Many jewelers are unaware of the risks associated with running outdated legacy software. This article explains the risks of on-prem systems in simple terms and equips you with the right questions to ask your provider in order to protect your business.
As the name suggests, on-premise or “on-prem” software is a type of software that is hosted on your business premises. It is sometimes referred to as “local” because is hosted locally.
On-premise software will require a dedicated computer on your business premises dedicated to actually running and serving the software program to other computers in your business. All other computers that you want to run the program are considered clients of the server computer and must be on the same local network (LAN).
Here are a few indicators that you have a locally hosted system:
Four key risks relevant to on-prem software for jewelers:
Let’s explore these in more detail together:
1. Hardware Failure: This means the computer performing server duties has an unexpected failure, resulting in all other machines no longer being able to launch the program. If this is your Point of Sale system this may mean you cannot effect a sale in your store for the duration of the outage. This type of failure is inevitable in all computer hardware, it is just a question of time.
2. Fire / Flood: This means physical damage occurs to the computer performing server duties, interrupting operations and a loss of business critical data . A common example is someone inadvertently spills liquid on the machine or there is a small “melting” event caused by insufficient ventilation.
3. Being Hacked: This means a targeted attack on your computer system by a competitor or criminal. An example of a competitive attack would be your competitor down the road hiring a hacker to gain your hard-earned customer list and buying history. An example of ransom is the theft of customers’ personal data, resulting in reputational damage for the business unless a ransom is paid to the hackers.
4. Business Continuity: On-prem POS dropped below 50% market share in North America in 2022 and at the current rate of decline will be consigned to history in the coming decade.
The owners of your on-prem service are software professionals. They know the era where they have prospered is drawing to a close, and they are directly motivated to slow down your transition to more modern solutions. These companies are unlikely to have a credible succession plan and at some point will inevitably wind down their operations. Your business will be left with a system that belongs to a company that is no longer trading.
| Risk | Impact Level | Risk Level | Mitigation |
| Hardware Failure | Medium | Medium | regular monitoring & replacement of hardware |
| Fire / Flood | High | Low | Switch to a cloud-based system (no back-ups required, no hardware) |
| Being Hacked | High | High | Switch to a cloud-based system (servers in Microsoft/Google/Amazon data centers - which run all cloud-based services - have the strongest security perimeter in the world) |
| Business Continuity | High | High | Switch to a cloud-based system (servers in Microsoft/Google/Amazon data centers - which run credible cloud-based services) |
It is a question of vested interests: unless they can evolve their services to cloud-based services, they stand to lose your business IF they admit cloud-based is the future. The unfortunate reality for most of these companies is that cloud-native skills are very different from those required for legacy systems and it would involve a total replacement of their existing workforce. Even if they are willing to undertake such a drastic change to their companies, cloud-native capabilities are in hot demand and qualified talent would be very unlikely to want to join an old-fashioned company when they have a long list of modern suitors to choose from.
Finally, consider this: In order for their claim that the “cloud is dangerous” to be right, all leading software firms - names like Microsoft, Google, Amazon, SAP, and Oracle - have to be wrong. These companies have all publicly declared the cloud is the only way they will operate going forward and have either deprecated or are in the process of deprecating legacy on-premise solutions. For example, in 2016 SAP announced it will no longer support customers on-premise solutions after 2024.
Your on-premise provider will tell you that “the internet is not safe” and that “you are safer keeping your data in your own hands”. This is dangerously misleading because the reality is that at the back of the server in your building is an ethernet cable with a blinking green light. This is how your business connects to the internet; any risks associated to being on the internet are being run by your local server. In other words, the blinking green light means the cloud is in your building, even if you run on-prem software.
The way to mitigate this risk is to measure and understand the strength of your network perimeter. The mechanism to measure this is a regular penetration test (performed by professional security testing companies) that will expose your vulnerabilities. Each vulnerability should be addressed in order for it not to show up on the next test, which requires your company or provider to dedicate many hours of expensive software engineers’ time to remedy each and every issue on an ongoing basis.
As each test normally costs in excess of $5k, plus many times that in engineering costs to address the resulting vulnerabilities, it can quickly get expensive in local area networks. By contrast, the great advantage of cloud-based systems means it is one larger network, which can be tested centrally by the provider, who can absorb the cost of both the tests and the remedy because it is amortized over many customers. This delivers a win-win for both provider and customer that is impossible for on-premise era companies to compete with - both from a security standpoint and from a cost standpoint…
The cloud is not actually in the sky, it’s very much down on the ground - in places like Utah or Nevada where competent professionals are dedicated to service uptime, incident response, and world-class security.
It is not cloud unless:
If you use cloud services, you will quickly ask yourself why you tolerated on-premise solutions for so long. Most industries made this transition 5-10 years ago, our industry is one of the last bastions for on-prem software. This article seeks to provide all the insight and nuance necessary for you to make an informed decision about your business’s transition to cloud-based operations.
You can contact your on-premise service provider and ask simple questions such as: