Ask HN: Best way to secure on-premise servers?

6 points by nepsilon ↗ HN
My client asks me to put my servers in their private (non-internet connected) network.

This server contains proprietary code and deep-learning models.

What are the best practices to prevent any data theft?

2 comments

[ 2.9 ms ] story [ 16.7 ms ] thread
You should talk to a lawyer, not a sysadmin, because your remedy is going to be contractual rather than technological. Technologists thinking rationally will tell you that anyone with physical possession of an operating device wins, every single time.

If your lawyer cannot sufficiently derisk this for you then don't take on this business. (I would expect them to say, as part of that conversation, "Look, enterprises generally don't give a #$'(%# about the IP of their vendors. If it were available in an envelope labeled Please Take This Valuable IP they'd pass it by because they have a business to run and you're just a distraction to them." And they're right.)

Echoing, what I believe is the underlying premise of patio11's advice:

The potential client -- anyone who isn't currently paying you is a prospect, not a client-- is asking you to change your business model. That may or may not be worth doing depending on the amount the prospect is willing to pay and the opportunity costs that accompany the new business model versus the previous business model.

Patio11's point that this is a bespoke contractual negotiation surfaces the idea that the prospect is really looking for a consultant rather than a product. In that context, the services offered under the contract ought to be priced so that the client pays for the risk associated with misappropriation of the intellectual property whether or not it occurs -- or conversely pays for extended access to the IP.

All of that is friction for a business structured to operate on a different model. In my experience, losing a good prospect is easier to recover from than accepting a bad prospect by a substantial margin.

Good luck.