Client Area

This section can be repurposed a number of ways.


Cloud Prisoner

Don’t become a prisoner of your computing infrastructure or private cloud. Understand who has custody of your data. 

The cloud simplifies remote access, business continuity, and disaster recovery. But what happens when you change IT service vendors? 

‍From basic services like email and Office365 to Infrastructure as a Service and complete virtual desktop, an organization can gain flexibility, redundancy, business continuity, security, and even competitive advantage by working in a Cloud environment. 


As reported on by HelpNet Security in late 2020, high-availability access, on-demand computing power, limitless storage, and enterprise grade security lifted the rate of Cloud adoption among small/mid-size businesses even before the pandemic, and hit ludicrous speed once the remote workforce took to their homes. 

Since most organizations will use a technology integrator or managed service provider for the migration, what happens when that vendor is no longer providing services? Even without a “long-term contract”, because of how some Cloud environments are designed, a business can get stuck in a scenario that makes it hard to change IT vendors. So, how can your business stay protected? Here’s what you need to know: 

1) When MSPs first began considering Cloud for their clients (almost a decade ago) public Cloud wasn’t what it is today, and most built their own.

2) Leveraging private data centers, these technology firms invested in massive infrastructure, and built highly proprietary “walled gardens
3) Offering clients a scalable environment with business continuity and integrated disaster recovery, a solution was born
4) Over the years, IT firms spent hundreds of thousands of dollars in capital expenses and upgrades to ensure performance, availability, and security. Changing their Cloud offering isn’t typically an option
5) Clients in these environments have only one choice when it comes to who can provide services/support. Migrating to a new platform is costly and time intensive

Technology firms that made the leap to offer public infrastructure do see thinner margins, but they also have access to the most cutting-edge technology, integrated cybersecurity tools, and tremendous flexibility for clients that understand data custody and have concerns about uprooting an entire virtual ecosystem if the need for a new technology partner arises.

So What Can You Do?


Understanding who has custody of your data (where data resides), how it’s accessed, and what’s involved when it comes time to sever a relationship is critical, and it’s up to you, the client, to figure it out. Here are some questions to ask:

  • Where exactly is your data stored? 
  • What virtualization tools/systems are used for access?
  • Is there anything proprietary about the infrastructure?
  • Is there anything proprietary about the access tools? 
  • What happens if the vendor is no longer providing service?
  • Is it a total “lift and shift” of your data, email and apps?
  • Is it simply changing the owner of record?
  • What’s involved in a typical migration?
  • If possible, speak with references and even former clients to discuss their migration experience

At the end of the day, no one of us want to think about ending a relationship before things even get started. But since change is one of the few constants, being prepared is critical and it’s always better to address these issues now when the relationship is healthy.


We’d love to hear your thoughts on Cloud adoption, or a story relating to Cloud on-boarding/off-boarding. Drop your info below, set a time on our calendar or shoot us an email.

Customer support experience

Small and midsize businesses deserve the best technology support and services at fair prices. 


Partners in business. Not just words.


These are stressful times, and our support staff understands that you never know what the person on the other end of the phone is going through. 


Providing world class service to the small and midsize business community, our help desk technicians realize they are the front-line for your business.  They bring their a-game every single day and we can’t say enough how much we appreciate all of their efforts! So we’ll let our partners speak for us with this handy animation —


Customer service

Our client satisfaction (C-SAT) rating in 2022 is over 98%. Not getting the experience promised from your IT services provider? We wrote about this recently in our blog on all-inclusive support, and talk about our (more than 100 five-star Google Reviews often.  Delivering on end-results is what OWG is all about. 


Book a time on my calendar and let’s talk about your concerns.

Keyboard with Support Key

For some businesses, an all-inclusive monthly support fee seems like a great option when engaging an IT services vendor.

While in principal we don’t disagree with the model, how does a business leader understand what they’re getting? 


What do you do when “the trip doesn’t match the brochure”? 


Managed IT services contracts generally follow a rigid set of one-size fits all services and support terms. While most issues are covered, many customers find themselves with unexpected monthly bills for issues that don’t fall within agreed to parameters.


So what can you do if you want a predictable billing model? What if that’s the only option the vendor is offering? Here are a few things to do…

1) Review the “fine print”. Discuss service exclusions, data retention fees, technology refreshes, and network updates. These “edge cases” (which many are led to believe will never happen) are in fact where IT vendors can profit the most.  


2) Ask about what’s not included. It’s not just about Service Level Agreements (SLA’s) and response times. Exclusions should also be clearly documented and easily explained. Most IT providers won’t cover things like printers, phones and 3rd party apps. But what if those are critical to your business?


3) Talk with your team.  Understand all your company’s specific technology needs. A more technically savvy staff with modern equipment could require less support, but things like remote access, collaboration tools, cybersecurity, and support for third-party apps should be considered.  


