INFRA THAT
STAYS UP

We operate the infrastructure, cloud and security of companies that can't afford downtime — hospitality, professional firms, retail, manufacturing and corporates in Mexico and LATAM. We monitor, document and resolve before you even notice the failure.

Request diagnostic See engagement models

Free initial diagnostic · reply in under 24 h · no commitment

22 platforms in production right now
// PROFILE · 01 TEAM

Your operations, managed with method.

We're a specialized infrastructure, cloud and cybersecurity team that operates the IT of companies in Mexico and LATAM — hotel groups, retail chains, manufacturing plants, professional firms and corporate offices. We combine deep technical expertise with a consultative and documentation-first approach, with no commercial layers and no tier-1 / tier-2 hand-offs.

Every server we document, every backup we verify, every VPN we lock down — that's one less hour of uncertainty for your operation. What's measurable matters more than what's aspirational.

99.97%
Uptime target
critical operations
22stack
Platforms managed in production
5steps
Documented process per project
100%
Projects with living documentation
// FRAMEWORKS ISO/IEC 27001 · ISO/IEC 27002 · NIST CSF · CIS Controls · ITIL v4
// MANIFESTO

We don't sell
technology.
We build foundations.

SYSTEM DOCUMENTATION CONTINUITY
60%+

of mid-market companies in LATAM operate without a documented continuity plan or verified backups.

Source · INEGI · ENUTIH (Mexico)
~21 d

it takes on average for a company to detect an intrusion without active proactive monitoring.

Source · Industry cybersecurity reports 2023–2024
1 person

holds all the technical knowledge in most mid-market companies. If they leave, get sick or don't answer — operations stop.

Source · Sector observation
// ENGAGEMENT · 05 WAYS TO WORK + M365 SPECIALTY

Work with us
the way that fits you.

SEC. 02 Engagement model
01 AI · AUTOMATION PROJECT OR MONTHLY FEATURED

AI & Automation

We build automations and agents that eliminate repetitive work and connect your real systems — no endless PoCs, just productive workflows. We roll out Microsoft Copilot with data governance and role-based permissions, so your team uses it well from day one.

  • Automations with n8n, Power Automate and custom scripts
  • AI agents connected to your internal systems
  • Microsoft Copilot with data governance and role-based access
  • Integrations for APIs, M365, ERPs and internal tools
  • Team training: prompts, use cases and operational guardrails
// STACK & TOOLING
n8n Microsoft Copilot Power Automate APIs / Webhooks Python Zapier / Make Agents LangChain
Deliverable: productive + documented workflows
02 CONSULTING HOURLY

Diagnostic
& advisory

For critical decisions, architecture evaluation, modernization roadmaps or technical advisory sessions.

  • Initial diagnostic of infrastructure and operations
  • IT strategy and enterprise architecture
  • Digital transformation and AI exploration
  • Hour banks for long-running advisory engagements
Deliverable: findings + roadmap
03 PROJECT FIXED SCOPE

Deployments
& migrations

Implementations with clear scope, phases and deliverables. Networks, servers, cloud, security, BCP and automation.

  • Networks, firewalls and VPN
  • Servers and virtualization Proxmox, VMware, Hyper-V
  • Cloud migrations to Azure, AWS or GCP
  • Hardening and Zero Trust architecture
Deliverable: documented infrastructure
04 SUPPORT MONTHLY

Managed
operations

Help desk, monitoring, preventive maintenance and recurring technical advisory.

  • 4 tiers: Starter, Standard, Premium, Enterprise
  • Formal SLAs for standard and emergency response
  • Included hours + monthly accruable bank
  • Dedicated Service Manager on Premium+ tiers
See tier comparison
05 WEB WORDPRESS

Enterprise
web development

Corporate sites: responsive design, technical SEO and initial team training.

  • 4 packages: Lite, General, Premium, Custom
  • Responsive design + essential plugins
  • Technical SEO and multi-language
  • E-commerce and payment gateway optional
Deliverable: production-ready site
// VERTICAL SPECIALTY

Microsoft, in depth.

Custom scope
M365 MICROSOFT · AZURE PROJECT OR MONTHLY

Microsoft 365 & Cloud Security

Professional management of the entire Microsoft platform — not just activating licenses and walking away. We design identity, security and real technical governance for companies that live inside the Microsoft ecosystem.

