The Security Risks of On-Premise Payroll Software



2024/25 Payroll Legislation Guide

The facts, figures, thresholds and allowances for 2024/25, in one handy guide.

Did you know that the roots of payroll software date back to the 1950s? That’s because payroll has always been a complex and difficult operation, and a payroll system is essentially a complex calculator. But back then, computers were huge machines, occupying space equivalent to a small warehouse.

This means that the majority of payroll businesses are quite old (for software companies…) and have legacy desktop products that were distributed to customers. This eventually lead to most payroll companies creating “on-premise” payroll solutions—meaning a product that’s saved to a computer owned and operated by the customer.

On-premise versus cloud

On-premise payroll systems involve installing software directly onto a company’s own servers and maintaining them on-site. This setup requires dedicated hardware, regular maintenance, and IT expertise to ensure proper functioning and security. On the other hand, cloud-based payroll solutions leverage the power of the internet and store data on remote servers managed by a third-party provider. This eliminates the need for on-site infrastructure and allows for seamless access from anywhere with an internet connection.

Cloud solutions offer scalability, automatic updates, enhanced security measures, and simplified maintenance, making them the best choice for businesses seeking efficiency and flexibility in their payroll operations.

Why is on-premise so risky, exactly?

Initially, this setup sufficed. But as technology progressed, so did our working habits. We began working from multiple locations, necessitating the interconnection of these centralised computers, commonly referred to as “servers.” This interconnection also meant exposing these servers to the vastness of the internet.

Now, exposing a networked computer to the internet introduces a myriad of risks. It demands extensive knowledge, significant effort, and constant vigilance from the company that owns and must protect these servers. This poses a serious security challenge.

Let’s consider a Las Vegas casino as an analogy. Picture the vast amount of money and chips that a casino must protect. When the casino is bustling with activity, each table becomes a potential target for compromise. Safeguarding hundreds of different locations, each with its unique vulnerabilities, requires tremendous effort.

Eventually, when the casino shuts down for the day, all the chips are gathered up and securely locked away in a vault. This vault boasts an extra-thick door, guarded by a team of five security personnel, and lies deep underground. The risk diminishes significantly.

Computers operate on a similar principle. When a software vendor supports thousands of customers with on-premise installations, you can bet there will be countless potential issues to contend with. Even worse, in the case of payroll software, the vendor often requires access to your server for bug fixes and upgrades, heightening the risks involved.

Advancing security with cloud

Many companies specialising in on-premise payroll solutions tend to be more traditional in nature, with digital services not being their core expertise. That means they might lack the extensive experience and investment required to prioritise security effectively.

Recognising the need for heightened security, Cintra, over the past year, has made a monumental shift. We’ve seamlessly transitioned all our on-premise customers into our cutting-edge cloud environment. But that’s not all; we’ve taken measures to fortify our virtual vault door.

Regular penetration tests are performed to identify and address any vulnerabilities in our systems. We’ve partnered closely with the National Cyber Security Centre (NCSC) to enhance our situational awareness. And we’ve adopted a defense-in-depth strategy, meticulously controlling network access, preventing unauthorised logins, and strictly regulating permissions. Even if an intruder manages to bypass these safeguards, we have robust data loss protection tools in place to mitigate any potential damage.

To reinforce our heightened security, we’ve implemented several state-of-the-art tools. Each year, we invest hundreds of thousands of pounds to ensure that our systems remain as secure as possible.

No one can offer you a cast-iron guarantee that they’ll never be compromised… but adopting a SaaS (Software as a Service) tool and moving away from on-premise solutions will dramatically increase your resilience and security.

Join us on this journey toward a more secure future for your payroll operations. Book a demo to see Cintra in action.


Find out more about using Cintra Pay to run accurate, compliant and efficient in-house payroll.

Picture of Seb Aspland
Seb Aspland
Seb is our Chief Technology Officer—leading product, development and IT across the entire PSSG group! Outside of his passion for building products that solve real-world problems, you'll find him reading a good book or out on his road bike.