A leaky multi-tenant portal, rebuilt to isolate by design

The challenge

A legacy portal that relied on application code remembering to scope every query, one missed clause from a cross-customer leak.

Our approach

• Rebuild access control so the rules live in one tested place
• Make data isolation structural, not dependent on every query
• Migrate in phases to avoid a risky big-bang rewrite
• Instrument the system so the team can see what's happening