  • Identity & access with Entra ID, MFA and Conditional Access
  • Endpoint security with managed Defender and Sentinel
  • M365 hardening and baseline configuration review
  • Mailbox migration to Exchange Online + archiving
  • SharePoint, Teams and OneDrive with policies and backups
  • Zero Trust roadmap tailored to the actual company size
// MICROSOFT STACK
Entra ID Defender Sentinel Conditional Access SharePoint Exchange Online Teams OneDrive Intune Azure AD
Deliverable: documented and governed platform
// TIERS · 04 SUPPORT LEVELS

From Starter to Enterprise.
Same team, different scope.

SEC. 04Managed support
// Attribute
Starter
Standard
Premium
Enterprise
Devices covered
Up to 20
Up to 50
Up to 100
Up to 200
Recommended users
1 — 10
5 — 25
10 — 50
25 — 125
Support hours / month
5 h
10 h
20 h
60 h
On-site visits included
1
1
2
Standard hours
10 — 18 h
9 — 18 h
9 — 19 h
8 — 19 h
Standard SLA
10 h
8 h
8 h
6 h
Emergency SLA
6 h
4 h
4 h
4 h
Accruable hour bank
2 h / mo
3 h / mo
5 h / mo
15 h / mo
Dedicated Service Manager
Extended hours / accelerated SLA
Add-on
Add-on
Add-on
Add-on
// SLA · 04 PRIORITIES

How we prioritize
each incident.

Classification by operational impact
Critical
Main system down · network unavailable · server unreachable
Priority response and immediate escalation to specialist
High
Key user without access · critical VPN · payment or billing failure
Accelerated response within the SLA window
Medium
Slow device · printer · permissions · application error
Scheduled response with ticket tracking
Low
Minor requests · non-urgent changes · inquiries
Standard window of attention
// PROCESS · 06 STAGES PER ENGAGEMENT

Each engagement,
its own path.

SEC. 03 Working method
// CONSULTING · FROM DIAGNOSTIC TO ACTION

To evaluate your environment, identify risks and design a clear path — before implementing anything.

01

Intake

Input

Initial meeting with stakeholders to understand objectives, context, constraints and current business pain points.

02

Investigation

Analysis

Deep review of systems, flows, infrastructure, risks and operational opportunities.

03

Proposal

Decision

Alternatives, priorities, estimated budget and implementation path with well-defined phases.

04

Report

Deliverable

Document with findings, proposed architecture, risk matrix, KPIs and roadmap.

05

Findings

Summary

Executive brief with critical points, expected benefits and decisions for leadership.

06

Execution

Continuity

Transition to implementation, technical advisory or continuous improvement plan.

// DEPLOYMENT · FROM PLANNING TO EXECUTION

For implementations with clear scope, phases and deliverables — networks, servers, cloud, security, BCP, monitoring.

01

Planning

Start

Architecture design, detailed scope, deliverables, owners and execution calendar.

02

Procurement

Sourcing

Coordination of licenses, vendors, hardware and software required by the project.

03

Installation

Physical

Mounting, cabling, racks, servers, network devices, peripherals and base services.

04

Configuration

Logical

Network, security, users, permissions, firewall, VPN, monitoring and production services.

05

Testing

Validation

Connectivity, performance, security, redundancy and stability before going to production.

06

Documentation

Formal handoff

Configuration, diagrams, credentials, procedures, test evidence and recommendations.

// ONBOARDING · FROM KICKOFF TO CONTINUOUS SUPPORT

How we start a new managed support client — from inventory to the first monthly reports.

01

Intake

Scope

Identification of environment, objectives, stakeholders, risks and the right service tier.

02

Inventory

Discovery

Devices, access, accounts, configurations, backups and network topology documented.

03

Proposal

Agreement

Support plan, SLA, hours, priorities, channels and initial roadmap.

04

Deployment

Activation

Monitoring tools, RMM, secure access, procedures and support channels.

05

Operations

Day to day

Reviews, patches, support, prevention, change management and continuous improvement.

06

Reporting

Visibility

KPIs, incidents, activities and recommendations — delivered monthly to leadership.

// HELP DESK · FROM REQUEST TO RESOLUTION

The lifecycle of each ticket — from when a user reports an issue to when the case closes documented.

01

Request

Opening

The user reports the incident through an authorized channel: email, portal, business WhatsApp or phone call.

02

Classification

Triage

The ticket is categorized by operational impact, urgency and type of issue.

03

Assignment

Team

Assigned to the right technician or specialist based on skill and workload.

04

Diagnosis

Analysis

Problem review via remote session, call or on-site visit when applicable.

