VirtualizationSecurity

Multi-Tenancy: Who is the Tenant?

VirtualizationSecurity

There seems to be a myriad of definitions of who is a tenant when it comes to secure multi-tenancy. This debate has occurred not only within The Virtualization Practice as well as at recent Interop and Symantec Vision conferences I attended. So who really is the tenant within a multi-tenant environment? It appears multiple definitions exist and if we cannot define Tenant, then how do you build secure applications that claim to be multi-tenant?Many of the people I talk to about multi-tenancy consider a company or overarching organization to be the tenant, which leads to some interesting product business decisions moving forward. So two questions that seem to be asked quite a bit:

  • Is there a need for a product is designed for private infrastructure as a service to be multi-tenant?
  • Is there a need for multi-tenancy when there is a single data owner?

What are your answers?

Mine are a definitive, Yes, to both these questions. Why?

Because multi-tenancy is really about the data and not about an organization or company. The type of data and where it lives defines a tenant as well as who owns it. Every company has data that has some form of classification associated with it. One set of data is public and other data is private. If it is private then those who can access it are limited in scope.  But in addition to classification of data, there are the legal considerations to consider. In some countries, the data of one business unit is owned by that business unit and not the parent company.  When a company is bought, is its data immediately brought in, or over time? Or is it kept separate due to some legal requirement?

The ultimate tenant is the data, but data can be defined by security classifications as well as ownership. These two elements for defining tenant can be at loggerheads, but I say, assume that any virtual or cloud environment is multi-tenant and build security and implementations accordingly.  Private IaaS does not imply that there is only one data owner, just that the infrastructure is within the bastions (data center) of the possible data owner. What if that Private IaaS is the basis for a software as a service offering?  In this case the definition of tenant may change.

Who is the tenant, ultimately it is a combination of the data, security classifications, and the owner of the data. Multi-tenancy is about the data not about the data center. Secure and manage appropriately. Your definition may differ from mine, but is everyone who should be involved with this definition involved? IT maybe, but is legal, the data owners, etc. And since a picture is worth a thousand words:

Who should be involved in defining Tenant
Others besides Data Owner who should be in on the Definition of Tenant

But never forget the Data Owner!

Share this Article:

The following two tabs change content below.
Edward Haletky
Edward L. Haletky aka Texiwill is an analyst, author, architect, technologist, and out of the box thinker. As an analyst, Edward looks at all things IoT, Big Data, Cloud, Security, and DevOps. As an architect, Edward creates peer-reviewed reference architectures for hybrid cloud, cloud native applications, and many other aspects of the modern business. As an author he has written about virtualization and security. As a technologist, Edward creates code prototypes for parts of those architectures. Edward is solving today's problems in an implementable fashion.
Edward Haletky

Latest posts by Edward Haletky (see all)

Related Posts:

Leave a Reply

Be the First to Comment!

wpDiscuz