UnHacked

Alright, guys. We're live. Finally. Just a quick dumb freaking, Riverside, unintentional plug for their software, but they changed everything. And so I had to go reset up all the streaming again.

And as I was going live just now, it pops up a little note, says your Facebook page is too new. It's not gonna stream. What the hell? But that said, we do appear to be live on our, our our Facebook group page, the unhacked podcast. So that said, welcome everybody to episode 22.

Did I do it right? Because I always mess it up. Episode 22. I think

this one's 22.

I gotta fact check myself. I gotta fact check myself every time. So today, we're gonna talk about cloud versus on prem, on premises, however you wanna say that, which basically is your equipment in your own office. And surprisingly, I always you know, my my my, biggest fan for the podcast, I was checking with her as we're you know, I'm heading out the door and getting ready to record. She asked what we're recording on today.

And I said, we're talking about cloud versus on prem, and I said it just like that. And I expected her to look at me blankly and say, what the fuck are you talking about? And she said something to the effect of I wish I could quote directly. Well, that, that sounds interesting. Like, what?

So when I talk about passwords, it was like, oh, fuck. I'm not listening to that. Cloud versus on prem, this is what apparently got got the attention. I'm like, how what do you mean? She said, some and again, I'm I'm paraphrasing something about, I just wanna know what it means.

Like, what is what is cloud Everybody wants to

know what a cloud means. Right? What is a cloud?

Well, I mean okay. Do you guys remember back in the day? I'm gonna date myself. Microsoft, This was still in the days of on prem, and we're gonna get into what that means, Microsoft Exchange Servers. And Microsoft is really pushing the cloud movement, And, you know, it's the biggest buzzword, and it was the dumbest commercial.

You've got people in an office in their suits and ties and their little briefcases, and they're running around the office frantic about whatever they were working on, and they didn't know how to solve the problem. And then somebody would say, to the cloud.

And then I'll jump up,

and that was the answer. They had the solution. And I'm like, what in the hell are they even advertising? They never said what they were advertising. It really was like OneDrive or something like that.

I don't know. But now we're sitting here. And when was the last time either of you set up an exchange server?

Never. Not not in 20

It hasn't happened in 8

years ago?

Yeah. Definitely more recent than 20, Mario, but, it's been a while. You haven't really done them in 20 years?

Set one up, you know, from Yeah. Yeah. No. From scratch. I did take on I did take on ones with it in place.

Okay. And Okay.

And, like reinstall.

Yeah. And we always and we always, like, not that exchange server has to go.

I went kicking and sprint, yeah, kicking and screaming. I hated that change. I really enjoyed managing the on prem exchange servers. I'm a masochist. I don't know.

But I did like

it. Thing.

No. I I was not happy. I was not happy about the transition. And I'm I mean, again, I'm getting ahead of myself, but, they're more expensive. The Office 365 is so much more expensive than even the Exchange cert, they were expensive to buy and set up and maintain, but not compared to what we're paying now for, you know, a sizable organization.

Anyway, let's let's, let's not get ahead of ourselves too much here, and we're gonna jump in with a quick introduction. I I try to roll the dice to see who goes first. And I don't know, Mario, if I've had you go first in a while. So go ahead and tell us about yourself and then Brian, and then I'll I'll wrap it up.

Yeah. So, Mario Zaki with MasTec IT located in, the tri state area in North Jersey, right outside of Manhattan. Been saving the world one computer at a time for 20 years now. Alright.

20 years. I think last week was your introduction, if I remember right. Or introduction. Your, your anniversary. 20 year anniversary.

Alright, Brian. Tell us about yourself.

Yeah. Well, I like to say that, B4 Networks is, our client's guide through all the challenges in dealing with technology. We help business owners and business operators to reduce the amount of frustrations that come with dealing with technology. And, if they if if if anybody's having those challenges, you know, sort of let us be your guide to getting 1% better every day.

Alright. And I am Justin Shelley, CEO of Phoenix IT Advisors. We do work in Dallas, Fort Worth area as well as Northern Nevada. And as I like to say, soon conquering taking over the world just like Pinky and the Brain.

Just not just not Niagara, Ontario No. Well Northern Ontario.

I'll stay up. You guys are a long ways away. Damn it. I had something to say and you, you threw me, Brian. You threw me.

Damn it. Anyways. I know. Always. I had something really witty to say.

It was so not important. It pertained to nothing, but I was gonna say something. Thank you. Alright. Yeah.

No. It's okay. We're gonna we're gonna just move on, and let's let's talk some shop. And, so I'm I'm a business owner, and you guys are sitting here trying to pitch me on, your services. And I say to you, I I wanna move to the cloud.

What, what's what's your answer?

Which cloud?

Well, first of all, yes. My first question is why? Because Okay.

I love that. I love that. Yeah. Because because really this is and that's kind of what I wanted to start with is like cloud versus on prem. This is irrelevant at when we first start having the conversation.

This is not where we should start a conversation ever when when we're looking at solutions to a problem. What's the problem? What are we trying to solve? What are we trying to accomplish? What's the outcome we're looking for?

And then we can work that backwards and find out how we're gonna get there. So, I I really wanna stay focused on that because we are gonna get a little bit technical today. Some of our our business owner audience might, they might their head might be nodding. I hope not, but, you know, trying to stay out of the weeds, That's that's really where we're gonna we're gonna start and we're gonna end with what's the outcome we're looking for, and then how does this all fit in. So, let's let's get started with just in general.

