| I highly doubt this would get past any number of in house security regulations. Having an external site keep a database of all our users (even if "secure") would bring up doubts of how secure the information really is. Having an external site dial in is not so bad as our vendor has that access already but our security folks keep pushing for us to have them turned off until they are required where we would have to turn them on to allow the vendor access.
I also echo Slag's responce in wondering what insurance you have against corupt data or failing to be able ot provide the data back to the end user in a timely manor when required. That could kill you right there should one fail when needed. |