How safe is an On Premise Server-
Synopsis: With ever changing Technology ecosystem , more
applications, changing regulatory scenario, complex virus and hacking attempts,
it is not possible for Businesses to ensure and keep their on premise servers
Safe and Available
· Safety of Customer Data
· Internal and External loss of confidential data
· Reliability and interoperability of hardware
· Issues with scalability for performance
As the Application Scenario has evolved most SMB businesses opted to go in for On Premise server and Applications running on the same. Businesses needed the automation for Accounting, Files and Folders Sharing, Team Collaboration and this model with an in office LAN provided the best suited model. The so called “server” also in most cases was a souped up Desktop-Branded or even “Assembled”. This was typically maintained through an AMC with a local IT Service provider who typically would have sold the Assembled PC.
This model saved costs initially but the reliability of the machine was always in question. And also there was limited access to the Internet from the office and hence the environment was isolated and safe to a large extent. Mails were the only access to the outside world required.
But with the advent of Banking on Internet, Taxation filing and Compliance on Internet, even booking tickets and hotels through Online, things started changing. To an extent even employees were demanding or taking for granted the Internet access.
Wifi in offices percolated and now all employee mobiles were also hooked to the Office Internet/Lan system.
With this the load on the server and the chances of virus infections rose manifold.
But these issues have been largely ignored as just mere irritants.
Safety of Customer Data:
Client Data in Business systems has never been a very big issue in India. Let’s take the example of Chartered Accountants. They handle the most confidential data of their clients and have also been sensitised to that effect by the ICAI-their governing body. But it is only an advise and the whole ecosystem works on the TRUST premise. Right from the bank details to the sales and purchase register to the vouchers and reimbursements, everything is with the accountant and the CA. But do these entities have the knowledge and tools to evaluate IT technology for this critical use.
The Indian Government is working on the Data Protection Legislation. One of the most important tenets is that the data belongs to the individual or entity. If shared with other third parties, it needs to be not just kept confidential, but also ensure that it is deleted from all systems if so desired by the client/ owner of data.
How do we ensure the implementation and effectiveness of this basic requirement .
The basic On premise server with local support will fail every time due to scalability and knowledge issues at the local level.
Internal and External Loss OF Data:
It is now a well established fact that most data hacks/ misuse is either done by internal employees or by those with inside support for the same. It could be a very simple sharing of username or password, or even guessing the same due to the loose password structure. Employees copying confidential data on USB sticks or mailing themselves confidential files is easy and can be done effectively. It is even at times disguised as a way of sharing the data with a colleague or for working later at home or at client premises. And that is where the TRUST system works under the eye of the owner of the services business.
An example is Hospitals. Most large hospitals have now started distributing the Investigation reports online using a password/username. You can access your reports from the hospital server. You can even book online consultations.
What if this data is accessed internally by an IT savvy employee.
Are hospitals equipped with trained IT staff to handle such issues. Most do not even have trained permanent hires. It’s all outsourced with bare minimum transparency and processes in place to check for any misuse.
Trust and reputation are the sole barricades stopping a major incident in India. Not process and systems which in the long run even save time and embarrassment.
The on premise server needs an upgrade as response is slow. The operating system has been upgraded because some application needs the same. Windows 7 is outdated. So you put Windows 10 and the system just slows to a crawl.
The local guy upgrades the RAM. And it works for a few days or weeks. And then it has a Blue Dump error or just goes back to what it was.
You call the guy again and he tinkers and shakes the system and it works for a few days again.
Its like taking a Maruti part and putting in a Hyundai car. On top of it this on premise system is 4-5 years old so it does not even get the same spare parts. There is no way that this system will be reliable and functioning.
The business suffers due to lower employee productivity and enhanced costs associated with the same.
You do save a penny but will end up spending a pound to get it fixed.
And then there is the multitude of devices bought of the internet. Cheap. And you just want all of that to work together. It’s like a having an Orchestra with all different styles of instruments and players with no practice of playing together. It will fail.
What is required is a holistic approach to the whole system and also to the Security features each system carries to ensure smooth working for the employees thus increasing productivity and lowering your costs- everyday recurring costs.
Issues with Scalability and Performance
Your business is growing and you need more people. The applications and automation has increased. More speed is required and more data sharing is required within the team members.
The on premise server is stuck with the office timings. It starts when your arrive and shuts down when you leave for home.
Client calls and you need some data to fix the issue. But its on the server at office. One way I have seen is there is a copy with the owner on his laptop. So you mail that to another colleague and get the work done.
So now we have multiple copies of the same data with different versions and also accessibility to the confidential data.
Someone suggests a firewall and open to internet with a static IP. Easy to do an buy. And now you have access . Easy to say, but this access comes with greater security risks as it is easy to bypass all this. Also the On Premise server is just a PC and not designed to run 24x7. It does not have disks in redundant configuration, does not have redundant power supply, has no antivirus and no access control built in. And even if it is do you meticulously maintain it.
If not it will fail sooner than later.
ePrompto provides services which ensure you have the right team , with the right skill sets to ensure that your systems are in harmony , work efficiently so that your employee productivity is high and your costs lower.
13 Feb, 2021
13 Feb, 2021