What is a server and why should my organization have one?
Does my organization need a server?
Hello, my name is Brian Largent, and this is another episode of Three Minute Thursday. Today we’re going to be discussing whether your organization needs a server or not. Now, if your organization already has a server, this video is not for you, but if your organization does not have a server or maybe thinks it doesn’t need a server, this is exactly the kind of video you need to be watching. So let’s dive in.
What is a server?
Well, it can be defined in many different ways, but what we’re really talking about today is the physical hardware and the software that resides on it that controls the centralized storage of data in your network, as well as the security of such data. So why would a small business not want to have a server? Well, there’s lots of good reasons, but all of them boil down to just being cost. Some of those reasons are it adds complexity, it costs more to support, it needs to be backed up, it’s noisy, it creates heat, and I just don’t have anywhere to store the server in my office. And these are all very valid reasons for not having a server in your environment.
Why should you have a server?
However, there’s also very good reasons to have a server in your environment. So why should you have a server? Well, you should have a server for security. Every reason that I can come up with always boils down to security. So let’s talk about some of those reasons. You need a server for centralized management to be able to manage each user in a central repository, rather than managing them on each individual computer. The reason for that is when you manage them on individual computers, it is just too much work. The average user is not going to do it. You’re going to find ways to work around it, and you’re going to reduce security in your environment. And by work around it, what that means is when you have a new user come in, eventually you’re just going to start using the same username and login on every computer because it’s just too much work to create new accounts for every employee that comes into your organization. Well, that’s not going to be HIPAA compliant.
You also don’t have auditing of user access. If you have a server, we do have auditing of user access. We can see when users access ePHI, when they log into computers, when they fail to log into computers. We also have the ability to use your AD authentication with multiple applications. Now, AD is an active directory. That’s a feature of a Microsoft Server operating system that you really have to have to make all this happen.
So we can make your Office 365, your electronic medical records, your wireless, and your VPN access all use the same login and password that expires every 90 days, again, meeting PCI and HIPAA compliance. We can also secure your file and folder permissions easily without having to go to every computer and then lock each one down individually. It’s a lot less work, but would you really do it? More than likely, what you’re going to do is just give everyone access to everything so that you can continue to move your company forward without having to learn how to support each individual computer. We’re also going to mandate security requirements. It’s a feature called group policy, which is part of Active Directory. With those requirements, we can force screen lock timers, centrally manage password expirations and resets, and we can lock out attackers who have too many failed login attempts trying to get into your system.
And then there’s other benefits such as mapping network drives and mapping printers automatically for every user that logs into your environment. Now, I will concede that there may be an organization out there that does not need a server, very small organizations or organizations with zero concern for their security, organizations that have a third party company that manages their server, or they run all cloud applications with no compliance or regulatory concern whatsoever. You can probably get by without a server, but organizations that have any kind of compliance or need to have a degree of security to protect their information have to have a server to make that happen.
And I’ve been to many companies and I’ve seen what really happens in organizations. Any company that believes that they can manage their infrastructure and secure it without having a centralized repository for security, storage, and control is really fooling themselves because it can’t be done effectively. And ultimately it deteriorates to the point that no security is being applied at all.
Share the Knowledge
Managed Service Provider CHECKLIST
Land on the best IT solutions partner for your needs with this easy-to-follow, one-page download.