Multi-tenancy in the cloud: Is it the enterprise, or the application?

In simple terms, many cloud users think of the “public cloud” as a multi-tenant environment where each client, or tenant, purchases a slice or “room” in the cloud. Users receive security and privacy assurances, but understand that they may still have nosy neighbors. The users need to remember to “lock” their doors by implementing standard industry security protocols, while depending on the cloud “management” to keep the doors and locks functional.

But sharing “walls,” in the form of hardware, software and networks, decreases security.

Get off of my cloud
Contrast this with having your own dwelling. In “private cloud computing” a single tenant shares its cloud components with no one. Thus, the private cloud, single-tenant occupant, enjoys more security and privacy.

Public cloud service providers make it easy and affordable for enterprises of all sizes to adopt cloud computing. It’s particularly appealing to young or small- to medium-sized businesses with straightforward IT workloads that don’t require a dedicated IT department.

So the best answer for more security, particularly with large organizations, or when leaked proprietary information in the hands of a neighboring competitor could kill your business, is to be a single-tenant occupant in a private cloud, right?

Multi-tenancy misconceptions
It’s not that simple. It’s misleading to ascribe multi-tenancy to public clouds only: “Multi-tenancy” in cloud computing is more about the application and workload, than with multiple enterprises that are co-tenants.

In fact, any size organization may need to organize computing workloads between private and public clouds. For example, organizations should consider processing sensitive financial or highly classified government data, or information that could squelch a competitive advantage, within the private cloud.

It’s common to only think of cloud computing in terms of one layer: Infrastructure-as-a-Service (IaaS). But multi-tenancy also applies to its other two layers, Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS).

The degree of multi-tenancy actually has more to do with SaaS than with IaaS. In other words, if the IaaS and PaaS are multi-tenant, but SaaS is single tenant, you have a low degree of multi-tenancy.

Cooperation for security decisions
It’s important that the C-suite work with their IT teams to determine the necessary degree of multi-tenancy in the earliest stages of cloud computing decisions, and what that means for information security. Once the executives can assign security priorities, IT managers can assign the application based on the workload to grant that security.

Because as it turns out, good fences also make good neighbors in the cloud.