Wow! Security is such a huge topic... Realistically, the only way to address your concerns is in specifics. Someone should conduct a security review of your site and your ISP. There are all sorts of issues here: physical security, security of the connection, policies, etc.
In my experience, most networks have some vulnerability. The only thing that is guaranteed to change with an ISP is that the data is no longer on your premises. If you put your data in some else's facility then you know for sure that someone else has access to it. However, because of the nature of their business, most ISPs are more security conscious than most end-user organizations. Your data may be more secure at their site than in your sever room.
Internal to organizations, the most common issue is that permissions accumulate over time. People are given additional access to perform new tasks and do new functions while their old permissions never go away. Eventually large communities have all sorts of access that they don't really need or even use.
In the situation you mention, the Windows 2000 encrypting file system may be of benefit. By using it to automatically encrypt your remote data, you lessen the risks that accrue from giving others access to it.
Editor's note: Do you agree with this expert's response? If you have more to share, post it in our .dZROapaKemm^1@.ee83ce3!viewtype=threadDate>Storage Management discussion forum.
This was first published in February 2002