On-Prem Still Wins: Private Cloud with MyWorkDrive

Date November 7, 2025
Blog Main Image

On Prem File Access: Recent Outages Are a Wake-Up Call

When Microsoft acknowledged a “thermal event” in Azure West Europe that took storage scale units offline, it also warned that resources in other availability zones could be affected—proof that cross-AZ dependencies can still fail even in resilient designs, as covered by The Register.

Azure and AWS are leading examples of public cloud providers, offering cloud computing—the on-demand delivery of IT resources over a network. Public cloud providers like these enable organizations to access scalable resources and services without managing physical infrastructure.

Within days, an AWS incident disrupted popular apps across regions; as Reuters reported, DNS resolution for a core API and a network load-balancer health subsystem in US-EAST-1 were central factors, with some services needing hours to process backlogs.

These events are not arguments against cloud. They are reminders that total cloud dependence means inheriting a provider’s vulnerabilities.

“Control your data, not your vendor’s risk.”

The problem: Total cloud dependency is a single point of failure

Relying entirely on third-party clouds concentrates operational, security, and compliance risk:

  • Outage blast radius. A cooling failure, DNS issue, or control-plane fault can ripple beyond a single AZ or service. The Azure “thermal event” and the AWS US-EAST-1 disruption show how shared dependencies can widen impact, especially in public cloud environments.

  • Limited control. You cannot dictate maintenance windows or recovery sequencing. Maintenance and recovery are managed by the public cloud provider, not the customer. Incident communications and timelines live with the provider.

  • Compliance friction. Strict regimes require data sovereignty and locality guarantees that get complex when data moves or replicates across regions, especially when regulatory requirements mandate compliance with legal and industry standards.

  • Cost creep. Achieving “cloud-grade” resilience often requires multi-region architectures, egress, and standby capacity that inflate budgets.

  • Lock-in. Deep use of proprietary services raises the cost and risk of exit.

The insight: On-prem still anchors resilience and compliance

On-prem infrastructure remains a cornerstone for private cloud security and governance:

  • Custody and control. On premises servers provide direct control over storage, uptime design, and failover playbooks.

  • Native permissions. NTFS ACLs and existing groups remain authoritative.

  • Data sovereignty by design. Keeping regulated data in approved facilities simplifies audits and regulator discussions.

  • Predictable performance. LAN-speed access is possible because files remain on the internal network, avoiding multitenant “noisy neighbor” effects.

  • Selective cloud adjacency. Use cloud where it adds value, with integration between on-prem and cloud environments, without surrendering core custody of files.

In short, the durable pattern is hybrid: retain control on-prem while delivering modern, secure remote file access everywhere. This approach enables users to securely access and collaborate on files in a controlled environment.

The solution: MyWorkDrive turns file servers into your private cloud

With MyWorkDrive, you deploy software that enables secure on-prem file access by publishing your existing Windows file shares, Azure Files, or NAS over HTTPS for on-prem file access from anywhere—without VPNs or data migration. The platform gives you cloud-like convenience and keeps data under your control.

  • Keep data where it lives. Files stay on approved storage. You avoid duplicating or re-permissioning data in a third-party repository.

  • Identity and access your way. Integration with existing systems such as Microsoft Entra ID or Active Directory allows for SSO and conditional policies, then enforces private cloud security with DLP controls, device approval, and optional watermarking via the Security model.

  • Honor NTFS ACLs. Least-privilege stays intact across shares and departments.

  • Familiar user experience. Map drives on Windows and macOS, or use the web client and mobile apps for a seamless experience where users can share files securely and conveniently. Users are accessing files remotely from any location, can connect to internal resources with no VPN required, and need only an internet connection for remote access. The solution is secured with enterprise-grade security features, allowing users to access work files from any device. The software integrates with existing IT systems and does not require cloud servers for on-prem file access. This approach enhances productivity for remote and mobile users.

  • Browser editing without data sprawl. Enable Office online co-editing or your preferred WOPI editor while files remain in your storage.

  • Audit and governance. Centralized logging aligns with Data Sovereignty goals, supporting ensuring compliance with regulatory standards and helping ensure secure access to sensitive data.

The benefits of using MyWorkDrive for on-prem file access include secure, compliant, and productive remote work without reliance on VPNs or cloud servers.

Why the hybrid model reduces risk

1) Control and uptime

By keeping primary storage managed directly by your organization and exposing it through MyWorkDrive features, you minimize dependence on any single provider’s control plane. When external regions wobble, your core on-prem file access remains available on your terms. The Azure and AWS incidents underscore the value of diversified control.

2) Private cloud security

Publish files over HTTPS in a secured manner, apply MFA/SSO via Entra ID, and enforce DLP restrictions at the session layer. This architecture reduces lateral-movement risk inherent in broad network tunnels and improves private cloud security without sacrificing usability.