05

Escalation

Advanced

If the case isn't resolved on first contact, it's escalated to a specialist or an on-site visit is scheduled.

06

Resolution

Closure

Solution confirmed with the user, case documented in the log and ticket closed with evidence.

// WEB · FROM CONCEPT TO LAUNCH

Corporate sites, platforms, dashboards and automations — from the first meeting to go-live.

01

Discovery

Scope

Objectives, audience, required functionality, scope, timing and available budget.

02

Prototyping

Structure

Wireframes, visual structure, information hierarchy and base navigation flow.

03

Design

Visual

UI, visual identity, content, reusable components and user experience.

04

Development

Build

Site, platform, plugin or integration built with technical best practices and baseline SEO.

05

QA

Quality

Testing across devices, browsers, performance, basic security and end-to-end functionality.

06

Launch

Go-live

Publication, initial monitoring, fine-tuning and orderly transition to monthly maintenance.

// TEAM · OPERATORS, NOT AN AGENCY

Direct access, not a call center.

SEC. 05Who delivers it

Direct contact, full focus.

itworksteam.Cloud was founded by Daniel Brena, a specialist with over 15 years of experience in infrastructure, Microsoft 365, cybersecurity and managed operations for companies in Mexico and LATAM.

Daniel personally leads every project — from the first diagnostic to day-to-day operations. No rotating team, no chatbot, no tier-1 / tier-2 hand-offs. If you hire us, you know exactly who you're talking to.

15+
Years of IT experience
1:1
Direct contact with the founder
24 h
Initial response time
Daniel Brena · Founder

Daniel Brena

Founder · CTO · Single point of contact

15+ years designing and operating infrastructure, Microsoft 365 and cybersecurity for companies across hospitality, supply chain, manufacturing, professional firms and corporate offices. Specialization in Azure, identity with Entra ID, M365 hardening, cyber defense with Defender and Sentinel, operational continuity with Veeam, Zabbix / Wazuh monitoring, Fortinet networking, Proxmox virtualization and automation with n8n and Power Automate.

Available for new projects Mexico City · Mexico EN · ES
Azure Microsoft 365 Entra ID Defender Sentinel Veeam Zabbix Wazuh Fortinet Proxmox n8n ITIL v4
Talk to Daniel
// INDUSTRIES · 09 CLIENT PROFILES

Sound familiar?
We probably can help.

SEC. 04 Industries served
01HOSPITALITY

Hospitality

Hotel groups, resorts and chains with 24/7 operations — PMS, F&B POS, guest networks and continuity as a top priority.

PMSMulti-property networkContinuity
02SUPPLY CHAIN

Supply Chain & Retail

Chains with multiple stores, distribution centers and logistics — POS, WMS, SD-WAN across sites and centralized monitoring.

SD-WANMulti-site POSWMS
03MANUFACTURING

Manufacturing & Production

Industrial plants and production lines — OT/IT segmentation, ERP, MES, electrical redundancy and operational continuity plans.

ERPOT/ITBCP
04PROFESSIONAL FIRMS

Professional services firms

Legal, tax, accounting and consulting firms — strict confidentiality, hardened M365, Conditional Access and auditable backups.

M365 hardeningDLPAudit
05FINANCIAL

Financial services

Fintech, brokerage houses, wealth advisory and regulated entities — Zero Trust, SIEM, continuous monitoring and immutable audit logs.

Zero TrustSIEMCompliance
06HEALTHCARE

Healthcare & pharma

Private clinics, laboratories and medical distribution — clinical data protection, integration with hospital systems and verified backups.

HIS / LISSensitive dataBackups
07CORPORATE

Corporate offices

Headquarters with multiple departments and formal technical governance — Entra ID, network segmentation, dedicated help desk and strict SLAs.

Entra IDHelp deskSLA
08EDUCATION

Corporate education

Universities, institutes and executive programs — LMS platforms, federated identity, campus networks and academic data protection.

LMSFederated identityCampus WiFi
09MULTI-SITE

Multi-location & Multi-country

Companies with distributed presence in LATAM — site-to-site VPN, SD-WAN, central monitoring and unified operations across all sites.

S2S VPNSD-WANCentral monitoring
// CASES · 04 FIELD REPORTS

Real operations,
measurable results.

SEC. 06Field reports
HOSPITALITY · RIVIERA MAYA · 3 PROPERTIESREP-2026-014

Hotel group, 3 properties, 140 staff, high season without downtime.

