Multi-tenancy versus virtualization for cloud security
Cloud Computing, Cloud computing security, Cloud Security, Data Security Program, Multi-tenancy, Virtualization, Virtualization security
In a cloud environment, multi-tenancy is something that has been questioned when it comes down to ensuring customers' data security. Some have proposed virtualization as an alternative.
What is your take on multi-tenancy versus virtualization?
Software/Hardware used:
Software/Hardware used:
ASKED:
February 8, 2011 7:46 PM
UPDATED:
October 28, 2011 2:54 AM
RELATED QUESTIONS
- Open IT Forum: Which is the best security certification for cloud computing?
- What sort of differences in storage workloads can be expected?
- Why would you choose cloud hosting environment over managed server hosting?
- Securing the cloud: Is IDS passe?
- What tools does Microsoft offer for cloud computing?
Answer Wiki:
I think even with multi-tenancy, there is a way to ensure data security through 4 types of data isolation approaches : These are 1) Separate database for each tenant 2) Separate Schema per tenant 3) Separate table per tenant 4) And finally a shared table for all tenant with a tenant id.
Irrespective of the data isolation approaches used (Some multi-tenant frameworks like cellosaas suppot all the 4 types), the data security is ensured by the underlying framework, so that even if the developer makes a mistake by not coding the right tenant id for example, the framework will take care of ensuring that the right data is accessed depending on the dynamic context of the user and the tenant to which the user belongs.
The key issue here is to use a robust multi-tenant engineering stack that is tested and proven as your foundation and build your business logic on top of it.
Ramkumar
Techcello
To see all answers submitted to the Answer Wiki: View Answer History.
The term cloud translates to ‘lack of visibility’. And lack of visibility suggests that you will be relying on others to secure your information. This is the case for all data that leaves an environment where you have complete visibility. So we have been taking these leaps of faith for a long time.
You can separate and/or encrypt data from end to end, including storage and transport. You control the process of bringing the data together and/or decrypting that data.
You still will be vulnerable to that data being exposed or leaked as it goes into the cloud. Again the assumption is you control and secure the areas of transport and storage before you enter and exit the cloud.
One area that can be addressed is some type of ‘control plane’ or ‘signaling path’ that is tied to the data flow. The owner would have access to this architecture and provide the ‘visibility’ as it traverses or exists in the cloud. This would be regardless of whether the data supports multi tenant or single owner.
For private cloud design you can this visibility into the various data flows, and where this data will reside. For the public cloud, this would need to be discussed with the particular vendor. I do not see where you separate virtualization and multi-tenancy, in terms of securing data in a cloud environment. I would assume you can support multi-tenant operations, whether virtualized or not. I do separate the ‘the cloud’ from virtualization.
Regards
Reeegman
So, what is Hypervisor for? Hypervisor technologies have the ability to isolate the resources from multi-tenant environment?