Client Profile
| Detail | |
|---|---|
| Industry | CPA Firm |
| Firm Size | ~40-50 employees |
| Location | Bay Area, California (San Jose / South Bay) |
| Services Used | Managed IT, Cloud Infrastructure & Virtual Desktop Modernization, Microsoft 365 Platform Management, Virtual Application Delivery for Legacy Accounting Software, Cybersecurity Monitoring & Incident Response, Compliance & Risk Management (FTC Safeguards, GLBA) |
| Timeline | 6 months |
| Relationship | 3+ year One82 client |
The Challenge
As a growing CPA firm with distributed staff and heavy seasonal demand, the firm relied on six servers hosted in a third-party datacenter to support core accounting and tax applications. While this setup had worked historically, it became increasingly fragile during tax season. Even short outages or performance issues had immediate downstream impact on staff productivity, client deliverables, and partner confidence.
The environment had accumulated significant technical debt over time. Systems were aging, dependencies were tightly coupled, and fixes often introduced new issues elsewhere. During peak periods, the firm experienced a recurring pattern of instability that required constant intervention. Staff frustration increased, leadership visibility into risk decreased, and the long-term viability of the environment came into question.
At the same time, the firm was facing increasing regulatory and cybersecurity pressure. As a public accounting firm handling sensitive financial and tax data, they were required to demonstrate stronger controls under the FTC Safeguards Rule and related regulatory frameworks. Maintaining compliance documentation, security oversight, and audit readiness in a server-heavy environment was consuming leadership time and creating unnecessary risk exposure.
The Solution
One82 partnered with firm leadership to re-architect the firm’s technology foundation with a clear objective: remove all on-prem and datacenter-based servers while preserving full access to critical accounting and tax applications. Rather than attempting a disruptive one-time cutover, the project was executed as a structured six-month engagement with clear milestones and phased delivery.
The firm was transitioned to a Microsoft 365-centric operating model, with legacy applications delivered through a secure virtual application experience. From the user’s perspective, daily workflows remained familiar, but the underlying dependency on physical servers was eliminated. This allowed the firm to maintain continuity during tax season while steadily retiring legacy infrastructure.
In parallel, One82 embedded cybersecurity monitoring, risk management, and compliance governance into day-to-day operations. Formal security planning, documented policies, and continuous oversight were introduced to align the firm with regulatory expectations without placing additional burden on partners or internal staff. The result was a predictable, managed environment that reduced operational noise and shifted IT from reactive problem-solving to proactive support.
The Results
- Six on-prem and datacenter-based servers fully eliminated
- Successful transition to a serverless operating model built on Microsoft 365 with virtual application delivery
- Legacy accounting and tax software fully operational without local or datacenter servers
- FTC Safeguards Rule-aligned Written Information Security Plan (WISP) implemented and maintained
- Ongoing managed cybersecurity monitoring and incident response
- Approximately 3+ years as a One82 client
“Our last tax season, on the new system, was the smoothest we have ever had!”
— Partner, CPA Firm
Frequently Asked Questions
How long does it take to eliminate on-premises servers for a CPA firm?
In this case, the full transition was completed over a six-month engagement. Timelines vary based on application complexity, the number of servers involved, and seasonal timing. One82 avoids scheduling disruptive changes during tax season to protect firm productivity.
What compliance frameworks does One82 support for CPA firms?
One82 supports FTC Safeguards Rule compliance, GLBA-aligned security planning, IRS Publication 4557 requirements, and ongoing risk management. This includes creating and maintaining a Written Information Security Plan (WISP), conducting annual risk assessments, and providing the compliance documentation needed for regulatory reviews and cyber insurance renewals.
How does One82 support accounting software that traditionally requires a server?
One82 delivers legacy applications through a secure virtual application model, eliminating the need for physical or datacenter servers while preserving the workflows your team relies on. Staff access their accounting and tax software through a cloud-delivered experience that looks and feels familiar but runs on modern, maintained infrastructure.
What is a WISP and why does my CPA firm need one?
A Written Information Security Plan (WISP) is a documented plan that describes how your firm protects client data. It is required by the FTC Safeguards Rule for all financial institutions, including CPA firms. The WISP identifies the data you collect, the safeguards in place, the person responsible for security, and your incident response procedures. One82 creates and maintains WISPs as part of our compliance services for CPA firms.
Can a CPA firm operate without any on-premises servers?
Yes. This case study demonstrates that even firms running complex legacy accounting and tax applications can successfully transition to a fully serverless operating model using Microsoft 365 and virtual application delivery. The key is working with an MSP experienced in accounting firm technology to ensure application compatibility and workflow continuity.
