I currently work for a company that relies on a small hosting provider managing six custom websites for us. This vendor also takes care of our DevOps, controlling everything after our GitHub account, including our Cloudflare setup which is crucial for security and performance. I've been informed that the vendor owns the Cloudflare account and, for security reasons, we can't access it or even view logs, which hampers our developers' ability to debug issues. I'm concerned about the portability of our setups if things go south with this vendor. I believe we should own and control our Cloudflare account. I'd love to get your thoughts on whether this is the right perspective and learn about industry best practices regarding client-vendor ownership, control, and visibility.
1 Answer
You definitely need ownership of your digital assets. Not being able to observe logs, metrics, or alerts prevents you from properly supporting your products. You must consider what benefit you're really getting from this vendor to justify them having full control. If feasible, managing the DevOps in-house could allow for better control and auditability, which are essential for your operations.
True, but even if they can't handle it all, many companies can work under such constraints. No need to stick with this vendor!