[Roundtable Vol. 2] "Buy, Don't Build" : How Tactna’s Obsessive Infrastructure Strategy Slashes Development Costs by 40%

 TL;DR: Key Takeaways (30-Second Summary)

• Massive Time Savings: Developing account management in-house drains 30–40% of total development time; buying Tactna allows your team to focus entirely on core business features.
• Significant Cost Reduction: Tactna's license fee is a fraction of the 20–50 million yen annually required to hire and maintain specialized security and infrastructure engineers.
• Physical Isolation for Security: Unlike standard SaaS, our "Tenant Isolation Architecture" physically separates data via dedicated AWS accounts to eliminate cross-customer risks.
• Proven Reliability & Certification: We prioritize stable, proven technologies (like AWS ECS) over trends, ensuring enterprise-grade security backed by ISO 27001/27017 certifications.
• Zero-Trust Operations: Human error is eliminated through 100% automation (IaC) and automatically expiring developer permissions that vanish after a set period.

Introduction: Why Discuss the "Back-end Foundation" Now?

Hi, I’m Aso from the Corporate team at TC3. 

In our last roundtable, our CEO and Tactna Product Owner, Sudo, along with Head of Development, Sanada, discussed a critical insight: "User Management (Post-CIAM)" is the ultimate bottleneck in modern application development once you’ve delegated authentication to an IDaaS.

This time, we’re digging deeper into the "back-end" issues that are often overlooked. You might think, "Can’t our engineers just whip up a management console in no time?" It’s a common thought among developers, but that single decision can quietly lead to never-ending operational costs and massive security gaps that could jeopardize your entire business.

To tackle this, Sanada is joined by Ezaki, our Head of Development and Infrastructure, to pull back the curtain on Tactna’s "black box." They’ll provide concrete solutions to the ultimate question at the heart of any development strategy: Build vs. Buy.

1. A Philosophy of Eliminating Human Error

Aso: For this session, I want to explore how Tactna’s infrastructure and security differ from typical "in-house (scratch)" development, specifically for business leaders and project managers who may not have a massive engineering team at their disposal.

Ezaki: The fundamental difference lies in whether the architecture is specifically designed to eliminate human error. Our infrastructure is fully defined as code (IaC) using Terraform, and application deployment is 100% automated via CI/CD pipelines. This allows us to eradicate risks like manual configuration errors or "configuration drift" between production and staging environments. Honestly, it’s exceptionally rare to see this level of rigorous automation and quality control in standard outsourced projects or internal teams racing to meet deadlines.

Sanada: Exactly. One point I really want to drive home is that we aren't just providing a "web app"—we are providing the "platform" beneath it. Critical business applications run on top of Tactna, which in turn handle sensitive customer data. Because of this, we implement strict deployment controls at the module level, operating at a layer two steps deeper than typical app development.

Ezaki: To give you an inside look, our privilege management for production access is equally rigorous. Beyond granular role assignments via AWS Organizations, we use time-limited permissions that automatically expire after a set period.

Aso: Wait, the permissions just vanish on their own?

Sanada: Yes. In most startups or internal tool projects, these steps are often skipped because they’re "too much trouble". But since we provide the cornerstone of security—authentication—we have a duty to bring the risk of insider threats or accidental operations as close to zero as possible. Investing so heavily in these "defense" measures is what creates the decisive gap between us and in-house development.

2. Infrastructure Madness: "Tenant Isolation Architecture"

Sanada: What I’d like you to look at next is Tactna’s "Tenant Isolation Architecture." Standard SaaS platforms (multi-tenant) typically prioritize cost-efficiency by mixing all customer data within a single AWS account and database—this is known as "logical isolation." However, Tactna issues a dedicated AWS account for each customer, physically isolating them right down to the network path level.

Ezaki: From an operational perspective, this architecture is borderline "madness." When we first started, I was strongly against it, arguing that the management would be too difficult. As the number of accounts increases, so does the number of targets to monitor, and deployments become more complex. But when it comes to security and "minimizing the blast radius," there really is no better solution.

Aso: Specifically, what kind of benefits does this offer the customer?

Ezaki: Since each customer has a different "entrance," it is physically impossible for traffic from different customers to mix. For example, imagine a customer writes a heavy process in a customization (Extension) that puts a massive load on the server. In a standard logically-isolated SaaS, other customers would be caught in the crossfire. With Tactna, the impact is contained within that specific customer's environment. It causes no trouble for anyone else.

Sanada: The same applies to log management. Instead of mixing logs in a shared environment, we maintain individual logs within each customer's environment. Even if sensitive information were accidentally included in a log, it remains completely invisible to other customers.

Ezaki: Furthermore, the data handling during offboarding is much cleaner. Because resources are completely isolated by tenant, if a customer asks to delete their data, we can simply delete that AWS account and all its resources. This eliminates any risk of residual data—or "garbage"—staying in the system.

Sanada: Normally, companies don't go this far because it simply costs too much time and money. But the question is: "Can you really build this level of isolation yourself?" For a business to build such a robust and isolated multi-tenant foundation from scratch just for their own service, the ROI (Return on Investment) simply won't add up. That’s exactly why there is value in "buying" a finished, proven foundation like Tactna. 

3.  Build vs. Buy: Is In-House Development Actually Cost-Effective?

Aso: I get that the security is top-notch. But from a business standpoint, the bottom line is always a concern. How do you respond to the idea that "it would be cheaper to just build it ourselves"?

Sanada: To put it simply, the truth is that building it yourself is far more expensive. Our rule of thumb is that when developing B2B SaaS, about 30 to 40% of the total development effort is consumed by "account and permission management." Before you even start on your core features, nearly 40% of your time and budget disappears into "utility" features like authentication, user invites, permission settings, and offboarding. For some applications, this can even climb to 60 or 70%.

Ezaki: What’s even scarier is the post-launch maintenance (running cost). Take server TLS certificate renewals, for example. It used to be a once-a-year task, but with today's higher security standards, we're often required to renew them every one to three months. Patching the OS, responding to library vulnerabilities, keeping up with AWS updates... to handle all of this internally, you’d need at least a few dedicated infrastructure engineers.

Sanada: When you run the numbers, while Tactna’s license might cost a few million yen annually, hiring two or three engineers to maintain equivalent security and functionality would cost anywhere from 20 to 50 million yen  ($150k–$350k+) in labor alone. And that’s if you can even find high-demand security specialists. When you weigh "buying peace of mind for a few million yen" against "spending tens of millions to buy risk and struggle," the business decision becomes crystal clear.

4. The Practical Reality of Backups and Data Recovery

Aso: I’d like to ask about data safety. In the event of a system failure or data corruption, how is the data recovered?

Ezaki: We take regular backups, typically on an hourly basis. A unique feature here—which links back to our multi-account architecture—is our two-tier database structure, consisting of a "Shared DB" and "Customer-Specific DBs."

Sanada: In a typical SaaS environment, all customer data is stored in one massive database. If "Company A" accidentally deletes data and asks for a restore, it’s not an easy request to fulfill. Rolling back the entire database would mean rolling back data for "Company B" and "Company C" as well. With Tactna, however, the database is partitioned for customer-specific areas (such as custom modules). This makes it technically possible to restore data for a single, specific customer.

Aso: That is a relief. On the other hand, are there any weaknesses or constraints that we should be transparent about?

Ezaki: To be honest, our setup isn't a "fully continuous" Active/Active configuration. Due to the technical constraints of the IDaaS providers we integrate with, such as Cognito or Auth0, recovery could take several hours in the event of a major disaster. However, our target isn't "mission-critical systems where human lives are at stake," but rather B2B SaaS that supports corporate digital transformation. We take a pragmatic approach—balancing cost and availability while providing the practical peace of mind that comes with the ability to restore data on an individual basis.

5. The Courage to Choose "Stable Tech" and the Weight of Certification

Aso: As the Head of Infrastructure, Ezaki-san, do you have any specific principles when it comes to technology selection?

Ezaki: It might be surprising, but it’s "not using Kubernetes." As an engineer, it’s tempting to use the latest trends like Kubernetes, but for our scale and purpose, it’s over-spec and would drive up operational costs unnecessarily. Instead, we’ve adopted AWS ECS (Elastic Container Service). It’s simple, easy to manage, and scales perfectly. We only use "proven, safe, and scalable technology." We cast aside any "engineering ego" or "playing with tech" to prioritize stability and cost-efficiency for our customers.

Sanada: As a result of these accumulated choices, Tactna has passed the AWS FTR (Foundational Technical Review) and earned ISO 27001 / 27017 certifications. These aren’t just "self-declarations" that we are doing things right; they are proof that a third party audited our back-end "black box" and gave us a passing grade. Very few companies would spend millions of yen to have an in-house management screen audited. By adopting Tactna, you get this "Audit Approval" as part of the package. In effect, you are outsourcing both the audit costs and the burden of accountability to us.

6. Conclusion: The Decision to Stop Reinventing the Wheel

Aso: Finally, do you have a message for everyone reading this article?

Ezaki: From an infrastructure perspective, I’d say, "Leave it to the experts." Authentication and infrastructure are areas where errors are not an option, yet they rarely serve as a point of differentiation for your business. Let the specialists handle it so you can focus 100% of your resources on developing your core features—that is, delivering value to your customers.

Sanada: Many companies build their authentication foundation "for now," only to face rework later due to scalability or security issues. Tactna provides an architecture that can withstand future business changes (such as multi-app support and AI agent compatibility) as a service. "Authentication and ID management functions are something you buy, not build." I am convinced that accepting this paradigm shift is the fastest route to project success and accelerating your business speed.

Editor’s Note:

In this dialogue, we explored the depths of Tactna’s infrastructure and security. From "physical isolation via multi-AWS accounts" and "automatically expiring developer permissions" to a "robust and practical technology selection that avoids Kubernetes"—these are all part of the TC3 engineers' craftsmanship and obsession with protecting our customers' businesses and preventing wasted costs.

"Are you turning your own engineers into maintenance staff for a management screen?" If this question makes you flinch, we encourage you to consider adopting Tactna.