The advantages of a multi-tenant architecture go beyond efficiency and cost savings for your organization. Multi-tenancy also offers substantial benefits to customers and end users. But there are risks, especially associated with security, that need to be considered as well. Read on to learn more about what multi-tenancy is, its benefits, and what to keep in mind with respect to security.
What is multi-tenancy in the cloud?
Multi-tenancy is all about sharing. In terms of a cloud environment, it means that multiple customers – or tenants – are served by a single instance of an application. While each tenant is physically integrated, they are also logically separated; they share computing resources such as configurations, user management rules and data – which can all be customized to some extent by the user.
Multi-tenant architecture is widely used in both public and private clouds. In fact, you probably use, or are at least familiar with, this multi-tenant Software-as-a-Service (SaaS) applications: Google Apps, Microsoft 365, Netflix and Shopify.
The upside of multi-tenancy
Sharing the same resources with multiple tenants translates into many advantages for your IT group specifically, your organization in general and your customers. Here’s how, by developing once and deploying many times, each of these groups benefit:
- Reduce costs for application development, deployment and maintenance.
- Increase efficiency of resource utilization.
- Integrate easily with other third-party software (while single-tenant design allows for more customization, multi-tenant apps tend to be easier to integrate).
- Automate onboarding of new customers, setting default data and application configuration.
- Detect and respond to security threats with shared analytics and intelligence (Security Information and Event Management (SIEM) enables organizations to apply analytics and take action from a single pane of glass).
- Improve speed to market of new service offerings.
- Boost competitive advantage by passing on bottom line cost savings to customers.
- Increase business agility.
- Enable flexibility to scale application usage up or down quickly based on needs, thereby keeping expenses in line with use (whether a subscription or per-user cost structure).
- Ease the burden of in-house IT resources and reduce need for on-premises infrastructure.
- Receive updates and new feature upgrades automatically.
While the benefits of multi-tenant architecture are many, there are also risks – with security as the prime consideration.
Security risks in multi-tenant architecture
Cloud security is not a new issue, but the resource-sharing aspect that makes multi-tenancy so attractive is the very thing that can be cause for concern.
Corrupted Data – While multi-tenant users are separated from each other at the virtual level, they are physically integrated (sharing hardware, applications and even data). Although rare, if a cloud vendor has an inadequately configured infrastructure, corrupted data from one tenant could spread to others.
Co-tenant and External Attacks – Lack of data isolation makes multi-tenant cloud infrastructure a prime target for attacks. These attacks may be launched by a malicious tenant – perhaps a competitor – against co-tenants or by an external source. Side-channel attacks usually happen because of a lack of authorization controls for sharing physical resources and are based on information gleaned from bandwidth monitoring or similar techniques.
Tenant Workload Interference – If one tenant creates an overload, it could negatively impact the workload performance for other tenants.
Incorrectly Assigned Resources – Should a virtualization layer become compromised, it gives access to any of the virtual machines running on the same physical host and may allow a malicious user to change the configuration of the virtual machine. That could result in a loss of monitoring capabilities.
If you are planning a cloud adoption initiative, but have concerns about multi-tenancy, reach out to our Advisory team. Our Advisory practice offers a range of consulting services that will help build your cloud strategy and support the development of governance, security, and compliance policies.