Everybody is looking for ways to increase efficiency and trim expenses nowadays. Your company’s channel partner is no exception.
With that objective in mind, most partners have adopted a support model through which they remotely access computers and other devices on your network when those devices need service, or in some cases merely threatening to need service. Doing it this way eliminates the need for trained personnel to climb into a truck, sit at numerous red lights, spill their coffee, and then repeat the process in the opposite direction after fixing whatever part of your IT infrastructure was green-about-the-gills.
Occasionally, customers express some concern about allowing any kind of third party company to tap into their networks from remote locations and do heaven-knows-what. Yes, we can always get the stated objective of the virtual visit, but it nonetheless begs the question of what else might have been done while they were in there. Meanwhile, the more frugal side of that same suspicious brain is generally relieved that the company doesn’t have to fork over the bucks necessary to have somebody drive out to their office.
So if you’re waiting for me to tell you in no uncertain terms that you can always rely on support teams to be fine, upstanding business people who would never even considering swiping a single bit of data that didn’t belong to them, I’m not going to do that.
But neither am I going to say that delivering the keys to the IT castle is the wrong thing to do in all cases.
That’s because this is one of those IT choices that transcends the quantitative dollar evaluation, and has a lot more to do with the qualitative element of trust. Who exactly are these people who want invisible access to your network? Have you worked with them before? If so, how long? Under what circumstances do they want permission to log onto your network? Will they notify you when they do? Will there be an objective way to determine where they have been and what they have done? What applications will they be able to access? Will this be done by people you are comfortable with, or might this be outsourced? What has the channel company done to minimize risks of hacking and other malfeasance?
Expect your channel partner to shift uncomfortably in their chairs when this part of the discussion is happening. Nobody enjoys fielding questions like these. Nonetheless, they are important for you to know, and it is also good for the partner to think about these potential issues too. It will raise their awareness, remind them of the importance of security, and generally remind them to keep their eyes open.
On the other side of the coin, it’s also possible that if you had your own in-house IT staff, some of those same problems could occur. “Inside jobs” obviously happen too, so outsourcing this to a trusted partner is not necessarily more risky than any other alternatives at hand.
But ask anyway. It might not be the most socially comfortable moment in your life. But if anything ever does go wrong, questions about the screening process, and the fact that you inquired into these matters could work at least somewhat in your favor when your bosses are trying to figure out what happened and who is responsible.