One Portal. One Security Model. | Calibec Case Study

The Situation

Years of Growth. Decades of Technical Debt.

A mid-size company operating in a regulated industry had grown organically over many years — and so had its internal software. Department by department, teams had built or acquired small, standalone applications to manage their workflows. The result was a fragmented ecosystem: dozens of disconnected tools, each with its own login, its own data model, and its own security posture (or lack of one).

There was no central way to manage who had access to what. When an employee changed roles or left the company, access had to be revoked system by system — manually. When a new tool was introduced, security was an afterthought. For a company in a regulated environment, the exposure was significant and growing.

"The apps were clunky, users were juggling different passwords for everything, and half of them weren't even working properly — IT was constantly being pulled in just to keep things running."

The client needed a modernized platform but couldn't afford to stop operating during a lengthy rebuild. Calibec was brought in to design and deliver a solution that could do both.

The Challenge

Four Problems with the Same Root Cause

The fragmentation wasn't just inconvenient — it created compounding risk across security, operations, compliance, and scalability. Any solution had to address all four simultaneously without disrupting the business.

Fragmented Application Ecosystem

Dozens of standalone internal tools, each built independently with no shared data model, no common authentication, and no way to see the full picture across departments.

No Centralized Security Model

Access management was manual and inconsistent. Permissions were granted per-app with no enforcement layer. In a regulated environment, this was not a minor gap — it was a liability.

IT Dependency for Basic Access

Every user change required manual intervention across multiple systems. IT and developers were spending time on access tickets instead of meaningful work.

No Path to Scale

The existing architecture had no foundation for growth. Adding a new capability meant building yet another standalone app — compounding the very problem they already had.

The Approach

Understand First. Deliver Early. Migrate Continuously.

Before writing a single line of code, we mapped everything. Every existing application, every workflow it supported, every user it touched. That discovery phase wasn't overhead — it was the foundation that made every subsequent decision faster and more confident.

From there, we built the shared infrastructure services first — authentication, email, logging, and the core portal — establishing the platform foundation once so every module that followed could build on it. Then, together with the client, we identified the best candidate app to migrate first, delivered it, and repeated the process until all twelve applications were retired.

Phase 1

Discovery & Application Mapping

Reviewed and documented every existing application — its purpose, its users, its data, and its dependencies. This gave us a complete picture of the ecosystem before any architectural decisions were made, and gave the client confidence that nothing would be missed or broken during migration.

Phase 2

Core Infrastructure & Platform Foundation

Built the shared services the entire platform would depend on: a centralized authentication service leveraging the client's existing Microsoft infrastructure, an email notification service, a logging service, and the core portal application. Building these once — correctly — meant every module that followed inherited enterprise-grade security and observability by default.

Phase 3

First Module — Chosen Together

Rather than choosing the first migration candidate unilaterally, we worked with the client to identify it together — weighing business impact, user readiness, and technical complexity. That first module set the pattern: scope, build, test, release. The business never stopped operating, and users began experiencing the new platform immediately.

Ongoing

Module-by-Module Migration & Continued Evolution

Repeated the same disciplined process for all twelve applications — retiring each legacy tool as its replacement went live. The incremental approach let the client's team adapt gradually, gave internal users time to get familiar with the new portal, and deepened our understanding of the business with every module. Two years in, the platform continues to grow.

Disciplines & Capabilities Applied

Solution Architecture Microservices Design Enterprise IAM Cloud Infrastructure API Development Web Portal Development Legacy Modernization Iterative Delivery

The Results

A Platform That Runs — and Keeps Getting Better

The first module went live on schedule with no critical incidents. Departments that had been running on disconnected legacy tools were migrated one by one onto a unified, secure platform — each release reducing risk, improving visibility, and giving the client more control over their own operations.

The self-service administration module eliminated the access management burden entirely. The client's team now manages user roles and permissions without involving a developer — something that previously required manual updates across multiple systems.

2yr+

Ongoing retainer engagement — the platform keeps growing

0

Critical production incidents at initial launch

12

Department modules delivered and running in production

Self-serve

Access management — no developer required for user admin