We'll we'll go over some definitions. And, Mario, why don't you start and just just explain to me as, you know, you're you're out on a sales call with a new prospect, and and I'm like, hey, what Why does it matter? What's the cloud? What what does it even call it? What does it do?

What does you know, like, help help me understand.

So essentially, it's you you're taking whatever, software you're talking about and you're taking it out of your office, out of your hands and putting it on somebody else's platform. That platform can be Microsoft. It can be Google. It could be Amazon. It could be, you know, even a vendor.

You know, some vendors will have, like, a you know, like, for example, simplest one to talk about is QuickBooks. You know? So QuickBooks, you know, a lot of people are using QuickBooks. You can have it, you know, in your office, on your server, and have x amount of computers, you know, be able to log into it, and it's connecting to your network. QuickBooks online, you know, it's sitting on their their system and they're the ones that are responsible for it.

They're the ones backing it up. And it you could log in to it from anywhere. So it's very convenient that you can be home. You can be on vacation or in the office and be able to log in to your QuickBooks. So when you're talking about the cloud, you're you're essentially taking your software and your data and putting it on somebody else's network.

And it's mostly for convenience versus price. And, you know, a lot of people think, oh, we should just go on to the cloud. It'll be will save us money. And 99% of the time, it's not the case.

Do you guys remember, maybe they still do it. I don't know. It it seemed to be way more common. I don't know. We'll call it 2 decades ago, where you would be discussing usually Internet providers.

What kind of circuit you're gonna get? And especially if you had multiple locations, your your ISP would come in and would say, okay. Here's office 1. Here's office 2. Here's city 3, you know, like, you've got all these places and we're gonna put in a t one circuit here, and we're gonna put a DSL circuit here, and then we're gonna put in a just pot signs over here because you're out in BFE.

And do you remember what they would draw in the middle of that?

Cloud.

Cloud. Right? And all it was was this is shit you don't have to worry about. Alright? This is where we take over, and all you really need to understand is that your connection goes from this building to this building to this building, and it's gonna work as if you're all in the same building, but you're not.

And and they just, like, just did away. The cloud was like an eraser. It's like, don't worry. Don't look behind the curtain. And They

that's where it came from. That's the concept of the cloud came from.

Right.

I always treated the Internet like the cloud.

And then it became like this buzzword.

Yeah.

And like that stupid ad from Microsoft. My god damn it. You guys are your your most brilliant minds and that's what you came up with was running around in your suit and ties into the cloud. So I mean, like what you just said, Mario, I could actually just take a a server and put it in my friend's, my neighbor's house or whatever and access that data, and that could be technically called a cloud service. So, now now let's bring it a little bit more specific.

And, Brian, I'm gonna punt this one over to you. What are some cloud services that we use on a daily basis that we may or may not even consider to be cloud services?

Yeah. So prior to even getting into there, it's probably important to understand that there's a big difference between having a cloud server and having a cloud application. Right? So what I'm gonna be talking about now are more cloud applications. These are applications that a a vendor has made available to us.

So quickly, we've got QuickBooks, Xero, Google Gmail, Office 365 email, Word online, Excel online, all the whole entire Office suite that's online would be considered a cloud application. You've got things like, what do they call those? Like, CRM systems like Zoho and Microsoft Dynamics and those type of applications. Those are all considered cloud applications. So I don't know if you want more

No. That's that's that's fine. One of the my favorite examples when I'm trying to explain it. I mean, it again, today, I think generally speaking, people have a better understanding. But I used to always tell people, like, just look at Google.

You know, your Google search, that is a cloud service.

Correct.

Now, like I said, with everything, if it's free, Google's free to use, then guess who the product is? You, everything you type into Google, they are selling. Now, okay. So we have and more and more, honestly, this conversation is becoming less important because the on premise stuff is almost going away. So let me let me switch that a little bit, and let's talk about some equipment, some software, some applications that is still on prem that we need we need to worry about.

And either of you guys go, just like, let's just just talk through this. What is still on prem and relevant today?

So I would say that primarily the things that we still see that are on prem, are a combination of a few things. 1, a lot of CRM softwares, or ERP softwares are still considered on prem. So the main application, I guess, that that clients will use to manage their inventory, manage their software, manage their their entire business, Oftentimes, we'll find that on a server for larger organizations. Files, especially folks who have large files and need accessing that data very rapidly. Example, engineering firms with CAD drawings.

We're finding that still hosted on an on prem server. And, lastly, just a lot of times, not not in every case, but a lot of times things like, print services and, like, clock machines, time clock machines are all reporting into a server. And so oftentimes those will still be utilizing a server. But a lot of the applications now are even in those cases are are slowly going cloud as well.

And and I want again for well, first of all, Mario, did you have anything to add to that?

No. The the the that's I mean, a lot of a lot of these vendors are have their ways of putting, you know, the their their software on a on a cloud server or on their system because it's a monthly recurring revenue from them.

Yeah. Yeah.

