Where is it Safer to Put Your Server – In the Cloud or in Your Office?
It’s the 64GB question: is your company’s server more secure in your office or in the Cloud? The answer is: it depends.
Primarily, it depends on three things: how your Cloud or onsite server is being used; how it was set up; and how it’s being monitored, maintained and managed. If all of these factors are effectively addressed, then an onsite server poses no more of a security risk than the Cloud and vice versa.
One of the main issues with server security is providing easy and secure employee access to your company’s systems from an employee-owned device.
No matter where the data is housed, if your employees are saving or sharing corporate data on their own smartphones, laptops, and tablets, then you potentially have a huge security vulnerability.
One way to avoid this potential security risk is to issue company-owned devices, over which the business has more control. Add an additional layer of protection with mobile device management (MDM) software, so you can track devices and wipe data or deny access as needed.
You can also use MDM software on employee-owned devices, which will enable you to control and secure access to corporate data and systems without taking control over the actual device itself. Unfortunately, if employees are doing “homework” on their own PC’s, the MDM solution can’t be deployed—but you can and should set up a remote desktop that enables them to access your server and enables you to control the work environment.
Additionally, we strongly recommend training your employees on proper access and security measures—from recognizing email phishing scams to keeping passwords private (or better yet, using a password management program. [NOTE: can link to March 2017 article but we did a more recent piece in September– get that posted and link to it?]
Setup for Optimal Security
There is no way to completely bulletproof your system, but the best way to reasonably ensure data security is from the get-go with the way your system is set up and configured. There are several safeguards and best practices that can be implemented during setup that can prevent problems later. Overlooking these measures would be like installing entrance/exit doors to your location without locks.
If your server has a nonstandard setup, it can expose your business up to serious security hazards, so talk to your IT partner about how the firm is configuring the security for your server. There are many ways to customize your network without going out of accepted bounds (and possibly exposing your NJ business to risk).
Monitor and Update with Security Patches
Even the most secure system – no matter if it’s in the Cloud or in your office – requires continuous monitoring to identify problems and security threats when they happen. The right process includes not just monitoring but also alerting your IT team to a problem so they can take immediate action, preventing or at least minimizing downtime.
It is also essential to keep your system constantly updated with the security patches that Microsoft and other software publishers regularly issue.
It’s important that you talk to your IT team or IT partner to find out how all of your IT devices are being monitored and updated. Questions to ask include:
-What is being monitored? When and how?
-What kinds of system-level events are being noticed and corrected?
-Are system error messages being addressed right away?
-Are security patches being implemented regularly? Let’s not forget the massive Equifax data breach that was the result of the IT team overlooking security patch updates.
-If you use Cloud-based applications, are full SCIM protocols in place?
As in many other areas of life, an ounce of prevention is worth a pound of cure. No company that relies on computing can afford to be lax; proactive monitoring is essential for preventing costly downtime and security vulnerabilities.
For example, recent malware (Meltdown and Spectre) wreaked havoc in many companies because they had not updated their systems; clients on IND’s TotalCare managed services program had far less to worry about because our network engineers implemented the proper security measures right away, mitigating the risk associated with this malware on a proactive basis.
Have questions about your server setup or maintenance? Still not sure about on premise or in the cloud? Contact IND Corporation to discuss your business computing and managed IT service needs. We’re located in northern New Jersey and serve companies located throughout the state.