Final Words

Outsourcing is quickly becoming the corporate strategy of the decade. If your company hasn't yet outsourced any needs, there's a pretty good chance it will soon.

Before you implement any outsourcing arrangement that involves sharing access to your computer network, make sure you get all the facts straight. What kind of connection will be needed? How will that connection be secured? What's security like on the vendor's system? Will their access and procedures affect the security of your data? Get the answers before you get online.

At the same time, always assume that you will have security problems from time to time. It's simply the nature of the beast. To best safeguard your precious data through those trials, rely on thorough, regularly scheduled security audits performed by a well-trained professional.

Don't be fooled into complacency by relying on the reputation of your outsourcing partner. Some of the biggest and brightest have been compromised. One of the reasons it took so long to recover from Code Red was that the windowsupdate.Microsoft.com itself was infected. Thus, many became infected with Code Red when they downloaded the very updates intended to protect them from future attacks.

Of course, a virus is a much different animal from an overly trusting server. But my point is that you need to take responsibility for anything that goes on your network. It doesn't matter whether that "thing" is a demo disk from a megacode producer or quick access from the company to which you've outsourced your shipping. Your data's integrity depends on your continued vigilance.