There's an Like dentists yeah. There's dentists who still have a cloud like, they're an on prem, system for their their management of their schedules and their x rays and things like that. I think a lot of those are half and half now, and doctor's offices, again, half and half. Some of

the things are now cloud, and

some of them have moved on. Offices, again, half and half. Some of the things are now cloud, and some of them have moved on Well, sir. Or have stayed local. Interesting point on doctor's offices

is that a lot of times

they have to maintain

medical records for the previous seven. And so while they may And so while they may have moved to a more modern hosted platform, for their EMR or EHR, they still have to maintain an older system that is up and running on and on prem server. So that that's one that I I get to deal with quite a bit. What about active directory? And this is gonna get a little bit technical.

We'll try to keep this high level. And I bet we could duke this one out, between the 3 of us. Active Directory, which is and just let me describe it first is just, you know, what your computers log into. So it's when you type in your username and password, it authenticates you. It says, yes, you are who you say you are and then decide what you can access on your local network.

That's in a high level what Active Directory does. Do you guys still do that on prem, or do you push that out to Microsoft's whatever they just renamed it to? It's not Azure Enter enter ID. Oh, yeah. Yeah.

We're half and half. We have half of our clients that are are are now pretty much a 100% cloud, and we're seeing more and more people where there's no longer a rational requirement to have a server on-site for any other purposes moving over to, essentially cloud everything, meaning that their computers when you get when you you signing in, but it's authenticating via the cloud. And the other half are either Azure joined or whatever, you know, like like a hybrid. They're they're both they're connected to both, in the sense that they have Office 365 and and, you know, their their their users create a one, migrate to the other, so on and so forth. And a very, very small handful are just using, the local authentication, which is a local server.

But in most cases, a small business today, unless they have an absolutely requirement to have a server, and Internet connection is good, then we're we're recommending that they just go cloudless or sorry, serverless and and just, you know, connect their computers directly to a 365 environment.

Mario, what do you

say? Yeah. It's pretty much the same thing with us. I would say we're more towards the on prem than the than the cloud. We're more a little more than 5050.

We're probably, 6040. Yeah. But, you know, and even when it's, like, very like, it depends on the the amount of users and stuff like that and what they wanna do and what they already have in place. If we're setting somebody up from scratch, you know, we would go cloud. But because, you know, to to purchase hardware and to maintain it just for active directory, it it's just not cost effective.

Okay. So let's dig into this one because I think this is a good topic where we can go through. So some of the some of the points we wanted to make today was, the security implications, compliance, you know, regulations that apply, the cost upfront versus long term, which we've kind of dabbled in, various integrations. So if if we were to look at and and we can bring everything in, but I just wanna talk about active directory because I was hoping that you guys would do exactly what you just did. And Brian, you're like mostly cloud.

Mario, you're still maybe leaning a little bit more on prem. I fall into the on prem camp for my own reasons. I mean, we do both, of course, but like if I just had to choose, I I still there are things I love about on prem. So let's let's dig into this, and let's just kinda hit these one at a time, and and control. So, Brian, you wrote that one in as a topic.

Tell us a little bit about what you mean by that and how that applies in this case.

Well, from a control perspective, it's just that when you, take anything and move it to the cloud, you lose a certain degree of control over that thing, whatever it is. So, typically, the first thing you lose control over is the underlying infrastructure, the underlying hardware. So you no longer have the availability to manage the hardware and or, and you probably don't want to in the 1st place. And if it's a cloud server, meaning that you're just taking your server, moving it to the cloud, then you're still responsible for, you know, the operating system and and and maintaining those things and the applications. But if you're going with a cloud application, for example, QuickBooks, you no longer have to worry about those things, but you also lose the control of being able to be on an older version.

Right? And so you're now being forced along with whatever updates the cloud provider is making, and you're sort of locked in. You don't wanna move to the newest version? Too bad, so sad. You're moving to the newest version because they're moving their cloud to the newest version, and you're gonna have to go along with it.

And so a lot of people I know, they're like, oh, we'll just stay on QuickBooks version, you know, 202020, and we won't have to upgrade. And then you get used to it, and then you love it, And all of a sudden, you have to upgrade, and it's this big big change and everybody, you know, resistant to change. You don't get that ability with cloud. You they put out a new feature. I'll give you an example.

We use Xero for our accounting software, and they did some changes to the reporting. I hated the changes they made to the reporting engine. I hated it, but I'm stuck on it. Like, there's nothing I can do about it. I have to use their new reporting engine.

Right? And so that's the kind of control I I was referring to that you lose that some of the control when you move things to the cloud.

I mean, it works the other way around too. Sometimes people feel like I, you know, by paying this monthly fee, I always have the latest and greatest. You know? It's like almost like trading in, like, your phone every year. You always get the latest and greatest.

Which is yeah. Which is good.

And and I mean, there are advantages to that as well in the security world. Right? So let's kind of move forward into security where where this is concerned. Again, we're talking about active directory, but we're also kind of including everything, under the umbrella. You know, security implications of on prem versus cloud.

Are there any? Do you guys wanna hit that for a second?

Mario? Yeah. I mean, well, on prem, like Brian said earlier, you have to maintain your you you know, with updates, you still have to put, like, a antivirus on there and other security. So you have to maintain it. You have to back it up and and stuff like that.

So, you know, it come, but you have control.

Have you guys ever done a, like, a discovery meeting or a a the initial analysis and found an on prem server that, needed updates run on it?

Oh, never, Justin. Never. Because I I never have either,

and that's why I was asking. But if you were to find that a server wasn't running updates, that could potentially be a a security.

Oh, no. Like, I was sarcastic.

Oh, I know. I know. I'm playing with you too. I guess we better clear that up for the audience because okay. Let me let me ask the question the right way.

