Query regarding Server access and related Risks

Hello,

Opening Port 22 allows secure shell login to the server, using SSH protocol, which is a good option for remote access, using encryption between server and client.

Regarding the risks of source code access, we can identify the following:
- Lack of change management control
- Property rights violations
- Lack of control on Code security
- Server availability
- Software Development Lifecyle practices not accomplished
- Difficults in Service Level Agreement between service provider and customer.

Providing access to source code is a good practice or not depends on the business relation between parties and also the purpose of the server/code.

As a service provider it is a good practice to have an AUP (Acceptable Use Policy) signed by your customers regarding the services you are providing, where this point should be covered for server and code access. Also the AUP should include the RACI matrix identifying who is Responsible, Accountable, Consulted and Informed, defining the ownership of the asset.

If there is a need for shared administrator priviledges in th e server, you should use different user accounts and an external log system recording user activity in the server.

Thanks