3) Data sovereignty and compliance

Serve global teams while retaining locality. Keep regulated data in specific datacenters and present secure remote file access via browser or mapped drives. Audits become simpler when data resides in known locations aligned to data sovereignty policies, helping to ensure compliance with regulatory requirements.

4) Cost efficiency

Use existing storage investments and apply cloud only where it adds clear value. Using public cloud for resilience can increase costs compared to on-prem storage, as you avoid multi-region duplication and egress charges just to chase resilience.

5) Better user experience than VPNs

Eliminate fragile VPNs and sync clients. Users authenticate once and begin accessing files directly—no VPN required—by mapping drives and working with large files or legacy line-of-business paths using on-prem file access that behaves like being on the LAN.

Leveraging existing infrastructure and NTFS permissions

CentreStack empowers organizations to deliver secure remote access to on-premises file servers by building on their existing infrastructure and NTFS permissions. Instead of requiring a disruptive migration or complex reconfiguration, CentreStack integrates seamlessly with Windows Server environments and Active Directory, ensuring that user authentication and access control remain consistent and familiar.

By honoring existing NTFS permissions, CentreStack eliminates the need to recreate or manually manage user access rights. This not only saves valuable IT resources but also ensures that sensitive data remains protected according to established security policies. Users can securely access files from any location—whether in the office, at home, or on the go—without the need for a traditional virtual private network (VPN) or complicated setup. Secure connections are established over HTTPS, and single sign-on (SSO) capabilities streamline the login process, allowing users to access files from desktops, laptops, or mobile devices with enhanced security.

For organizations with diverse IT infrastructure, CentreStack supports both on-premises file servers and cloud storage solutions like Azure Files, providing flexibility to adapt as needs evolve. By keeping data on-premises or within approved cloud environments, organizations can maintain data sovereignty and meet regulatory compliance requirements, reducing security concerns and audit complexity.

This approach is especially valuable in industries such as healthcare and finance, where secure remote access to sensitive data and strict compliance are non-negotiable. For example, one organization leveraged CentreStack to provide secure remote access for its distributed workforce, enabling employees to access sensitive files without relying on traditional VPNs. This not only improved productivity and operational efficiency but also reduced costs and simplified compliance management.

Architectural patterns that work

  • On-prem primary, cloud-adjacent: Keep file servers or Azure Files as the system of record, ensuring primary storage remains on the internal network. Integrate with existing IT systems and expose through MyWorkDrive gateways, applying conditional access with Entra ID.

  • Multi-site with locality: Place storage near users for performance while enforcing central governance.

  • Cloud storage, private access: If you standardize on Azure Files or compatible NAS, publish secure remote file access through MyWorkDrive to avoid broad network exposure. These patterns can be adapted to different environments.

FAQs

Is on-prem file access more secure than cloud?Security depends on control and configuration. On-prem file access preserves native NTFS permissions and custody, while MyWorkDrive security adds HTTPS, MFA/SSO, and DLP to harden endpoints and sessions.

How does MyWorkDrive support data sovereignty?Admins keep data in approved facilities and present access through the web, mobile, or mapped drives. That design aligns with data sovereignty mandates and reduces audit scope by avoiding unnecessary data movement.

Can I use MyWorkDrive with Azure Files or NAS?Yes. As a hybrid cloud solution, MyWorkDrive supports Windows file servers, Azure Files, and SMB-compatible NAS while honoring existing NTFS ACLs and shares.

What about performance for large files?Keep primary storage local for heavy users and deliver secure remote file access via mapped drives or browser for distributed teams. Users can efficiently access large work files from any device and location, supporting productivity for mobile and remote teams. You can mix patterns to balance speed and reach.

Does this replace VPNs for file access?Yes. MyWorkDrive provides secure access to files without VPNs by publishing files securely over HTTPS and enforcing granular controls, reducing the lateral-movement risk that traditional VPNs can introduce.

Can users access files from remote locations?Yes. MyWorkDrive enables authorized users to access files securely from remote locations, ensuring operational efficiency and data protection regardless of where users are working.

Conclusion and Next Steps

Cloud services are valuable, but not infallible. The Azure West Europe “thermal event” and the AWS US-EAST-1 outage show how shared dependencies can disrupt even well-architected environments, as documented by The Register and Reuters.

A safer, smarter strategy is clear: keep mission-critical data on-prem, and deliver modern access with MyWorkDrive as your hybrid cloud solution. This hybrid model supports enhancing productivity for distributed teams while improving resilience. To see how this model improves resilience, schedule a demo and modernize private cloud security without giving up control.

Table of Contents