Resource Hub Blogs

Cyber Security: Local hosting vs Cloud

Cyber Security: Local hosting vs Cloud

/ Dan Sears


Following a colourful chart recently posted by ParentPay group, we wanted to address some of the implications and claims regarding the safety of cloud MIS. Is a locally hosted MIS really more secure? And what about the functionality offered? Before we start going through some of the specific criteria, it is important to clarify the difference between local and cloud services, as they are definitely not the same. 

Local applications or data storage mean that data is stored on physical devices such as SSDs (Solid-state Storage Drive), HDDs (Hard Disk Drive), or Computers. Cloud applications or data storage use encryption and remote access to safely store data, which can be accessed or scaled at any time. There are pros and cons to each service and users need to decide which one best suits their needs, but they cannot be compared on many cyber security aspects, for the same reason a 1990s Game Boy console and an iPhone cannot be compared. One is entirely offline and cannot be accessed remotely, while the other uses cloud/web connections to offer a huge range of features.  

Below we will consider why cyber security is not necessarily compromised by increased functionality, and why local applications have additional risks of their own. 

Website Security

Cloud services are now part of our everyday lives – as anyone who watches videos on YouTube or accesses emails online will know.  

At Bromcom, we launched our Cloud MIS solution in 2011, partnering with Microsoft Azure to provide a reliable, safe, and efficient service that can be accessed anywhere. The pros far outweigh the cons, with cloud services proving invaluable during covid-19 and with the increase in remote learning/working.  

We chose to move to a cloud product to bring our users into the new technological age and offer increased security, access, and adaptability. There are also IP and time-based restrictions, access, and permissions, single sign-on, pin codes and password policies all available within Bromcom, out of the box. 

Users who switch to Bromcom or other cloud solutions are often delighted with the speed, functionality and features available in their new MIS.  An MIS that is hosted on local servers might well give itself a top score for website security – but that’s because it’s not actually offering a web product – or any of the benefits that entails. 

Application Security

When comparing a local application with Bromcom’s Cloud MIS software, the same principles apply. And when taking Bromcom’s apps into consideration (e.g. MyChildAtSchool (MCAS), student, teacher) there are additional security points we can address.  

Taking MCAS as a prime example, school staff with specific access permissions must follow a carefully designed multi-step process just to create user accounts, which then require parents to register and create their own credentials before student data is visible. You then have the additional layer of device security, (passcodes, biometric authentication and display off timers), all of which offer conclusive examples of how secure our application is. Schools can still then control which data is visible to parents, while parents can only see data for the student they have been linked to within the MIS.  

Physical damage, device performance or even natural disasters cannot threaten cloud data, whereas a hard drive or notebook with personal data can be stolen, damaged or copied by anyone who touches it. 

Network and Email Security

These two areas are often connected with one another, as schools using a local network will run their emails through said network to offer more visibility and control in house. This is great but can have downsides, including physical server maintenance and more performance limitations. Often, schools using their own SMTP server will find that bulk emails do not always deliver, and this usually happens because server providers have a cap or stop large processes for security.

Comparing this to Bromcom’s SMTP service for example, high quantity bulk emails can be sent at once with no issues and on the rare occasion that emails do not send, our helpdesk team are on hand to investigate. Once again, to compare a locally hosted server that may not be physically secure, with a cloud server that seamlessly handles the needs of thousands of schools across the country is not very valid.  


A local application is entirely dependent on the machine that runs it, and with no internet access, is understandably less susceptible to cyber threats. A cloud application/service can connect people in different continents, running high level encryption and updating in real time. All that is required is an internet connection or even cellular data.  

Scores and rankings are subjective, different awarding bodies will come to different conclusions, and end users have their own preferences. We recommend that users conduct their own research before making any decisions or coming to conclusions. Comparing local and cloud products is like comparing Microsoft Paint with, they are so different it doesn’t really make sense.  

Bromcom benefits from our Gold Partner status with Microsoft and from the multi-layered security provided by Azure, along with the security features in our web and app platforms where information security and resilience to cyber-attacks are part of the design. We engage with specialists to conduct penetration testing against our platform to ensure our ongoing resilience. More information on Microsoft Azure’s cyber security features (including the award from Gartner recognising Microsoft as a leader in Strategic Cloud Platform Services) can be found here: Azure Security | Microsoft Azure 

Dan Sears

Dan Sears