4) Don’t get locked in.  Critical is a solution where you aren’t locked into a single provider and can move business apps and data without a massive lift and shift operation. This is key to the client-vendor relationship and ensures transparent billing and the best service possible.


5) Check the MSP’s reviews! And not just two or three referrals…It’s 2022 and every service business on the planet is being reviewed by satisfied and not-so-satisfied clients. OWG has over 100 five-star reviews

It’s important to note that as systems have advanced, some service providers can now match all-inclusive offerings with specific, individualized client needs. 


However, this is more difficult than it sounds and requires a mature MSP with an empathetic approach, and an ability to problem solve. It also requires buy-in from both sides, and a true desire to for that trusted partner relationship. 


Success today stems directly from an organization’s flexibility and its ability to adapt. A trusted IT services partner/MSP is a must-have, and critical for any organization looking to build or even remain competitive. Take your time, chose your partner carefully, and reach out with any questions or concerns. We’re happy to be a resource!

Drop your name and email below to learn more, or tag our calendar and let’s have a conversation.

Azure Cloud

Microsoft Azure features an ever-expanding set of cloud services to help your organization meet your business challenges. Its integrated cloud-computing services include analytics, computing, database, mobile, networking, storage, and web apps. All this leads to moving faster, achieving more, and saving money.

  • Fast app delivery
    Quickly develop, deploy, and manage your enterprise, mobile, web, and Internet of Thing apps anywhere with your choice of tools, language, or framework.
  • Security
    Ensure the safety and privacy of your apps and data through Azure Backup and Disaster Recovery, as well as more comprehensive compliance coverage
  • Better decision-making
    Make strategic decisions using predictive analytics and valuable insights
  • Scalability
    Seamlessly scale up or down with Azure according to your business cycles

Use Azure and free up your team and allow them to focus on where your firm can add value and great customer experiences. 

Drop your info and get a free consultation today!

Whats a vulnerability assessment

Can today’s business leader explain what a vulnerability assessment actually is?

Like trying to explain what water tastes like, or defining the word “the”, we’ve found that while today’s business leader is quite familiar with the term “vulnerability assessment” few can explain what a vulnerability assessment actually is.


Even more, ask three IT professionals what a vulnerability assessment is and you’re likely to get three different answers.  

So what is a vulnerability assessment? How often should you have one? How much should you expect to pay? And what’s the difference between a vulnerability assessment and a penetration test? .

Defining a vulnerability assessment as “the process of defining, identifying, classifying, and prioritizing vulnerabilities in computer systems,applications, and network infrastructures”, our friends at TechTarget have published an excellent article defining the process and detailing some of the finer points. Below is a summary of TechTarget’s publication, and a few of their highlighted best practices. (For a deeper dive into the process, check out ‍

As explained by Linda-Rosencrance of TechTarget, a vulnerability assessment can provide an organization with the necessary knowledge to understand and react to threats within its environment. Organizations of any size, or even individuals who face an increased risk of cyber attacks, can benefit from some form of vulnerability assessment, but large enterprises and high-target organizations (eg. insurance agencies, financial institutions, accounting firms, medical offices, law firms) that are subject to attacks will benefit most from a vulnerability analysis as they provide an organization details on any security weaknesses in its environment and direction on how to assess the risks associated with those weaknesses. 


The process offers an organization a better understanding of its technology assets, security flaws and overall risk, thereby reducing the likelihood that a cybercriminal will breach its systems and catch the business off-guard.‍

Types of vulnerability assessments

·        Network-based scans: Used to identify possible network security attacks. This type of scan can also detect vulnerable systems on wired or wireless networks.
·        Host-based scans: Used to locate and identify vulnerabilities in servers, workstations or other network hosts.This type of scan usually examines ports and services that may also be visible to network-based scans. However, it offers greater visibility into the configuration settings and patch history of scanned systems, even legacy systems.
·        Wireless network scans: Focus on points of attack within the organization’s wireless network infrastructure. In addition to identifying rogue access points, a wireless network scan can also validate that a company’s network is securely configured.
·        Application scans: Test websites to detect known software vulnerabilities and incorrect configurations in network or web applications.
·        Database scans: Identify weak points in a database to prevent malicious attacks, such as SQL injection attacks.

Vulnerability assessment vs. pen test

A vulnerability assessment often includes a penetration testing component to identify vulnerabilities in an organization’s personnel, procedures or processes. These vulnerabilities might not normally be detectable with network or system scans. The process is sometimes referred to as vulnerability assessment/penetration testing, or VAPT.


However, penetration testing is not sufficient as a complete vulnerability assessment and is, in fact, a separate process.

A vulnerability assessment aims to uncover vulnerabilities in a network and recommend the appropriate mitigation or remediation to reduce or remove the risks. It uses automated network security scanning tools, and lists the results in an assessment report. However, it does so without evaluating specific attack goals or scenarios. Organizations should employ vulnerability testing on a regular basis to ensure the security of their networks, particularly when changes are made. For example, testing should be done when services are added, new equipment is installed or ports are opened.