Have either of you ever encountered a server in a discovery analysis that was fully up to date? Have you ever seen that?

I have, actually. There's a couple MSPs in our area that are pretty decent, and and Okay.

I have I've never seen

it. Days.

I've never seen it.

The the the problem becomes is that with a with a with a desktop, you can pretty much automate the the updates. But could you imagine your server updating in the middle of the day? I think people would get a little frustrated that their server just,

you

know, all of a sudden randomly rebooted. And so in most cases, it has to be done after hours and it has to be done manually because you have to verify that it comes back online, and so servers don't update themselves. And a lot of people will buy a server and then sort of just, oh, it's there. It's a box, and it does its own thing, and nobody has to look at it. But that's not the way they work.

Right? Somebody has to be looking out for that. And the longer that goes without an update, the more susceptible is to security, and that's where sort of a cloud based solution typically that if it it's obscured, meaning that you don't have to worry about that portion, but then you're also trusting that the vendor is doing their due diligence. In in some cases, they are. In most cases, they are because they'll usually have some form of compliance.

But you're abdicating that responsibility at that point and then trusting you

know,

you know, there's pros and cons to all of this stuff. But when you the the negative where security is concerned, yes, you've gotta do the updates. You have to secure your perimeter. You've gotta make sure you've got a good firewall in place. You've gotta make sure you've got good antivirus, anti malware, anti ransomware on your server, and somebody's gotta manage that and oversee it.

But you also are a smaller target. And so one of the fallacies in this is that you think that if you move to a big name like Microsoft, well, they've got all the resources, they've got all the skill sets, They're going to maintain this thing, and they're never gonna get hit, but they're a huge target. You know, it it wasn't that long ago that Microsoft was out. Right? You know?

And it'll be different components.

On it. You still have your responsibility on it. With 365, you should kind of have set it and forget it. You still have your responsibility, your portion But

let me come back

to that. You're right. Because there's a

shared responsibility for security.

But just as far as availability,

they're a bigger target, and they go out whether it's hardware or misconfigurations which happens. I don't remember. I think it was, Azure or, AWS a year, 2 years, 3 years ago where somebody just checked a box or didn't check a box and took them down. Right? Like, it's this is all just some internal dude screwed up.

So and then when they do go down, the the reach is huge. It causes massive problems, and you have no control over it. So, okay. But but do go ahead and talk about the shared responsibility, Brian, because that's another big one. And I know we've touched on a lot of this stuff before, but let's say that part again.

Yeah. So all all things, cloud or not are are are shared responsibility make. Right? You can't just abdicate everything. For example, with Office 365, you can set it up without 2 factor authentication.

But should you? No. There's probably about a100 plus, maybe up to 200 now controls that you can configure in Office in in Microsoft 365 solutions that you ought to configure and ought to set up. And if you're just setting up an account, they're going to set it up as secure as they can without impeding or, you know, making it difficult to utilize because they don't know your use case. They don't know how you're gonna use the system and so they can't completely lock it down.

And so there's a lot of things that are left out up to the individual organizations to configure. And if you don't have somebody actively keeping an eye on that, it's not being done. Right? So and the and the other piece is the provider is responsible for the underlying infrastructure, but you are always 100% responsible for the data that is on that infrastructure, meaning that Microsoft and and Google and all these cloud applications and cloud service providers are always going to say, we're necessarily our problem. Right?

So something comes in and somebody encrypts all your data through a a legitimate user that that's accessing the system. You may be able to recover some of that, and and you may you might not. They're not backing their systems up for you to be able to have granular access to your data. They're backing it up for disaster recovery purposes. And so you may or may not have access to past data, you know, beyond maybe 30 days.

So you're responsible for backing that up elsewhere in most cases.

I saw a live demonstration not long ago. Well, actually, it was a little while ago, where they showed it was just a proof of concept where they showed a ransomware type encryption of Office 365. I know it's Microsoft now, but back in the day, this was just just email, and they were able to go in and encrypt all of the emails. So imagine not having access to your emails, period. Right.

Historically, inbound, everything was encrypted and and gone. Mario, I think

I got you. No. No. So, we we're talking about just about, like, Microsoft 365, but there's, like, other cloud stuff that, you know, like, I am sick and tired of hearing when we go to a prospect and they're like, oh, yeah. We're on the cloud.

We're good. We're secure. No. We're like, okay. Show me how do you know that you're secure, you know?

Like but coming back to 365, like, one of the things that, like, out of the box, they don't enable that is very critical is, auditing. You actually have to turn on auditing to see what the hell has happened in your organization. You

know? Never mind that the higher security auditing is a paid service on top of it.

Yeah. Yeah. So, like, people think that just because they're on some sort of cloud in a lot of times, it'd be like they took their server, they took an image of their server and put it on to, like, Azure act you know, Azure, like, hosted server. And I think just because it's on Microsoft, it's it's, you know, secure as there could be. And that's far from it because it's still exactly the same thing as if it was on your office, it's over there.

You have to maintain it. You have to protect it, if not more. You know, because now it is sitting on a public accessible, you know, system that if not configured correctly, anybody could log into it at any time.

Right.

So I'm sick and tired of hearing, oh, we're on the cloud. We're secure. I hate when I hear that.

Yeah. See

it. So, I mean, do you still hear that on a pretty regular basis?

