We are a separate entity charity organization; however, we are also a branch of a bigger non-profit organization. Currently the CIO expressed opinions that he wants control over our network which contains 50 workstations and 6 servers. Two of those servers are database servers that contain crucial information. We are concern that if he takes over and moved all those servers to his location, would we increase the probability of being attacked by hackers since it will become a bigger target for hackers? Currently our Internet access and emails are from them, but as far as maintaining all the workstations and servers, that is done in house. We have our own separate firewall that protects all over machines before it goes out to their network and to the Internet. Will anyone give me some reasons to stay separate from their control over our network and machines?

Many thanks for your help. Any suggestion is greatly appreciated!

ljCharlie

Hi,

Well, I really can't say it's better or worse or why you should remain a separate entity. I would assume the larger organization has a security manager that watches over the network, and if he/she is diligent there should be no problems. Keeping the systems under one roof means resources could be combined and shared and access is closer should there be an incident. Who will have access should this move take place? If your subsidiary is going to be absorbed into the larger body then making the move makes sense because it's easier to manage and implement group access policies.

On the other hand there is no reason the network could not be administered in the same fashion remotely via a secure Virtual Private Network.

Many thanks for your response. One of the big concerns why we don't want head quarter to take over our servers is that we do not want them in control over our database. We are under state definition a separate entity but because we share a common goal, which is raising money, they want to take over all our machines including the database servers. In a sense, we do not trust them with our database server. So the main question is, what are some of the justifications for staying separate?

ljCharlie

Well, that's between you and them, unfortunately. There really is no justification I can offer for you to use as an argument to keep the 2 networks separate.

If the larger organization's "security manager" is not on-the-ball, you can kiss your security good-bye.

FE, I live in an apartment complex that has a "computer room" for the resident's. Neither computer there is (a) up-to-date on MS patches/updates or (b) has an A/V program that's up-to-date on it's defs/engine - because the main office (which isn't on-site) doesn't bother to take care of those little details. (!)

I would seriously question why they want control over your confidential DB's - if you can't come up with any good reason's, then I wouldn't go for it. You need to straight-out ask them about this.