There seems to be a myriad of definitions of who is a tenant when it comes to secure multi-tenancy. This debate has occurred not only within The Virtualization Practice as well as at recent Interop and Symantec Vision conferences I attended. So who really is the tenant within a multi-tenant environment? It appears multiple definitions exist and if we cannot define Tenant, then how do you build secure applications that claim to be multi-tenant?Many of the people I talk to about multi-tenancy consider a company or overarching organization to be the tenant, which leads to some interesting product business decisions moving forward. So two questions that seem to be asked quite a bit:

  • Is there a need for a product is designed for private infrastructure as a service to be multi-tenant?
  • Is there a need for multi-tenancy when there is a single data owner?

What are your answers?

Mine are a definitive, Yes, to both these questions. Why?

Because multi-tenancy is really about the data and not about an organization or company. The type of data and where it lives defines a tenant as well as who owns it. Every company has data that has some form of classification associated with it. One set of data is public and other data is private. If it is private then those who can access it are limited in scope.  But in addition to classification of data, there are the legal considerations to consider. In some countries, the data of one business unit is owned by that business unit and not the parent company.  When a company is bought, is its data immediately brought in, or over time? Or is it kept separate due to some legal requirement?

The ultimate tenant is the data, but data can be defined by security classifications as well as ownership. These two elements for defining tenant can be at loggerheads, but I say, assume that any virtual or cloud environment is multi-tenant and build security and implementations accordingly.  Private IaaS does not imply that there is only one data owner, just that the infrastructure is within the bastions (data center) of the possible data owner. What if that Private IaaS is the basis for a software as a service offering?  In this case the definition of tenant may change.

Who is the tenant, ultimately it is a combination of the data, security classifications, and the owner of the data. Multi-tenancy is about the data not about the data center. Secure and manage appropriately. Your definition may differ from mine, but is everyone who should be involved with this definition involved? IT maybe, but is legal, the data owners, etc. And since a picture is worth a thousand words:

Who should be involved in defining Tenant

Others besides Data Owner who should be in on the Definition of Tenant

But never forget the Data Owner!

Share this Article:

Share Button
Edward Haletky (376 Posts)

Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization.

[All Papers/Publications...]

Connect with Edward Haletky:


Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *


× 7 = seven