Brokenhouse
Back to Startup playbook
Data

Multi-tenancy and customer isolation

Useful for

Common knowledgeSaaS architectureData protectionCommercial readiness

Introduction

For SaaS, tenant isolation is both an architecture decision and a governance decision. It affects data models, authorisation, logging, backups, support tooling and customer trust.

Knowledge scope

This is common CTO knowledge. It applies beyond the startup journey, but the public playbook places it where it usually becomes important for an early-stage company.

Why it matters

Customer isolation is much harder to retrofit after real users and real data exist. The architecture does not need to be perfect in Pilot, but the company must understand the isolation assumptions it is making.

How it fits the playbook

This reference supports the POC Started -> Pilot Ready stage of the startup CTO playbook. It gives the public context for the decision without exposing the deeper assessment method behind the agentic operating model.

Design considerations

  • Decide what a tenant is and where that boundary appears in the data model.
  • Make authorisation, audit logging and support tooling tenant-aware.
  • Understand backup, restore and data export implications.
  • Consider noisy-neighbour, reporting and customer-specific configuration risks.
  • Keep customer promises aligned with actual isolation controls.

What good looks like

The company can explain how customers are separated and what would need to change as scale, support and assurance expectations grow.

How Brokenhouse helps

Turn this into a practical plan.

I help technology teams turn this guidance into decisions, implementation plans, governance evidence and production-ready operating models.

Talk through your situation

Next guidance

Related decisions to work through

Data

Are we ready for a Pilot?

Before moving from POC to Pilot, the company needs a data governance baseline. This is separate from technical governance. Technical governance asks who can deploy, who can access Azure and how the environment is built. Data governance asks what information the company collects, where it is stored, why it is allowed to hold it and how it protects it.

Ops

Are we ready for Production?

Before moving from Pilot to Production, the company needs a pre-production governance stance. This is the point where the business has to decide what promises it is prepared to make, who is allowed to make changes, who can accept risk, and what evidence must exist before the production environment is created.

AI

Agentic software delivery governance

Agents used by the delivery team need a different governance model from AI models embedded in the product. Delivery agents may not sit in the customer-facing service, but they can still read code, write code, inspect logs, summarise documents, generate infrastructure changes or draft customer-facing material.