
Ask HN: Best way to secure on-premise servers? - nepsilon
My client asks me to put my servers in their private (non-internet connected) network.<p>This server contains proprietary code and deep-learning models.<p>What are the best practices to prevent any data theft?
======
patio11
You should talk to a lawyer, not a sysadmin, because your remedy is going to
be contractual rather than technological. Technologists thinking rationally
will tell you that anyone with physical possession of an operating device
wins, every single time.

If your lawyer cannot sufficiently derisk this for you then _don 't take on
this business_. (I would expect them to say, as part of that conversation,
"Look, enterprises generally don't give a #$'(%# about the IP of their
vendors. If it were available in an envelope labeled Please Take This Valuable
IP they'd pass it by because they have a business to run and you're just a
distraction to them." And they're right.)

------
brudgers
Echoing, what I believe is the underlying premise of patio11's advice:

The potential client -- anyone who isn't currently paying you is a prospect,
not a client-- is asking you to _change_ your business model. That may or may
not be worth doing depending on the amount the prospect is willing to pay and
the opportunity costs that accompany the new business model versus the
previous business model.

Patio11's point that this is a bespoke contractual negotiation surfaces the
idea that the prospect is really looking for a consultant rather than a
product. In that context, the services offered under the contract ought to be
priced so that the client pays for the risk associated with misappropriation
of the intellectual property whether or not it occurs -- or conversely pays
for extended access to the IP.

All of that is friction for a business structured to operate on a different
model. In my experience, losing a good prospect is easier to recover from than
accepting a bad prospect by a substantial margin.

Good luck.

