New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
i am looking for technical and support staff along with suggestions.
Greetings,
This is my 1st post, and I'm really happy to join lowendtalk.
I am currently looking to hire technical and support staff who will have access to servers and other critical systems. My biggest concern is trust and security — making sure they won't misuse access to user data or cause any damage, intentional or unintentional.
Would love to hear from the community on the following:
- What are the best practices for limiting and controlling server access for staff?
- How do you handle monitoring and logging staff activity without micromanaging?
- What legal protections, like NDAs or contracts, do you put in place before giving access?
- How do you gradually build trust with new hires before expanding their access?
- Any recommended tools or platforms for securely managing staff access?
I want to make sure user data is fully protected and that I have full visibility over what staff are doing on the systems at all times.
Any advice, personal experiences, or recommendations would be greatly appreciated.
Looking forward to hearing from the community — especially those who have been through this process before.
Thanks in advance!
Comments
Legal protections mean nothing if you cannot enforce them. Outsourcing critical functions to unknown people that you have never met in a foreign jurisdiction is a great way to find out how well your disaster recovery plan works.
@Dasabo has real good experience with this !!
At the end of the day, trust matters more than any number of security layers you put in place. In sysadmin and tech support work, if someone really wants to cause harm, they can often do it quietly. That’s why trust is always step one.
We handle a lot of clients, and they put their trust in us. Of course, we do have multiple layers of protection internally, but over the years we’ve also built a team of reliable people we know we can count on. That way, our clients don’t have to stress about security — they know we’ve got it covered.
Can you recommend any companies that provide such services? cause rather than hiring an individual, I'd go with established companies that can provide such services?
Thanks for the insights.
@BharatB
https://www.servergurus.com/
Hey please do reach out to me on [email protected], would be happy to have a discussion as to how we could help you out.
@HuntersPad
+1 for @BharatB and @MikePT
If you can hire people in person that come into your office, that's a good start.
You can have trust with remote workers, but it takes a lot to get there. It should not be given lightly. The trust also isn't just with them, but also their working environment (laptop, etc.) They may be honest, but their security practices insufficient. Or they may have a secure setup, but nefarious intent. Or just immaturity at some point down the road.
You can have separate accounts with very logged sudo access. You can also write tooling to do as much as possible without host access. But in hosting it's hard to have effective support without some access.
I would not pay bottom dollar (not that top dollar guarantees anything) for support.
No simple answers here.
Maybe @HuntersPad from https://lowendtalk.com/discussion/comment/4793781/#Comment_4793781
@MikePT might be able to help you with this. You can reach out to him.
Thanks mate, I'd be happy to discuss further with the OP!
I'm actively providing shared support for hosting companies, for an price (EU based support).
Thank you!
We are doing this kind of maintaince work for customers that are seeking for off-shore support teams. Best if you can implement something like
Hashicorp Boundaryso it'll track most of the things and you can manage access from it.