Ensuring resilience in multi-tenancy environments

NCC Group
Contact

Understand the risks of multi-tenancy environments & discover how Software Escrow solutions enable multi-tenancy environment disaster recovery & business continuity.

What is a multi-tenant environment?

In a multi-tenant architecture, a single instance of the software and its supporting infrastructure serves multiple customers (or tenants). Customers can be separated at various logical levels but often share application instances and databases - leading to integrity and confidentiality risks.

Why is a multi-tenant environment so popular?

“Software as a Service” (SaaS) providers tend to offer multi-tenant arrangements because it allows them to service a high volume of customers at the same time, often leading to easier setup and onboarding and less of a maintenance burden for customers, because upgrades and maintenance are usually handled centrally by the SaaS provider.

What are the risks of hosting applications in multi-tenant environments?

  • Data Protection: One major concern is the release or exposure of sensitive or personal data and the unavailability or loss of the data. If anybody hacks into one tenant’s instance, the privacy and data of any other tenant in that same environment may also be compromised.
  • Compliance: If you are in a regulated sector such as Financial Services or Healthcare, there are data security concerns that come with the multi-tenant model. Regulated businesses with multi-jurisdiction operations will likely have specific data requirements that differ across regions and will therefore want certain datasets treated differently than others. When you are effectively sharing your system with other businesses, how confident can you be that your data is truly safe and compliant?
  • Downtime: Multi-tenant architectures often rely on large and complex databases that require hardware and software maintenance on a regular basis, resulting in possible outages. This is problematic for mission-critical applications where even a few minutes of downtime can impact business.

3 ways to improve your multi-tenant resilience

There are 3 ways to improve the resilience of your multi-tenant environment. Identifying and assessing the risks of your SaaS vendor and the supporting infrastructure, developing a business continuity plan, and testing this plan to ensure it is effective. We’ll talk you through them below.

Identify and assess the risks

Identify and define the security responsibilities across your organization, the vendor, and cloud service provider. This will be key to finding and addressing any vulnerabilities across the supply chain. Also, assess your risk exposure across these key areas:

  • the SaaS vendor’s own capabilities and resilience (how confident are you that the application being delivered through the multi-tenant environment is secure?)
  • the SaaS application itself (how critical is the application to your business, does it support a key function, and how many of your customers are reliant on the application?)
  • your own internal technical capabilities (does your organisation have the capability and technical experience to maintain the application in-house? Or would you need a third party to redeploy the application?)

A comprehensive assessment of these areas should let you identify and classify the use of the SaaS application as a high, medium, or low risk to your organization and should help determine the most suitable level of protection for the application.

Develop a business continuity plan

Because a customer in a multi-tenant cloud environment shares the hosted production environment with other tenants, it will not typically be possible for a SaaS vendor to agree to release access credentials to an end-user should they experience a technical outage.

This would present too much of a risk to the other tenants who share the same environment.

Because of this, end-users will need to implement a business continuity plan to ensure they can re-platform the third-party application.

As part of your business continuity plan, initiate a Software Escrow Agreement to ensure business-critical material such as application source code, data, and cloud infrastructure are held in a secure environment.

This gives you the assurance that should the need arise, you have access to the necessary materials to replicate the SaaS vendors' cloud-hosted production environment and restore critical data in a useable format.

Test and validate the business continuity plan

If your firm doesn’t have its own in-house technical expertise to interpret the technical information provided by the SaaS vendor how else are you going to redeploy the application if the multi-tenant environment is compromised?

Only by testing and validating the business continuity plan can you be confident that it works!

Software Escrow Verification validates the accuracy and usability of the materials deposited in escrow, such as source code and infrastructure as code, and gives you the knowledge required to execute your continuity plan accordingly.

The technical documentation produced following the verification provides a step-by-step guide on the process of rebuilding the third-party SaaS application, so you can redeploy and maintain the application, without additional support from the SaaS vendor.

Closing thoughts

To quickly recap

  • The lack of data isolation in a multi-tenant cloud infrastructure makes it a prime target for attacks. If anybody hacks into one tenant’s instance the privacy and data of any other tenant in that same environment may also be compromised.
  • Heavily regulated industries such as pharmaceutical, financial services, and healthcare will need their own secure instance to remain secure, resilient, and compliant with relevant data protection regulations
  • It’s hugely unlikely a SaaS vendor will agree to release access credentials to the application in the event the vendor is unable to maintain the application as it would present too much of a risk to the other tenants who share the same environment.
  • Deposit application source code, critical data, and the supporting infrastructure in escrow and validate the accuracy and usability of these materials to ensure application continuity and data restoration. This will give you complete control of the production environment which hosts the software, and the data stored within it should the SaaS vendor fail.
  • Test your business continuity plan to give you the flexibility to either bring the hosting of the application in-house or to transfer it to another hosting provider.

[View source.]

Written by:

NCC Group
Contact
more
less

NCC Group on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.