Portland: 503.567.6830 Silicon Valley: 408.871.7030


The Case

As a result of the financial crisis of 2008, a client found themselves with a large portfolio of foreclosed assets needing to be sold, and only Excel to manage them.

While Excel is indeed one of the most useful programs ever written, it was not up to the task of managing thousands of assets being sold by many different users.

On top of basic management, our client also required a robust reporting system for financial oversite – something Excel simply wasn’t capable of off the shelf. They also needed a heavy emphasis on security and auditing, and this system would be in use by the US government.

The Solution

Our initial solution was a straight-forward web application, built on the LEMP stack and hosted in Amazon AWS. It allowed multiple users, with varying permission levels, to access and update all the data (and more) stored within the original spreadsheet. In addition to proper reporting, it also allowed for CSV imports of raw data.

The solution was so well received, we were contracted to expand and improve upon it. Opting for a more modular approach that would allow for future development, we used the Laravel framework to build version 2.0. This gives us flexibility and allows for the rapid development and deployment of new features. After passing government penetration tests and security audits, the system is now is use by two federal agencies, with over 250 active users (and support for thousands).

Our system has a strong emphasis on permission-based security, with over 225 unique permissions assignable to various roles throughout the system. In addition, nearly every action taken on the site is logged for auditing purposes.

In addition to regular data management, we built a public facing marketing site to aid our client’s sales teams. With security as our top focus, we installed the marketing site on an isolated server, with data being pushed to it via a one-direction, read-only SSH tunnel. If the public server were ever compromised, the internal servers will be inaccessible to attackers.