If you’re terrified by the concept of multitenancy, consider a report released by Forrester in March, 2012 entitled Understanding Multitenancy. One of its conclusions is that a public cloud multitenant architecture can actually be more secure than the typical in-house IT infrastructure. Why? IT security is mostly perimeter based, making organizations vulnerable to inside attacks. A properly architected multitenant service secures all assets at all times.
If you’re looking at potential public cloud providers to host your sensitive applications or data, here are some issues to consider.
- What constitutes a tenant? With an infrastructure provider, a tenant is likely a collection of customer virtual machines (VM’s) sharing the providers’ physical servers with other customers’ virtual machines. With a software as a service (SaaS) provider, a tenant may actually be sharing a single application instance or database with many other tenants. In one case you’ll want to know how VM’s are kept isolated, in another you’ll probably be more interested in how one tenant is prevented from accessing another tenant’s data.
- Who are the tenants and who are the providers? The answer can be tricky. The multitenant software as a service provider (SaaS) you’re considering may be running its applications on one or more infrastructure as a service (IaaS) providers’ servers, or you may have multiple layers of SaaS, IaaS, and even Platform as a Service (PaaS) combining to produce a single service. You may have to consider the security implications of each.
- How much security information does the provider offer? Does it describe its security architecture on its Web site? If you’re talking with representatives of the service are they willing to discuss security architecture in depth? You’d be surprised at how many cloud services insist on remaining very vague about security.
- What certifications does the provider have? ISO 27001 and, depending on your organization, HIPAA and PCI certification are reasonable indications that the provider is taking the right security measures to protect its tenants.
- Sometimes the best security is simply living in a good neighborhood. Who are the provider’s other tenants? Are any of them security sensitive organizations in areas like government, finance, and health care? Does the provider accept anyone or does it have a process for weeding out potentially risky tenants? This is important, because a hacker sharing a server with you inside the perimeter firewall may have an easier path to your sensitive applications and data.
- What measures does the provider take to isolate tenants? At minimum an IaaS provider should separate tenant traffic using VLAN’s and use hypervisor-based stateful inspection firewalls and intrusion detection or prevention to block potential interVM attacks. In the case of an SaaS provider, strong authentication and authorization are essential and data encryption is important. What measures does the provider take to liquidate data that has been released by a cloud tenant?
- What security visibility does the cloud provider offer? Do you get security and incident reports at the end of the month? Do you get a portal that shows any security and attack mitigation information? Does the provider have a policy for contacting the tenant if an attack moves past a certain risk or attack level?
By Leon Erlanger