Hotel group with 3 properties in the Riviera Maya (146 total rooms), 140 staff and critical operations December–April. We unified infrastructure across properties with 4 Proxmox nodes per site, Veeam verified backups replicated off-site, central Zabbix monitoring with hierarchical WhatsApp escalation, and segmented network guest/POS/operations with Fortinet + UniFi at each property. Implementation: 8 weeks before high season.

ProxmoxVeeamZabbixFortinetUniFi
0
incidents during season
99.97%
uptime achieved
3
properties unified
LAW FIRM · MEXICO CITY · CONFIDENTIALREP-2026-011

Corporate law firm, 85 attorneys, complete M365 hardening.

Law firm with presence in Mexico City and Monterrey: 85 attorneys handling corporate litigation and M&A, serving 220+ clients — banks, energy companies and multinationals. Migration to Entra ID with Conditional Access (block by country + hours + trusted device), enforced MFA and FIDO2 for partners, Defender for Office 365 with anti-phishing and DLP, sensitivity labels for confidential documents and auditable Veeam backups with 7-year legal retention. Zero service loss during migration.

Entra IDDefenderConditional AccessPurview DLPVeeam
100%
MFA + FIDO2 coverage
−67%
phishing attempts
85
attorneys protected
SUPPLY CHAIN · NATIONWIDE · MULTI-SITEREP-2026-008

Retail chain, 28 nationwide stores + 2 DCs, unified network.

Retail chain with 28 stores across 12 cities in Mexico and 2 distribution centers (State of Mexico and Nuevo León), with chronic network outages of up to 4 h/week that paralyzed POS and logistics. We deployed Fortinet SD-WAN with LTE failover at every store, VLAN segmentation (POS / guest WiFi / cameras / WMS / admin), site-to-site VPN to the DCs, and centralized Wazuh + Grafana monitoring with real-time alerts to the operations NOC. Result: operational losses from network downtime reduced to near zero.

Fortinet SD-WANMikroTikWazuhGrafanaVLANs
28
stores connected
−72%
network tickets
24/7
central monitoring
MANUFACTURING · BAJÍO · HYBRID CLOUDREP-2026-005

Industrial manufacturing, 240 employees, 2 plants, hybrid Azure migration.

Industrial manufacturing company with 240 employees across 2 plants in the Bajío region (Querétaro and Guanajuato), with legacy Windows 2012/2016 servers at end-of-life and ERP running on-premise. We designed a phased migration to Azure (16 weeks): identity → files → SAP Business One ERP → backups → OT/IT segmentation on the plant floor. Managed Sentinel, hybrid MFA, site-to-site VPN between plants and cloud, and monthly cost optimization with Azure Cost Management. Production never stopped at any point.

AzureEntra IDSentinelSAP B1OT/IT
−38%
infra cost
16 wk
total migration
99.95%
hybrid uptime
// RESOURCES · FREE

Take something home today.

SEC. 09Open knowledge
PDF GUIDE · 12 PAGES

7 security mistakes in Microsoft 365 we see in every company.

A practical list of the most common mistakes we find when we audit an M365 tenant. Includes how to detect them and what to do in each case — without needing to hire us.

  • Conditional Access baseline configuration
  • How to verify your real backups (not the ones you think you have)
  • 5 Defender policies you should turn on today
  • The MFA mistake 80% of companies make
  • Role matrix template for SharePoint / OneDrive
Read the full guide
// STACK · 22 PLATFORMS WE OPERATE

We don't sell
technology — we operate it.

SEC. 07Stack in production

We're not a license reseller or a wholesale channel. Every platform you see here is a stack we design, configure, monitor and respond to when something breaks — every day, for real clients. We sell operational outcomes, not packaged technology.

// FAQ · 10 COMMON QUESTIONS

What you should
know first.

SEC. 08Handling objections
How long does the initial diagnostic take and what do I get?

Between 2 and 4 hours of initial review, split into 1 or 2 sessions. At the end we deliver an executive report with prioritized findings, a basic map of your infrastructure, detected risks and a roadmap with immediate, short-term and medium-term actions.

The initial diagnostic is free and with no obligation to hire us afterwards.

Do you work with companies outside of Mexico?

Our operations center is in Mexico, but we provide remote service to companies across LATAM and to international companies with operations in the region. Direct on-site support in Mexico City, Guadalajara and Monterrey; other cities on demand with travel costs.

For cloud services, monitoring and remote administration, location is not a constraint.

What if I already have an IT provider?

Three common scenarios and we handle each differently:

Complementary: your provider covers basic support and we step in for cloud, security or automation. We coordinate without conflict.

Orderly transition: we collect access, documentation and configurations with your current provider before any change.

Second opinion: we deliver only the diagnostic and you decide with that information. No sales pressure.

How do you handle my company's confidential information?

We apply ISO/IEC 27001 and ITIL v4 guidelines: separate accounts per client, credential access through an encrypted vault, mandatory MFA for the internal team and audit logs for every change.

We sign an NDA before the diagnostic when requested, and we don't store copies of client data outside the tools you authorize.

Can I cancel or change my monthly support tier?

Yes. The monthly contract can be adjusted up or down a tier with 30 days notice. Full cancellation requires the same 30 days for an orderly transition — handing over documentation, access and configurations to whoever takes over.

No cancellation penalty, just a clean administrative close.

Do you have experience with my specific industry?

We work regularly with hospitality (hotels and resorts), supply chain and retail, manufacturing, professional services firms (legal, tax, consulting), financial services, healthcare, corporate education and multi-location offices. The technical operation of each sector has its own nuances and we know them.

If your industry isn't listed, during the diagnostic we identify the operational specifics and propose the right architecture.

How much does it cost? Hourly or monthly?

It depends on the engagement. We have four ways to work with you:

Consulting / diagnostic: hour bank or project rate. Useful for a second opinion or roadmap.

Deployments: fixed scope with a fixed quote. You know the total amount from the start.

Managed support: fixed monthly fee with hours and SLA included. Four tiers based on size (Starter → Enterprise). The most common option.

Web development: fixed packages (Lite, General, Premium, Custom).

We share approximate ranges in the initial diagnostic, once we understand your operation. We don't publish rates because they vary 3–5x based on actual complexity.

I already have an internal tech or a current provider. How are you different?

Three scenarios where we add different value:

Internal team: we step in on the specialized areas (cloud, cybersecurity, automation) that a generalist technician doesn't cover. Your team stays at the front of day-to-day operations.

Reactive provider: most IT providers wait for something to fail. We monitor, document and apply patches before the failure. It's a change of model, not just of provider.

No one formal: we start with a diagnostic and put the basics in order (backups, access, monitoring). We deliver you a system, not patches.

What we don't do: fight your current team or replace them if they're working. We aim for complementarity.

My company is small (5–10 people). Am I the right fit?

Yes, if your operation depends critically on IT. Typical cases: accounting firm with 6 accountants, restaurant with POS + reservation system, small hotel with a PMS, digital agency with SharePoint.

The Starter tier covers up to 20 devices and 10 users with 5 h/month of support. It's designed precisely for small companies that take their technology seriously.

If your company is 1–4 people and your IT is mostly Google Workspace + 1 laptop per person, you probably don't need a managed provider — an hourly tech is enough. We'll tell you that honestly in the diagnostic.

Can you work with my current software (SAP, Oracle, Aspel, Contpaq, custom ERP)?

Yes. We don't replace your business software, we manage its infrastructure: the server where it runs, its backups, secure data access, monitoring and continuity.

We routinely work with SAP Business One, Oracle NetSuite, Aspel SAE/COI/NOI, Contpaq, Microsip, Microsoft Dynamics, custom ERPs on SQL Server or PostgreSQL, hospitality PMS (Opera, Cloudbeds, Hot), restaurant POS (Aldelo, Toast, Square), and industry SaaS platforms.

What we will tell you: if your current software is out of support or presents critical risk (e.g. a Windows 2003 server), we'll flag it in the diagnostic — but the decision to migrate is yours.

What if the diagnostic reveals serious problems?

We tell you clearly, without alarmism. The diagnostic always returns three types of findings:

Critical: active risk (e.g. unpatched server, broken backups, access without MFA). We recommend action in days/weeks.

Medium: important improvement but not urgent. 3–6 month roadmap.

Optimization: savings or efficiency opportunities.

You decide what to do and when. If you want us to handle it, we'll quote it. If you prefer your internal team or current provider to address it using our report as a guide, that's also valid — the diagnostic is yours.

// LET'S TALK

Is your infra
ready?

Before a failure, attack or data loss stops your operation, we can review the current state of your environment and define a realistic improvement plan.

[OK] Free initial diagnostic [OK] Reply in under 24 hours [OK] No commitment to hire
contacto@itworksteam.cloud WhatsApp · +52 55 7506 3307
// DIAGNOSTIC REQUEST FORM · 2026
WhatsApp