Outsourcing, right-sourcing, best-sourcing — does anyone know what the latest buzzword is for this practice? No matter what the neologism is, it presents real issues that many of us in the network security field face every day. How do we allow offshore workforces into our domestic systems securely? This seems like a simple question with a simple answer: Set up a VPN or a Web service and call it a day. The author wishs that was the case, because it would give me more time to improve his golf game. But before you make a tee time, beware that there are a number of serious problems you can face that never seem to materialize until 2 a.m. the night before you go on vacation. The offshoring of technical jobs means that corporations need to connect their domestic network with a foreign network. Making this connection raises real security concerns.
The foreign network represents a vast unknown. You have no idea what — if any — policies the partner company actually enforces, how aggressive it patches systems and what the overall state of its network is. Regardless of what is discussed in contracts, wide-open access is extremely insecure. And because most offshore work is actually taking place in the middle of your night, if something goes wrong you get the pleasure of waking up to a BlackBerry alerting you in the wee hours of the morning.