All case studies

AFM Services strengthens security and flexibility for 47 staff with co-managed IT model

An Adelaide accounting firm decommissioned its on-premise server by migrating MYOB to Xero, deployed Zero Trust security with ThreatLocker and Essential Eight ML1, and adopted a co-managed IT model with Otaris.

Powered by Calendly — your data is handled securely.

More case studies
Industry
Accounting / Financial Services
Team size
~47 staff
Location
Norwood, SA
Plan
Fortress
Model
Co-managed IT

Meet the client

AFM Services is an Adelaide-based accounting and financial services firm with over 30 years of experience, operating from 42 Fullarton Road, Norwood. Founded by John Zerella, the CPA Public Practice firm provides accounting, bookkeeping, wealth strategy, advisory and finance solutions to small and medium businesses. With around 47 staff serving a diverse client base, AFM handles sensitive financial data every day — and their clients trust them to keep it secure.

What they were up against

External

AFM ran its operations on an on-premise server hosting Remote Desktop Server and MYOB Accountant's Office. MYOB was a legacy application that required a physical or virtual server to run its database — which meant the firm was locked into maintaining server infrastructure just to keep their practice management software running. Remote access was restricted, the infrastructure couldn't keep up with increasing demands causing performance bottlenecks, and sensitive financial data lacked advanced security features and comprehensive monitoring. The servers required regular maintenance, consuming valuable IT resources.

Internal

AFM had an internal IT resource handling day-to-day support, but the complexity of modern cybersecurity frameworks, business continuity planning, and specialised infrastructure tasks was beyond what one person could reasonably cover alone. When that person was sick or on leave, there was no backup. The firm felt exposed — they knew their security posture wasn't where it needed to be, but didn't have the in-house expertise to close the gaps.

An accounting firm trusted with their clients' most sensitive financial data shouldn't have to choose between keeping an on-site IT presence and getting enterprise-grade security. They should be able to have both.

How we stepped in

Otaris understood that AFM didn't need to replace their internal IT resource — they needed to augment them. With deep experience in cybersecurity frameworks, cloud migrations, and managed services for accounting firms, Otaris proposed a co-managed IT model that would give AFM the best of both worlds: a trusted on-site presence backed by external expertise for the complex, specialised work.

What we delivered

  1. Assessment and planning

    Thorough assessment of existing IT infrastructure, applications and workflows. Detailed migration plan with timelines, resource allocation, risk management and contingency plans.

  2. MYOB to Xero migration and server decommission

    Migrate practice management from MYOB Accountant's Office (which required a server) to cloud-based Xero. By removing the legacy application that demanded server infrastructure, Otaris could decommission the on-premise server entirely and move all IT systems to endpoints.

  3. Microsoft 365 and collaboration

    Deploy Outlook, Teams, SharePoint and OneDrive. Migrate on-site file share documents to Microsoft Teams for anywhere access. Set up video conferencing rooms for remote client meetings.

  4. Zero Trust security framework

    Implement ThreatLocker application whitelisting, Mobile Device Management, Essential Eight Maturity Level 1 compliance, uSecure dark web monitoring and per-user security training.

  5. Network and communications

    Managed Fortinet and Cisco router/firewalls with 4G failover, 4 managed network switches, 5 wireless access points, and 3CX PBX on AWS with SIP trunks for phone system.

  6. Co-managed IT model

    AFM's internal IT resource remains the primary on-site contact for end-user support. Otaris manages escalations, complex issues, infrastructure, system monitoring, strategic consulting, cybersecurity, business continuity — and provides seamless cover when the internal resource is on leave or unavailable.

The cost of inaction

Without action, AFM's sensitive financial data remained protected only by basic security measures — insufficient for a firm handling client tax records, financial statements, and wealth management data. The single internal IT resource was a bottleneck and a risk: one illness or resignation could leave the firm without IT support entirely. The legacy MYOB system kept them chained to server infrastructure they couldn't easily scale or modernise, and the ageing setup limited the firm's ability to offer flexible working arrangements in a competitive hiring market.

Before and after

Before
After
  • On-premise server required to run MYOB Accountant's Office
    Server decommissioned — Xero runs in the cloud, all systems moved to endpoints
  • Restricted remote access for staff
    Microsoft 365 — staff work securely from anywhere
  • Basic security — no application whitelisting or Zero Trust
    ThreatLocker + MDM + Essential Eight ML1 + dark web monitoring
  • Single internal IT person — no backup, no specialist support
    Co-managed model — on-site presence + Otaris for escalations, leave cover, and specialised tasks
  • Legacy phone system
    3CX PBX on AWS with SIP trunks
  • No formal business continuity or DR plan
    Managed firewalls with 4G failover + Veeam backups + DR plan

Where they are now

AFM now operates under a Zero Trust security framework with ThreatLocker application whitelisting, mobile device management, and Essential Eight Maturity Level 1 compliance — giving their clients confidence that financial data is properly protected.

The migration from MYOB to Xero allowed Otaris to decommission the on-premise server entirely, moving all IT systems to endpoints and eliminating the infrastructure overhead that came with maintaining a legacy application. The co-managed IT model means AFM's internal IT resource stays focused on day-to-day user support while Otaris handles the heavy lifting: cybersecurity, business continuity planning, infrastructure management, and strategic consulting.

When the internal resource is on leave or unwell, Otaris provides seamless cover so the firm is never without IT support. Staff can now work flexibly from any location through Microsoft 365, with managed Fortinet and Cisco firewalls providing 4G failover to keep the office connected even during internet outages.