Under the hood: recent improvements to the GRESB user experience | The Pulse by GRESB

Introducing The Pulse by GRESB

The Pulse by GRESB is a new content series featuring the GRESB team, partners, GRESB Foundation members, and other experts. Each episode features a host from GRESB and at least one interviewee, focusing on an important topic related to either GRESB, ESG issues within real assets industry, decarbonization efforts, or the wider market.

Listen on Spotify

Under the hood: recent improvements to the GRESB user experience

In this episode of The Pulse by GRESB, our speakers explore how GRESB’s tech team is enhancing backend technologies to ensure a secure and smooth user experience. Key topics discussed include data protection measures and insights into future tech developments aimed at further optimizing the experience for GRESB users. Watch the episode below, featuring:

Mathilde Petriat (host)
Chief Customer Success Officer
Miguel Ferreira
Miguel Ferreira
Head of Engineering

Transcript

Can’t listen? Read the full transcript below. Please note that edits have been made for readability.


Mathilde: Welcome to The Pulse by GRESB, our interview series where we discuss important issues in sustainable real assets from GRESB and ESG to the wider industry. Today I’m your host, Mathilde Petriat, Chief Customer Success Officer of GRESB, and we’re going to be talking about what’s under the hood at GRESB, specifically in our tech stack.

Our tech team is making continuous improvements to our GRESB platform backend technologies to ensure security and a smooth user experience for our members. Today, I am thrilled to be joined by Miguel Ferreira, Head of Engineering at GRESB. Welcome, Miguel.

Miguel: Thank you Mathilde, very happy to be here.

Mathilde: To start with, could you please tell us a bit more about your team and its role in the organization?

Miguel: Sure, the engineering team at GRESB is responsible for developing the entire GRESB application landscape. We’re also responsible for all the cloud infrastructure and the operation of both applications and infrastructure.

Mathilde: That’s great. Great to have you on the team. Something that is absolutely fundamental for us at GRESB is to ensure our members’ data protection. Could you please explain how our tech structure safeguards all this confidential data?

Miguel: Yes, data protection is one of our main focuses. And it relies on two main pillars. One is access control and the other one is encryption. Access control is both at the application level in the portal and on the underlying cloud infrastructure. On the portal, users are restricted on what they can see and do based on their role. And then there’s a second layer of that in which users have to explicitly share their data with their business partners. At the infrastructure, we also employ role based access control, meaning that only the roles that absolutely need it will have access to the underlying IT infrastructure. And specifically for the production side of that infrastructure, there is an emergency “break glass” procedure that needs to be enabled before anyone can access any data. The aspect of encryption goes also in two directions. One is in transit and the other one is at rest. All data in transit, meaning from the computer of the end users through our cloud network and into our databases, is fully encrypted. When data reaches a database, it’s also stored in encrypted form, meaning that not even our cloud provider can access the data of our clients.

Mathilde: That’s great to hear. And in an era of more and more cyber attacks, what are you and the team putting in place in terms of security for the GRESB members?

Miguel: Our security posture at GRESB covers several different areas. One of them is the continuous upgrade of our platforms, application frameworks, and application dependencies. We also have a publicly available Responsible Disclosure Program, through which security experts, experts throughout the world, actively scan us and report their findings to us. There’s continuous monitoring of data breaches, which are leaked data on the internet, to figure out if our domains have been affected or even our customer domains have been affected and alert us when data from our customers appears on these datasets. We rely on external security assessments done regularly by third parties, and security trainings for everyone at GRESB.

Mathilde: That’s great to hear that all those measures are in place.

So, we can see that our customers’ data is in really good hands here at GRESB. Moving on to our users’ experience. Could you give us examples of recent actions your team has taken on the backend to enable a smooth customer journey through the GRESB portal?

Miguel: Sure. One of the first things we had to do was to implement observability. Through instrumentation of our applications and infrastructure, we collect telemetry of how it executes. With this platform, we are enabled to understand issues as they happen, sometimes even before our users face them. One of the uses of this data is performance analysis. At GRESB, we have what you can call a seasonal load, meaning that our portal has very different load characteristics during our reporting period compared to the results period and any other period throughout the year. What that means is that certain issues, performance bottlenecks, are only observable In a short period of time throughout the year. To that end, what we did this year was to carve out engineering capacity to have people exclusively dedicated to monitoring the performance of our portal. By doing that, this year we have already been able to identify and fix several performance hotspots. One other good example is how we serve reports to our users. In the past, we used to compute the reports on the fly. Whenever somebody accessed a report, we would get the raw data, perform many, many calculations, and then render this report to the user. That meant that if 10 users concurrently access the same report, we will be doing the same work 10 times. This is the kind of implementation that a small team starts with when they have very little capacity and very little data. However, as the business grows, an implementation like this cannot scale. We faced this. So we changed the way we serve our reports to our clients by pre-computing them, storing them in a way that we can serve 10, a thousand, or a million, much in the same way.

Mathilde: Thank you, Miguel, for those examples. That’s very useful. And also, great to hear how you’re scaling the operations and enabling a smoother experience through our portal that is used by many, many members. And also, I’m sure there is much more to come as we continue to grow our member base. Could you give us a teaser of what’s in the pipeline for future tech developments that will make the life of our GRESB users easier?

Miguel: Yes, I’ll be happy to. So, as you know, our portal is a 10-12 year old application, and some of the decisions made back in the day for how assessments are built by us and taken by participants are not really helping us anymore. To that end, we are changing the central piece of how GRESB operates to modernize it and make it more flexible. We want to be able to provide a better user experience to our participants taking the assessments, but also improve how we can ingest data via our APIs. In addition, we want to make better use of the data we have so we can continue to improve our products as well as unlock completely new ways of delivering value to our clients. One of those ideas was how we create the assessments that users take, how do we set up the pointing system behind it, that then feeds into all the calculations and the benchmarking that our data science team does to produce the benchmark results and ultimately the report. So last October, we decided to embark on a project that will be a year and a half, maybe two years long, where we’re going to refactor this central piece of software that enables us to create the surveys, the assessments, and then the pointing system. The refactoring of this system is something that we spent six months working on just to de-risk the integration with the rest of the landscape of the GRESB applications. After those six months of research, we decided that we will build four new applications, each of them with their own concerns, where we can focus on delivering the best value to our clients. One of the areas that is going to touch is, of course, the surveys, how we build the surveys and also how our users experience taking the surveys. The next step will be the way we build scoring models. For example, at this moment, most of the data that GRESB acquires is through surveys, but who knows where it’s going to come next from? So we want to have a way to score data and do the kind of benchmarking calculations that people are used to having from us, from potentially multiple data sources. And the last aspect is documentation. Today, there is a very big reference guide website that our participants need to consult. We are thinking that maybe we should also have a website like that, a little bit more modern, but also have more help for the people taking the surveys in the survey itself. So these are all very long term plans that we have started to work in 2023, and we hope 2025 will be the year that we will release them to our clients.

Mathilde: Nice. Thank you very much, Miguel.

And with that, that’s about all the time we have for today’s episode of The Pulse. Thank you, Miguel, for taking the time to join me and sharing your insights. We are constantly developing new content and we’d love to hear from you on topics you would wish us to bring in future episodes. Leave a comment or get in touch with us at [email protected]. I’ve been your host, Mathilde Petriat. See you next time on The Pulse by GRESB.

 

Want to keep up to date with The Pulse by GRESB?

Listen on Spotify Watch on YouTube