In 2019, most apps are moving to Cloud. It’s cheaper and easier to manage online, making it an easy decision for most companies with a software product. One of the most common discussions in meeting with our clients is: “Do I still need a server?” Quick answer?

Yes. You do.

What is a server?

Traditionally, we think of a server as a box in a closet somewhere that stores all your data. However, it’s important to think more broadly about servers. A server can be complex with multiple roles or incredibly simple with a single small role.

In most business networks, you have the main server which is called a Domain Controller, or DC for short. The main purpose for a DC is Active Directory. Active Directory (AD) is the index for all the users in your organization. Some important features here:

• Central Management for Usernames and Passwords: Reset your password once and it syncs to all the other computers in the network.
• Group Policy: Make decisions and automate roll out of features like:
  • Password Strength
  • Who has Admin access
  • Network/Share Drives
• Print Server: Tired of everyone printing color by default? Push defaults like, Black and White, out from the server.
• Network Policy Server: Sync usernames and passwords for VPN, Wi-Fi, and specialized Line-Of-Business software to be the same as your computer.
• File Server: This is what we’re used to, files stored on a network drive so we can share files with co-workers.

These features provide a robust, centralized, and automated way to decide what your network looks like. However, I want to point out an often missed flaw, that if ignored, provides a huge security flaw.

BitLocker: Securing your computers

BitLocker is encryption for your hard drive in Windows. Meaning you need a special key to access the hard drive if you remove it from the computer.

Mac has FileVault, which is turned on by default when you load your Mac for the first time. If you have Windows 10 Home, BitLocker isn’t included. If you have 10 Pro, you have the feature but it’s not turned on by default.

If you don’t have an Active Directory, BitLocker will sync to your OneDrive or you can print off a page with the encryption key. However, no one can ever find their encryption key. The paper often gets lost or is stored in an insecure manner. Also, you have to remember to manually turn it on for every computer.

So why bother? If you were to lose one of your computers, someone could extract the hard drive, reset the password for your login, and (with caveats) now have full access to your email, OneDrive/Dropbox, company files, wifi passwords, photos, documents, and browser history. Microsoft closes these loopholes every few years but there is always a new method to wipe the password.

By having an Active Directory, it can act as the storage local for these keys. Allowing IT to reset passwords and push out new encryption keys when required. Now, if a computer is lost, it’s contents are secure.

Unless you are a 1-2 person shop, we are always going to recommend a server to manage your computers. It’s easy to miss items in the growing list of settings that Windows requires to be set to remain secure,a Domain Controller is just one of those tools to make it smoother, faster, and easy to recover when you need it most.

Yes, you can still store your files on it.