Penetration testing, in contrast, involves identifying vulnerabilities and attempting to exploit them in order to attack. Although sometimes carried out in concert with vulnerability assessments, the primary aim of penetration testing is to check whether a vulnerability really exists and infiltrate the organization. In addition, penetration testing tries to prove that exploiting a vulnerability can damage the application or network.

Finally, while a vulnerability assessment is usually automated to cover a wide variety of unpatched vulnerabilities, penetration testing generally combines automated and manual techniques to help testers delve further into the vulnerabilities and exploit them to gain access to the network in a controlled environment.

For more information or to discuss how a vulnerability assessment can help your organization just complete the form below or set a time to connect.

Portions of this article were written by Linda-Rosencrance and published by TechTarget at

Google Reviews

As a distinguished IT services firm, we pride ourselves on great tech support!

Have you ever submitted a help desk ticket only to never hear back, or hear back and not have a solution to your problem? 

A strong IT services desk increases productivity and sets up your business for success. 

Don’t take our word for it…check out what our partners have to say:


As the business community faces down cyber threats, one medical office is defending itself with a Zero Trust approach to cybersecurity

Physicians have always been at the front of the line when it came to technology integration. Among the first to realize the benefits wearing a pager, having a cell phone, using a tablet, and essentially digitizing their business, doctors and researchers are typical early adopters of mobile, Cloud and IOT systems. 

As attacks on the healthcare industry make weekly news, personal information (PII) floods the black market, and steep fines take their toll,doctors and practice administrators wonder what they can do differently. 

A holistic strategy, a Zero Trust approach to cybersecurity means that you:

     1) Verify Explicitly
     2) Use Least Privilege
     3) Assume Breach

Want to learn more? Complete the form and download the business case.

Zero Trust

As cyberattacks on midsize firms prove inevitable, are you ready to be hit?

A strong defensive posture minimizes exposure, limits collateral damage and protects client privacy. ‍

We’ve been providing IT consulting and technology services to the mid-size business community since 1999, and from basic firewalls to advanced breach detection systems we absolutely guarantee there’s no shortage of security products designed to protect the enterprise. 


But third party/supply chain attacks have changed this game. Drastically. And, from the most basic user training videos, to a 24×7 monitored security and information management (SEIM) system, there’s not one thing a business can do to protect data when its business management system, ERP or CRM is breached. Bottom line – every business on the planet relies on third-party software and there’s simply no safe place to hide. Boo!

Since shutting down shop isn’t an option, we must, as always, take up this threat and face it head on!


As we wrote in an post about Zero Trust Cybersecurity, you can only worry about what’s within your control. Since fully defending against this attack isn’t possible, we can only protect our organizations and prepare to be attacked.

1. Deploy a multi-layered detection and response approach. Multisyllable marketing jargon aside – as quickly as possible, you need to know you’ve been breached, and you need a post-attack response plan (or plans). “Honeytokens” or virtual trip wires setup to alert organizations of suspicious activity in their network are a great tool. If a being breached is bad, not learning about it till days or weeks after it happens is worse and not knowing what to do next can be catastrophic.

2. Include threat hunting as regularly scheduled IT maintenance. As described by our partners at SentinolneOne, threat hunting is quite a different activity from incident response (IR). While IR methodologies aim to determine what happened after a data breach, a threat hunting team searches for attacks that have slipped through your defensive layers to help you find adversaries hiding in your network before they can execute an attack or fulfill their goals.


3. Work with a SIEM solution that offers automated remediation actions. A security information and event management (or SIEM) is a cybersecurity solution that collects and converges data from different parts of your IT environment with the intent of monitoring your firm’s security levels. Providing advanced visibility and insight into your users, endpoints, traffic, activity, and more, a SIEM enables you to maintain oversight into your network and beyond the perimeter as your company scales.

4. Log capture and file retention for critical infrastructure. As detailed in this whitepaper from the National Institute for Standards & Technology (NIST) nvlpubs.nist, log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems. 

5. Encryption for all data. In cryptography, encryption is the process of encoding information or sensitive data so only authorized parties can access it. While encryption can’t prevent criminal activity or third-party attacks, it does deny intelligible content to the interceptor. For more on encryption, we recommend this article published by UpGuard

6. Use two-factor/multi-factor authentication. With two-factor authentication enabled, criminals who do gain access to user login credentials aren’t automatically granted entry. A key element to a Zero-Trust Security framework, multi-factor authentication requires users validate their identity to provide that extra layer of security.

Above all, at OWG we believe cybersecurity will always come down to your corporate culture and your posture – on your toes, knees bent, arms ready. Stay sharp, be prepared and have your plan in place and you’ll have an advantage and typically able to weather the storm. The complacent or unprepared will get swallowed.  


For more information, or to set a time to speak, drop your name and email below and we’ll reach out.