple no as personal issued asset and a managed server system will have different risk profile and measures to harden to reduce the exposure to internal and external threat.

It is not so much that the user is not in IT dept or the user is not IT savvy as compared to a true server admin. But this once off turn key approach using open software is going to open up more concern and review on the
- accountability for the compliance of the security baseline,
- access control based on role and least privileged,
- proper segregation of network,
- data protection of company sensitive info and
- incident handling and response processes

The above need to clear and sorted out as a personnal and actual production server will differs. The risk increases as measures are lacking if they are not addressed and go ahead hastily.
0
 
lianne143Author Commented:
Thanks you so much for your sugessions, you all have been so helpful.I will award your points
David Fiala
masnrock
btan
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now