Hi all,
We're a financial firm. We have recently begun inviting outside groups into our various facilities -- a not altogether uncommon situation in the sector.
They bring their servers, workstations and, in certain cases, network hardware. We do not get to check or pre-configure them in any way at this stage.
We provide DC facilities, network bandwidth and the like.
In a perfect world, we would hand these folk machines that we had built (and locked down) in order to control the potential ramifications to our network and datacenter.
In this industry (assuming one accepts this business model, and I was not asked for my acceptance), the machines are the "secret sauce." These guests would no more let us build their machines than we would allow them to look under the skirts of our special financial modelling systems.
The risk, of course, is that a badly configured machine goes rogue and brings down our connectivity in the middle of a trading day. Someone installs a Pokemon screen saver that goes supernova, hilarity ensues. Another risk may be liability for any unlicensed software that manifests on our network. Don't know.
How do you handle such a scenario (having these outside factors on your otherwise carefully-run -- and vitally, critically important -- network)? Do you have experience with not just the technical aspects, but also the legal and business ones?
I am very grateful for any thoughts and discussion on this matter.
NY
We're a financial firm. We have recently begun inviting outside groups into our various facilities -- a not altogether uncommon situation in the sector.
They bring their servers, workstations and, in certain cases, network hardware. We do not get to check or pre-configure them in any way at this stage.
We provide DC facilities, network bandwidth and the like.
In a perfect world, we would hand these folk machines that we had built (and locked down) in order to control the potential ramifications to our network and datacenter.
In this industry (assuming one accepts this business model, and I was not asked for my acceptance), the machines are the "secret sauce." These guests would no more let us build their machines than we would allow them to look under the skirts of our special financial modelling systems.
The risk, of course, is that a badly configured machine goes rogue and brings down our connectivity in the middle of a trading day. Someone installs a Pokemon screen saver that goes supernova, hilarity ensues. Another risk may be liability for any unlicensed software that manifests on our network. Don't know.
How do you handle such a scenario (having these outside factors on your otherwise carefully-run -- and vitally, critically important -- network)? Do you have experience with not just the technical aspects, but also the legal and business ones?
I am very grateful for any thoughts and discussion on this matter.
NY