Many small businesses start out with a set of computers that are organised in an ad-hoc way. Perhaps some computers are owned by the business – others are owned by employees – but regardless of who owns these devices, this casual approach to how the technology infrastructure is set up will almost invariably become a problem. This article discusses why ad-hoc networks like this don’t work and what the path to a more grown up “managed network” looks like and costs.
Employee Owned Devices versus Company Owned Devices
If your employee has brought their own computer and phone to the business, you might have saved upwards of a thousand pounds and a couple of days of setup time. These are admittedly tangible, desirable outcomes to your business but from that point on you’ll eventually be exposed to problems that will cost you more in terms of time and money to resolve and could ultimately cost you your business.
You will lose control of your business data.
When an employee that uses their own laptop or PC in your business leaves (maybe you need to sack them, maybe they have been poached) you can’t simply ask for that person’s computer back to ensure the data has been removed or is subsequently handled in a GDPR compliant way. They own their equipment after all. Not only have you lost the ability to take control of that data but you have allowed the employee – potentially unhappy at being fired or willing to share your data with a new employer – to retain, copy and control potentially all the data you have ever let them access. That’s a lot of data that could be used in a malicious way. If you’re a business owner you could be legally responsible for the consequences too.
You will lose control of security.
Another issue with employee owned devices are ones that revolve around security. Is the computer locked when a member of staff leaves their seat even if they are working from home? Does the employee prevent anyone else from accessing their account and knowing their password? Did that employee enable full disk encryption and do they have the decryption key? Is that decryption key backed up? Is any of their data backed up? Where to?
You will lose control of protection.
If you do not own the device your employee is using then you can’t block the special “administrative rights” that are required to install most software. As a result, you are more exposed to potentially malicious software and the legal implications of running unlicensed software. More information on admin rights can be found here.
How to get control?
These are just a selection of the reasons why allowing employees to use their own devices to access company data is not best practice. It is understandable why some start-ups take this approach, but it does not stand up to scrutiny for anything other than the very smallest of businesses. Every time you add a device that does not belong to you then the problem gets harder to recover from. The starting position for you to control the data is to own the devices that the data is accessed from.
Ad Hoc Networks versus Managed Networks
Now we have established why company owned devices are the way to go, we also have to establish how your devices are properly managed. Just because you might own the devices it does not mean you have oversight on them –this requires proper, centralised management. Casually thrown together technology exposes you to most of the same risks that an employee owned device does. When you own the users PC or laptop you can take steps to control the device and secure the data on it when an employee leaves, but during their employment you have no real oversight or control of that device while it is in day to day use. Other steps need to be taken to mitigate the factors discussed above.
There are a variety of ways to manage the devices you own, each method having a certain scope. For example, you might have a cloud-based antivirus tool that tells you if one of your devices has a virus, or you might benefit from our RMM service that can tell you if a given device has a fault, but these are peripheral to core data security measures. They do not address the fundamentals as to how user logins are performed, how login policy is set, where data is stored, who can access it and and how data is backed up. This is where a Server – which forms the core of the client-server model of a managed network – is required.
Servers for Growing Businesses
The natural migration path from an ad-hoc network to a managed network is to provision a server. A server can do many things and is the platform for your businesses continued growth or success. The stronger and more stable the platform is, the more room your business has to grow. Of course the cost grows as the server requirement grows with you, but factors of growth can be predicted and accommodated by having a server that is upgradeable, though like all systems all servers will have a lifespan.
The primary server roles.
A server has many “roles” but for the purposes of this article the three primary ones we are interested in are as follows:
- Active Directory
- File & Print
The Active Directory service can be described most simply as a database that quickly and securely connects your users (employees) with the data (e.g. shared folders) and resources (e.g. printers) they need to get their work done. It contains information about your users and computers and – most critically – who is allowed to access what. A typical Active Directory will contain the names, job titles and email addresses for your users along with details of what network shares they can access or network printers they can use. They can only access these shares and printers once they have “logged in” to the server by means of a computer that is also connected to the Active Directory. If a user fails to login successfully to the Active Directory server, they simply can’t look at the data.
As well as centralising the management of the data you need in your business, a server running an Active Directory service means users can be blocked from all of that important data with just a few mouse clicks from the server administrator. When you block a users access to the server you effectively block access to everything stored on it. In the scenarios given earlier in this article we see that your company data can be controlled and secured when the computers your staff use are owned by your business and configured to authenticate to your company server.
File and Print
The file and print services on a server are pretty straightforward. If you wish to store data in a secure, centralised location that is also easy to administer then you need a server which wil have this feature. Folders on the server can be shared to specific users or groups of users so they can work collaboratively on shared documents. Shared folders (called network shares) can be automatically connected to each user’s PC as network drives and users can optionally have local copies of their own files saved to their computers. Printers in offices can be automatically deployed so users do not need to get involved when printers are replaced; changes to the printer configurations automatically populate to all users.
When users are made to store their files on the servers’ network shares it makes sense that your backup solution is server based too. A single server backup solution can often be used for this purpose. While most servers have a built-in backup tool they are typically lacking in features or reporting tools and so you will typically need to pay extra for a good quality backup solution. We use Acronis for the IT\norwich cloud backup service described here, though there are plenty of other solutions that could fit your needs if they are unusual.
The secondary server roles
Once you have a server in your business it can be leveraged for other services too. With the right software and support there are dozens of other roles your server can tackle, these are the most common for our Norfolk based business clients:
- Enhanced Login – Ensure all users login with a robust password policy and with optional 2FA.
- Scan Services – Ensure all network scans go to a central repository or securely to each person’s network share.
- Email Signature Deployment – Ensure all users have the same email signature and change all users’ signatures from a central location.
- Email Backup & Archiving – Ensure all emails to and from all users are backed up and retained in an archive even if users delete them.
- Security Oversight – Ensure all users are running a company authorised security suite and that suite has not been tampered with and is blocking threats.
- Line of Business Applications – Some industry specific applications require a dedicated server to work well.
Which server is right for your small business?
Once you’ve decided a server is the right thing for your business, your next decision is whether to have a physical server located inside your business premises, a virtual server located on the internet, commonly referred to as “in the cloud”, or a combination of both. Please review our Physical, Cloud and Hybrid Server Solutions page to learn more.
Server Administration & Maintenance Costs
Irrespective of the type of server(s) you have they will need to be correctly administered and properly maintained. In the interests of security and reliability these tasks should be performed by experienced server administrators. We typically recommend a monthly server maintenance plan to ensure each server remains in a healthy state. Most small business servers typically need three to four hours maintenance per month at an additional cost so approximately £150 to £250 per month on top. All other server administration tasks are charged for as part of our usual IT support process.
The adoption of a server for your small business is essential for a managed network. The setup of the server is relatively straightforward, but migration from an Ad–Hoc network to a Managed Network can take a significant amount of time as data has to be transferred, rules and policies have to be agreed and each device has to be “attached” to the domain. This last step is like a “reset” on the users computer and so for long term reliability each laptop or PC that is being added to the server ought to be backed up and “rebuilt” before it can be used. As a result, the longer you delay having a managed network the more time will be required to migrate to one. Note also that like most software, server operating systems age over time and so servers are a regular cost you need to budget to replace, typically every five to ten years.