Yeah.

I used to hear it all the time. I don't so much anymore. I'm not saying never, but I that has tapered off a little bit for me. So that that that's an interesting point. And I can tell by the energy with which you say that that,

Yes. It's

This seems pretty recent.

Yeah. No. I mean, I like, honestly, like, probably every, like, 2 months, we'll get somebody that says, oh, yeah. We're on the cloud. We we we should be good.

We're fine. No. We don't need this network assessment. And then we're like, okay. Let us let us show you, you know, and then we'll come in and be like, oh, I'm gonna have to have a talk with my my IT guy.

You know? I'm like, this is also be be secured. And I'm like, it can be, but it's not.

And I would argue it can be to an extent. You know, you we're not gonna get anything to a 100%. I I wish we could. I used to actually So, So, you know, we can't get to a 100%. Yeah.

I I don't know. I I think no. I'm I'm gonna get us off track if I go down that rabbit hole. So let's let's just keep moving forward. So we're we're still kind of using the active directory, but we're we're bringing everything else into the umbrella.

Is are there any compliance implications that either of you know about as far as, I mean, active directory, but others as well on prem versus cloud?

Yeah. Absolutely. For example, when you have it in house, you're essentially, your data is living within the the country that you reside in, the country that you're operating out of in most cases, I would imagine unless you're a multinational organization. When you put it out to the cloud, you don't always necessarily know exactly where that data is gonna go unless you ask. Right?

So there are certain industries and certain compliance and or or, requirements for certain industries that the data has to be housed within the country that it is being utilized in, or or or the data is being collected from. And I don't have specifics. I'm I'm not a compliance person, but I do know that in some cases, for example, medical health information or department of defense typically has to reside in the country where, you are dealing with that organization. So if it's a hospital, the data has to live within the countries that that particular country in most cases, versus, you know, if you put things in a, you know, for example, with Microsoft, you could potentially have it, saving in the US and Canada, maybe in in Ireland. And that data could be in multiple areas.

You have to specify where you're gonna want that data. So that's the only part that I would immediately come to mind then with with regards to where the data resides. There's obviously other compliancy issues, but I'll leave those to the 2 of you.

Mario, do you have anything on this one? About where your data sits? Just compliance in general verse where we're talking about on prem versus cloud hosted.

Well, I I do know, like, certain things when you're you're talking about cloud. There's a different amount. There's a certain type of checklist you have to go through. Like, for example, you need 2 factor authentication to, like, log in to certain cloud, you know, applications where if it's on prem, you know, like, for example, like, QuickBooks. You know, if you're gonna use QuickBooks online, they force you to set up 2 factor authentication where I don't think you could even do that on an on prem QuickBooks software.

Some some systems I've seen will require you to have, like, like your IP address information. You know, we do, like, some phone systems with, like, the FCC and stuff like that. A platform that we use, we have to have our IP address provided to them. And, you know, if we don't have a static I IP address, which just means, like, your IP address will randomly change by the Internet service provider, we wouldn't be able to get in. So it was when we signed up, we at the time, we we didn't have a static IP, and we would have to, like, email them, you know, our new IP address.

It was, like, every couple months, but then we're like, this is a pain in the ass and we got a static IP. So, you know, if I try to log in from home, I wouldn't be able to do it. I I could only log in from my office. So certain compliancy of, like like that is is is required for things that I that come to my head right now.

Yeah. I can add another one, and that is that, depending on what type of underlying compliance you have, HIPAA, CMMC, you you name it, the ISO standards, you may have to check with the vendor that you're dealing with, for example, the cloud provider. If it's a smaller one and, you know, not one of the larger ones, even the larger ones, you probably wanna at least know, do they comply with those requirements as well. Right? Just because you're you're hiring a a outside party does not abdicate your responsibility to make sure that those providers are also compliant with the underlying compliance requirement that you have.

Right? You you so for example, if you have a CMMC requirement, and and I'm not an expert in that field at all or a HIPAA requirement, when you're dealing with these cloud vendors, they also have to have those those those certifications or or whatever that may be, not necessarily certification, but they're that they have to be compliant as well if you're hosting their data your data there.

On the healthcare world, it's called a business associate agreement. And yeah, it basically anybody that touches your data or has access to it, or could potentially have access to it has to, or, you know, the the medical provider is is required to have an agreement with them where they state that everything is and and they have to be HIPAA compliant. You know, if they're if they're handling those records, even though they're not handling patients, they're not doing health care work, they do also have to fall under you know, they fall under the HIPAA compliance rules. So, it it can get pretty messy. And so, you know, this might be one case where it's a little bit simpler to keep stuff on prem in the health care world, because everything that you push off to the cloud, technically speaking, you're supposed to have a BAA in place with that provider.

And then who knows how many people that they're doing business with? You know? So it it it can get a little bit complicated that way. So And

that includes all providers. Backup too. Right? So they're backup providers.

Exactly. Yeah.

Right? It's not just the one that's hosting your e AMR. You also have to you know, whoever's backing it up and maybe the IT provider who's taking care of both systems, they also have to have it.

So Yeah. But that also works both ways too because sometimes, you you know, if you're with a like, an IT company or an MSP, if you're not holding any data in your office, you get to pass along some of those compliances.

And If you have access to it, if you can see it, if you could accidentally see it, you know, if you're remoting into their computer and you see their screen.

