Multitenant Architectures Must Balance Security, Availability

As enterprises consolidate data centers and leverage cloud computing, they must secure data without sacrificing flexibility and availability. Get some insight into multitenant architectures.

May 30, 2012

3 Min Read
Network Computing logo

Cloud computing is obviously here to stay, so enterprises need to balance security and availability when using private, public or hybrid cloud services that leverage multitenant architectures.

Forrester Research defines multitenant architectures as "IT architectures that let multiple customers (tenants) share the same applications and/or compute resources with security, reliability and consistent performance."

In its recent research report, "Understanding Cloud's Multitenacy," the analyst firm concludes that multitenant architectures are not necessarily a less secure model. However, organizations need to understand the type used by any service they consume, as well as their own security responsibilities.

True cloud services all use a form of multitenant architecture, where multiple "tenants" share the same applications and/or compute resources. Multitenant architectures are what enable cloud services to achieve high-cost efficiencies and deliver low costs to customers.

It's important to note that customers in a multitenant environment may or may not be from different companies--it's more about the data: The type of data and where it lives defines a tenant, as well as who owns it. For example, in some companies, the data of one business unit is owned by that business unit and not the parent company, which may have several lines of business, each with its own customer data. Therefore, even within a private cloud environment owned by a corporate enterprise, there could be multiple lines of business owning data that must be kept separate.

This is a common reality for large financial institutions, notes Lee Doyle, group VP, networking and security at IDC. Many financial institutions have different divisions for different types of customers. By law, the customer data from each business unit must be kept separate. At the same time, however, these companies are looking for efficiencies from IT and consolidating data centers.

Doyle says software-defined networking (SDN) could aid in managing these architectures, as enterprises can leverage programmable networks to better tackle virtualized environments and separate customer data appropriately.

Next: Addressing Security Concerns in Multitenant ArchitecturesForrester's research found that two common multitenant architecture models have arisen. The first consists of dedicated resource models that stake boundaries within a shared infrastructure, defining the resources a tenant can access. This model allows for tangible and secure walls but lower flexibility. Meanwhile, metadata map models chart protected pathways to shared resources, allowing for increased flexibility--but they ultimately may be perceived as less secure.

Jason Bandouveres, senior product specialist, cloud and virtualization solutions, at Fortinet, says security requirements are the same whether the cloud is private, public or a hybrid. Fortinet recently teamed up with Extreme Networks to provide secure multitenant clouds for large enterprises and cloud providers.

Bandouveres says that in addition to security, availability is a critical issue in multitenant environments. Service-level agreements can address availability to a point, but as a tenant, it means your environment is now virtual. "You're losing the ability to look at blinking lights and cables in the data center," he explains.

If you're managing a multitenant environment, either as a corporate enterprise or service provider, it's important to understand the impact one tenant might have on another. "You want to make sure customer A doesn't affect customer B," says Bandouveres.

Ultimately, multitenant architectures must strike a balance between sharing and security, notes the Forrester report. To deliver cost savings and scalability, a multitenant architecture must be able to manage dynamic resource consumption by its tenants without violating their security.

Despite resource sharing, multitenancy will often improve security. Most enterprise security models are perimeter-based, and thus vulnerable to inside attacks. Multitenant services secure all assets at all times, since those within the main perimeter are all different clients.

"Most of the time, you can't get into the data center," says Bandouveres.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights