“We’ve been hearing about multi-tenancy again since Oracle announced its cloud plans. Are there reasons we should be concerned about multi-tenancy? What cloud security issues should be addressed?”
Multi-tenancy is one of the cornerstones of today’s leading cloud computing offerings. The concept was pioneered by Software as a Service vendors like Salesforce.com and spread across other key segments of the cloud marketplace, taking the form of both Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) systems.
Multi-tenancy enables cloud service subscribers to leverage more cost-effective shared, or “pooled,” resources built on a single code-base. While some vendors have raised concerns about multi-tenancy, there are many benefits to this service architecture. These include scalability, rapid access to new features and better support.
First, there is cost. The vendor is supporting only a single version of its software system and has greater control over the use of its application, because it is hosting it. Therefore it can deliver the product and support its customers more economically. The vendor can also roll out new features more quickly across its entire installed base of customers. When it has gained a critical mass of users who have utilized the system over an extended period of time, the vendor can provide valuable benchmark statistics and key performance indicators to its customers, which isn’t possible with a traditional on-premises product or past application service provider (ASP) arrangement.
Properly designed and administered multi-tenant services can also be even more secure than traditional on-premises product or past ASP arrangements, because the vendor maintains full control of access to its system. In the same way that individual condominium units can be built in a secure fashion with solid walls and strong locks in a shared community, multi-tenant cloud services can also be architected to partition user data and safeguard it against internal and external security threats.
This centralized control doesn’t exist in many organizations, and even where there are strict controls they can’t entirely prevent end users from losing laptops or having their desktop devices compromised with sensitive data resident on the machines. However, when centralized cloud control is in place, it can lead to a very secure cloud system.