Yeah. I mean, like, for for backup. Yeah. But yes. Right.

Right. A backup company that that's all they do in the back, and the data is encrypted in transit and at rest. Yeah. But even so, so this, I'm not positive, but I I think that you would still have to have the agreement that simply states that. So, yeah.

And I I don't I don't know that any of us specialize in compliance, but we all work with it. We all dabble in it. You know, I I do a fair know who do. Yeah. Yeah.

For sure. I do quite a bit in the health care world, so I'm I'm exposed to it a lot. And it does get it can get it can get pretty sticky. To do everything exactly right can get very time consuming and very expensive.

So, like, PCI compliance, I know if you have, like, a credit card machine, if you're just accepting a credit card, accepting a credit card, you have to be PCI compliant. If you're accepting like, for our system, we we you know, our software lets the user enter their credit card information from their office. We never receive it. That allows us, like and we we have a yearly, PCI, like, audit. Every year, we were able to say, okay.

We don't hold any data. We we're not taking any credit cards. So we we get to pass along some of the compliance stuff along to our website vendor or, our MEM system actually. Right.

Alright. Enough about compliance. Let's go let's talk about money. Let's talk about money. We did, we did a full episode on money, return on investment.

You know, and I know early on this was another one of the big pushes for cloud was that it's cheaper. That is not true in in a lot of ways. And and part of it is this idea that we've already touched on that, well, I don't have to maintain it if it's in the cloud. Wrong. You know, I I'm not responsible for data backup specific in the cloud.

Wrong. I mean, there's it actually becomes more complicated and harder to maintain, harder to secure. And and then you have overall, like, long term cost versus the initial upfront cost. So capex versus oh, god. I just fucked that up because I I I drew a blank capital expenditure.

What's the other one? OpEx. OpEx.

OpEx. OpEx. Yeah.

Yeah. So I mean, then it can be there are reasons to go both directions, but if you just add up all the costs, usually, it's gonna be more expensive to go cloud versus, you know, versus upfront cost. Right? And so you guys check my math on that.

In in most cases, it's it's it's definitely more expensive to go cloud. There there are some rare exceptions where, know, for example, if you had 2 users, 3 users, 5 users that needed Office 365 for email, you're definitely not gonna wanna set up an internal server, an Exchange server, and license it and back it up and, you know, you're you're probably looking at, you know, 5 5 to $10,000 just to get started versus, you know, Office 365, which is gonna be, you know, 30 bucks, 40.40 bucks for for all of those, and even adding backups, maybe you're at a $100 rate for for per month. But in most cases, when you're looking at cloud anything, the the cost goes up significantly. And the trade off is is that with cloud, you have redundancy, you have geographic redundancy, and in many cases, you have higher, potentially higher uptime, and and you don't have to do all of the maintenance yourself, but that comes at the cost of dollars. Right?

So these cloud providers have to make money. So they're paying for the hydro. They're paying for the for the cooling. They're paying for the location. They're paying for their hardware and software.

And so, you know, there's typically, the cost savings aren't going to be very great, if any. Usually, it's more expensive because of that because they're they have to make a profit on top of all of that versus you buying a server, amortizing it over 36 to 48 months and paying a much smaller overall, initial investment if you, you know, lease it or whatever. And then the cost may may maintain, if you outsource to someone like us, then it's also a fixed fee. Right? So

I had a client. This is this is going back probably a good 10 years or more. And they insisted on moving to the cloud, and they had they probably had half a dozen servers, you know, and that was back when more things were were running on prem. But one one or 2 of their server applications, you couldn't move it to the cloud. There was no true, like, web hosted or vendor hosted service, but they didn't wanna buy a new server because it's, you know, servers are expensive, 10, $20,000, whatever we were looking at.

And they just insisted on going to the cloud with this. And I'm like, you don't understand. We still have to buy the software. We still have to license it. We still have to do all this stuff.

And on top of that, we have to rent, either a Rackspace and put your own server there or, you know, you're renting space on somebody else's server and the costs were were prohibitive. I mean, it was it was absurd how much more it was gonna cost to do what they thought was moving this to the cloud versus keeping it in house. Now that's those are days gone by at least for the most part, but we do still find a lot of, programs that have to run on a you know, you have to run your own instance. And in that case, the cost I I've never seen a cost comparison where it's cheaper to go to the cloud.

Not nothing comes to mind off the top of my head. Nothing significant.

I don't know, like I said, like, the small companies who wanna do 365 or or QuickBooks or

Right. Right. Yeah.

Well, even QuickBooks now now when it's on prem, you have to buy the software, and they charge you a yearly, a yearly license fee as well. You know? So it's like, what's the point? You know? I and they they've almost made it cheaper to go with QuickBooks online than than than Yeah.

Because if they're gonna charge you, I think it's, like, 2.99 a year, like, $299 a year, just to have the license on top of what you've already paid for. It's almost cheaper to go with the the cloud.

Oh, no. It's not. QuickBooks online just charged me a $150 for my, very small license. They are they are it's way more expensive to do cloud, but and when we're just talking about QuickBooks. But here's what I'm gonna say in favor of that.

And we did a whole episode on cheap, right, on on cost effectiveness and return on investment. And back in the day when you could buy a a QuickBooks license for 2, $300 a year and then never touch it, support was horrible. In fact, it was almost nonexistent. And and I remember it was it was just said in our office, if you've got to call QuickBooks, do it at lunch, and then you're done for the day. Like, you're not gonna touch another thing for 4 or 5 hours because of the hold times and everything else.

So, the advantage, yes, it does cost a little bit more, but goddamn, how much time are you wasting with out of date software or poor support and these software companies? Like, guys, it's expensive to develop software. It is so expensive. Have you guys ever written code, either of you?

I mean, Michael.

A long time ago in college, I did.

So not I mean, it's it's again, it's been a while. It's been 20 years. But I actually from the ground up, I built, an auto dialer. I don't know what it was an appointment reminder system for doctors, and I would I would they would upload a file, usually a text file, which sucked, preferably a CSV file, which was way easier to parse. And then I would pull the extract the information out of there, the patient name, the phone number, the appointment date, and and I had this great big card.

I had a server that was hosted in a, you know, a in San Francisco data center, and I had to plug 4 analog lines into the back of this thing at the, data center. I mean, this thing was a disaster. It was a mess. It was but this is like 2,002, 2003. I thought it was a shit.

I mean, this is high-tech for the day. But, anyways, I when I finally gave up on that project, I had paying customers. It was working, but it had some glitches. I was spending so much time just troubleshooting, like, just debugging the thing that I had written, that I finally had to give it up. This is one person developing one piece of software, but I'm just saying when you've got these complex programs, the development process, the investment is absurd.

And then when you wanna add support staff on top of that, I mean, we can complain about this stuff, but until you understand understand how it's developed and how it's supported, I mean, at that point, you do understand why a subscription is actually a better model. It is better to pay them more money and allow them to develop good software and to support it and give you good support. So I'll do that all day long. I will pay I I probably pay 10 times as much for QuickBooks now as I did when I hosted up myself, and I'm thrilled to do it. I'll do it all.

You wanna hear a funny story, Justin. You're it's funny you say that because last year or actually, I I started developing this, and I didn't do it myself. I hired, some some people overseas about 4 years ago. And we I I, you know, created this company called Unlimited Reminders. You know, the website

is below.

And it was a it was a reminder system for doctor's offices that used our phone system. And it took, like, a year to finally get it working, but it was still glitchy. And about $200,000, you know, that I sunk into the system. And I had some paying customers and stuff like that, but it it would cost me more to hire the guys or maintain the guys to fix and maintain the system than what I was bringing in from the customers. Yeah.

So $200,000 later, I decided I'm like, you know what, guys? I'm gonna finally pull the plug and, and sunset the system. And last year is when I actually sunsetted it and moved on. So it's funny you said that. Well, I mean, is,

oh, come on.

Where where where

is this it?

I'll look. I'm looking

at my

new stuff now.

Googled. Is this it?

Yeah. That's it.

Nice pricing. Now I'm just gonna I'm just gonna $95 a month. I mean, yeah, this is this is kinda cool. But, okay, so all that stuff you did by outsourcing, I'm just telling you, I did this as a one man, like, just me writing code in sleepless hours in the middle of the night. And do you remember how many thousands of lines of code you had when you stopped?

Oh my god. It was it was ridiculous.

And it was pretty bad.

You know, I'm, you know, not nothing against anybody, but I I outsource it to people overseas. And goddamn, that thing was was annoying.

Oh, I Yeah. This is, I I love coding. I love writing code. It's actually if I could do that and nothing else, I would. But it's so expensive.

It's so time consuming and so difficult. I never found a way to make money out of it. I did back in god, we're so far off topic. But when I I I started my company back in 1997, I ran for, you know, a number of years and then got out of it, went into aviation for a while and then came back. So both times that I was in business, you know, the both the first venture and the second one, I wrote my own ticketing system, web based ticketing system, and I was just, which we now call a PSA.

And then I was just dabbling in building my own RMM when somebody told me that this stuff already existed. And I had no idea because I I just started developing before I, before I ever looked into it. The first time around, I know I was, doing it and nobody else was out there doing that because that was like 1999. Second time around, I was I was just ignorant. But again, bringing this back, and I'm gonna try to tie this back to something that matters on today's topic, is the the security, I hadn't even contemplated.

As I'm building out, I was the ticketing, okay, that's one thing. There's no financial information in there. There are problems with that, but, the RMM that I was starting to develop, I hadn't even contemplated security back then. I'm just trying to figure out how I can easily throw out some scripts, some command lines, whatever. God, I'm glad I got out of that business.

So alright. Alright. Back on track. Back on track, guys.

Phones. Focus. Folks.

I I need that ADD medicine we were talking about before we got on the call. So let's, and we're, I guess we're we're coming up on an hour here, guys. So let's let's start winding this down, cloud versus on prem. I think if we just started well, let's let's just go around the room and do key takeaways. If we were to summarize this whole thing down into a few sentences, what would that look like?

And I usually throw this guy to you guys without giving you time to think. So I'll start, and then we'll go Mario and then we'll go Brian and then we'll we'll wrap this up. But if I were to just have a conversation with a client about on prem versus, cloud based, and we I'm gonna restate what we started with is we would never start with that dialogue. I'm never gonna get into the weeds with how we're going to accomplish something and tell me know what the hell it is we're trying to accomplish. Alright?

