How to Secure a Server
A server can be configured as a File Server or a Compute Server. There are advantages and disadvantages of each.
Windows File Server, Linux SAMBA server, or Storage Area Network (SAN) CIFS Share: A file server "serves" files across the wire to the client machine requesting access. This does not require high-end hardware to serve files to many clients. However, the files end up on the user's computer, which we want to avoid when dealing with sensitive data. The emphasis for securing the data on a file server is placed on securing the server, redirecting all files (including temporary statistical analysis files) back to the server share, and securing the user's local computer.
Windows Terminal Server and Linux Compute Server: A compute server stores and processes all files directly on the server: files do not cross the wire to the user's computer. The security benefit to using a compute server is that all of the sensitive files stay on the server. However, the compute server environment typically requires higher-end servers with more processing power and memory to accommodate a large number of users. While we still need to evaluate the security posture of the user's computer, the main emphasis for securing data on a compute server is securing the compute server and the communication tunnel between the server and the user's computer.
The following form to describe your security plan contains two tables of security controls: one for the server and one for the user's local computer. The second link below offers an explanation of the security controls for both the server and workstation: