Multi-tenancy versus virtualization for cloud security

6345 pts.
Tags:
Cloud Computing
Cloud Security
Data Security Program
Multi-tenancy
Virtualization
Virtualization security
In a cloud environment, multi-tenancy is something that has been questioned when it comes down to ensuring customers' data security. Some have proposed virtualization as an alternative. What is your take on multi-tenancy versus virtualization?

Answer Wiki

Thanks. We'll let you know when a new response is added.

I think even with multi-tenancy, there is a way to ensure data security through 4 types of data isolation approaches : These are 1) Separate database for each tenant 2) Separate Schema per tenant 3) Separate table per tenant 4) And finally a shared table for all tenant with a tenant id.

Irrespective of the data isolation approaches used (Some multi-tenant frameworks like cellosaas suppot all the 4 types), the data security is ensured by the underlying framework, so that even if the developer makes a mistake by not coding the right tenant id for example, the framework will take care of ensuring that the right data is accessed depending on the dynamic context of the user and the tenant to which the user belongs.

The key issue here is to use a robust multi-tenant engineering stack that is tested and proven as your foundation and build your business logic on top of it.

Ramkumar
Techcello

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Reeegman
    The term cloud translates to 'lack of visibility'. And lack of visibility suggests that you will be relying on others to secure your information. This is the case for all data that leaves an environment where you have complete visibility. So we have been taking these leaps of faith for a long time. You can separate and/or encrypt data from end to end, including storage and transport. You control the process of bringing the data together and/or decrypting that data. You still will be vulnerable to that data being exposed or leaked as it goes into the cloud. Again the assumption is you control and secure the areas of transport and storage before you enter and exit the cloud. One area that can be addressed is some type of 'control plane' or 'signaling path' that is tied to the data flow. The owner would have access to this architecture and provide the 'visibility' as it traverses or exists in the cloud. This would be regardless of whether the data supports multi tenant or single owner. For private cloud design you can this visibility into the various data flows, and where this data will reside. For the public cloud, this would need to be discussed with the particular vendor. I do not see where you separate virtualization and multi-tenancy, in terms of securing data in a cloud environment. I would assume you can support multi-tenant operations, whether virtualized or not. I do separate the 'the cloud' from virtualization. Regards Reeegman
    10 pointsBadges:
    report
  • Yexlaynaing
    So, what is Hypervisor for? Hypervisor technologies have the ability to isolate the resources from multi-tenant environment? :)
    15 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following