The the second point I'm gonna make is that for the most part, on prem is a dying technology. It's there there's so many things that used to be primarily on premise that is now that's not really even a viable option to do on premise. Exchange Server is a great example of that. And then 3rd, where we talk about money, I'll come back to what we said in our our previous episode on, ROI or whatever the title was, I forget now. I would much rather spend the money it takes to have this done right than to try to do it the old cheap way where we're not updating and I can yeah.

Yeah, sure. I can stay on an old version of QuickBooks for 5 years, 7 years. But what is the real cost to doing that to not updating in both security and productivity? So, I love QuickBooks online. I'm not trying to pitch that.

I'm just saying that it's more expensive, but I prefer that to the the headaches that I used to deal with with the, desktop version. So that's my key takeaway. Brian, why don't you go ahead and go next? And then, Mario, you can bring us home.

Sure. So my key takeaways are, I'll I'll mimic a little bit

of what

what, Justin said. You know, it's it's never gonna be a conversation where we start off going, I wanna go cloud, 1st and foremost. It's always, customized based on what the client needs and what their their actual requirements are and what different pieces of software and hardware and and and requirements are. But beyond that, I'm a pretty big proponent for going, cloud if you have no other requirements for on prem. If there's no reason to be on prem, then for me, some of the benefits outweigh the of cloud outweigh the cons.

And one of the big ones we haven't talked about were the integration components. Right. So for example, with QuickBooks Desktop, pretty much not integrating with very much of nothing. Right? But with QuickBooks Online, you can integrate it with ERP software.

You can integrate it with payroll software. You can integrate it with, you know, imaging software to look at your receipts. You can integrate it with all your bank accounts, so on and so forth. So there's a lot of integrations that could potentially happen with cloud, and I look at those. I look at all the different ways that we can save time by automating and integrating, all the different products together.

And if it makes sense to go on on a cloud solution, then, you know, we'll definitely go that route. But if it doesn't make sense for the client and for their particular use case, we will never push cloud. It will always be whatever that that client requires and that client needs. And so some cases, I go, you know what? Yeah.

Let's let's go cloud. In other cases, I go, yeah. No. It's not gonna happen, especially when Internet sucks. If you have a rural area and Internet's terrible, on prem all the way until until they fix that.

Okay.

That's it.

Mario? Yeah. So, I mean, for me, the biggest, like,

take you

like, takeaway is it it's convenience. Right? Are you one of those companies that, you know, you have 30 employees, and they all work from home, and they need to be able to access the same things ongoing and stuff like that. You don't have, like, a headquarters or a main office that you could even put a server in. A situation like that, you have to go cloud, you know, otherwise, what are you gonna do?

You're gonna put it in the owner's house? He's not gonna want that. But if you're like a 3 user company and nobody ever works from home, you know, you you don't want you know, you're on a budget and something like that, you you know, it's going, you know, on prem. You know, it's an initial investment. But usually, the way we say it is, like, you know, on average, your break even mark is somewhere between 6 to 8 months.

You know? If you buy a server versus hosting it somewhere, your breakeven you know, by actually buying and paying upfront, your breakeven point is about, you know, anywhere between 6 to 8 months on average. So it's more the convenience. You're paying for the convenience. You're paying, you know, for not having to worry if your building, you know, loses power or loses Internet.

Now all your employees are pretty much not able to work, especially if you have people remoting in or something. By having it online, you know, you don't there's less worries about having to worry if you're gonna have to shut down in case of, an outage or something like that. You know, like a lot of a lot of cloud systems that we use is we we do a lot of voice over IP. So every one of my customers has a server. Now we could have in when we first started, we used to get a computer that we put in their office and, you know, we'd run their their p PBX system.

Now, you know, we just host it to a cloud solution. It cost us, like, $5 per customer to host a small server, and we never have to worry about it.

Yeah. Alright. Alright, guys. The one one more final thought, and we've already set up, but to restate, cloud and all of these, you know, different providers that we're bringing in to do these things we used to do in house makes security you know, this is a security podcast. It makes it worse.

It makes the problem more complicated, more expensive, with greater risk. So that is probably the biggest trade off to this change. There are a lot of advantages to cloud, but holy hell has security become a nightmare. And, you know, that's that's kind of like, god, we're we're doing the whole podcast on it, but none of us, I don't think, got into have criminal justice degrees or got into IT because we wanted to fight crime, yet here we are. You know, that's that's most of what we do in our day is figure out how to keep the bad guys out of the computers and out of your bank accounts, but it is what we do, guys.

This is our specialty. So, like we always say at the end of these episodes, jump on unhacked.live. You can book an appointment with any of us. If none of us are in your area, we will find somebody. We'll make a referral.

But also we got our social media links. Follow us on Facebook. Follow us on YouTube. Soon to be, I'm gonna have to get LinkedIn and have other things involved too, but, we are definitely on social media and making a bigger presence there. So, that that's all I've got.

Brian, say goodbye. Mario, say goodbye, and then we're gonna check out.

Yeah. So, yep, Brian Lachs World People Networks, Niagara area, Ontario. If you need help, you know where to find me. We'll help you get 1% better every day.

Yeah. Mario Zaki, Mastic IT. We will help you decide if you want to go on prem or take it to the cloud. Thanks, everybody.

To the cloud. To the cloud. Like Microsoft said, and I am Justin Shelley signing off for Phoenix IT Advisors. Advisers. I I started talking about money before I could get that up, because my passion has always been business, and the passion of business is to make oxygen, which we call profits.

Take care, guys. We will see you next week.

K. Take care, guys.