Software multi-tenancy is the fundamental design approach that allows SaaS systems to operate securely and efficiently. Yet many of the systems touted as "cloud" solutions don’t have it. They are simply the same single-tenant designs as before, with a web browser tacked onto the front end. Yes, the web browser is a welcome improvement over thick clients, but customers and vendors should care about what’s behind the browser.
So, what is multi-tenancy? To quote Salesforce.com, a leading authority on the subject, "Whereas a traditional single-tenant application requires a dedicated set of resources to fulfill the needs of just one organization, a multi-tenant application can satisfy the needs of multiple tenants … using the hardware resources and staff needed to manage just a single software instance."
Multi-tenancy matters to security integrators and end users for two reasons; economics and security.
In terms of economics, multi-tenancy allows major SaaS providers like Salesforce, Google, Netsuite, and many other familiar names to operate their services at massive scale and low cost. It does this by using a software design that enables thousands, even millions of unrelated customers to safely share the same underlying hardware resources. While the cost savings on hardware is obvious, there are equally considerable savings in energy, maintenance, and staffing expenses. Without multi-tenancy, the expense of running applications is virtually the same as traditional IT, and the whole cost-benefit argument for cloud services collapses.
By the same token, supporting millions of customers on a single, highly-scalable instance can only be accomplished if the security provisions were designed into the software from the start. Here a real estate analogy is illustrative. Ever lived in a single family home that was subdivided to support multiple renters? Doesn’t work so well. Not nearly as well as an apartment building designed from the outset to support multiple tenants. The same holds true for software.
Customers must look for multi-tenancy if they expect to achieve the promised cloud savings over the long term. Without it, there is also no adequate data security model in repurposed legacy applications.
The "Private Cloud Ready" Deception
Read a stack of recent sales literature and you’ll come across the terms "private cloud ready" or "suitable for private cloud deployment." Vendors often apply such terms to security appliances and server architectures, both real and virtualized. Sounds good, but what does it actually mean? Not much.
According to the oft-cited NIST definition, a private cloud is an architecture where “the infrastructure is provisioned for exclusive use by a single organization”. This means dedicated servers, storage, network connections, and staff to take care of the whole thing. Sound familiar? It should, it’s exactly the same as the traditional security software delivery model. It might have been moved offsite to another data center and it might have been virtualized for a little hardware efficiency, but at its core it offers the same features as the dedicated client-server model of the past several decades.
That’s why I favor the more descriptive definition that a private cloud "is a marketing term for a proprietary computing architecture that provides hosted services to a limited number of people behind a firewall." That’s probably not what you thought you were buying when the vendor told you it’s a "private cloud ready" product.
When security buyers are trying to free themselves of all the hassles of dedicated server equipment, the single-user "private cloud" fiction leaves customers right where they’ve always been.
The "Hide the Server" Deception
The private cloud claim is closely related to a practice we call "hide the server." This amounts to taking the end user’s current security applications and moving them to where they no longer see them running on their own computers.
Does moving an old application architecture to a new server 1,000 miles away give it any of the characteristics of cloud computing? Of course not. It won’t magically support thousands of end user organizations or suddenly be any faster for new users to provision. The truth is that the service provider will need to move every new customer’s computers to a new location, just like they did with yours. What do you think that will cost them? What will it cost you?