Thales Blog

Secure Multi-Tenancy For Federal Agencies

September 9, 2017

Brent Hansen Brent Hansen | Federal CTO More About This Author >

In the wake of recent cyberattacks against the FBI, IRS, DHS and the DNC, the U.S. government is racing to shore up its digital defenses. In fact, the U.S. government spent $14 billion on cybersecurity last fiscal year alone. Unfortunately, a major challenge in bolstering the federal government’s cybersecurity is the number of aging legacy systems still in place.

Secure Multi-Tenancy for Federal Agencies

Federal Cloud Adoption

Earlier this year, President Donald Trump signed an executive order addressing the federal government’s vulnerability to cyber threats. The order pushes agencies toward shared services, including cloud computing – a much needed development for federal IT modernization and security. Greater use of the cloud will ultimately allow federal agencies to achieve a more secure, scalable computing environment.

To help agencies adopt cloud computing confidently, the federal government established the Federal Risk and Authorization Management Program, or FedRAMP. The program is a government-wide initiative that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

FedRAMP was created to build a cohesive risk management program that could be used throughout the federal government; however, it’s important to note that FedRAMP certification of a cloud service provider (CSP) does not mean federal agency data is secure in the cloud. It means only that the CSP has the proper infrastructure to support security. (For more information on navigating FedRAMP certification while maintaining data security,

Demonstrating the federal government’s rapid adoption of the cloud, the 2017 Thales Data Threat Report, Federal Edition found that 92 percent of federal agencies will use sensitive data in an advanced technology environment this year. However, rushing to advanced technologies, defined in the report as the cloud, big data, IoT and containers, may only make the problem worse. In fact, 71 percent of federal respondents are adopting advanced technologies without proper security in place.

Multi-Tenancy in the Cloud

The cloud offers federal agencies the ability to reduce costs, deliver more timely services, improve risk management and significantly lessen burdens on internal resources. Although these benefits are compelling, many federal agencies cite security and data privacy as primary reasons for not adopting cloud computing. These concerns may stem from the perceived loss of control due to the multi-tenant nature of the cloud.

Multi-tenancy is an architecture designed to serve multiple customers – also called tenants – from a single, centralized system. All the data is stored in shared databases and hosted on shared servers. Further, the system is designed to ensure separation of data across all the customers so that the data isn’t shown to the wrong user.

As organizations continue moving their data and applications to the cloud, multi-tenancy is broadening because of new service models that take advantage of virtualization and remote access. For example, a SaaS provider can run one instance of its application on one instance of a database and provide web access to multiple customers. In such a scenario, each tenant’s data is isolated and remains invisible to other tenants.

However, multi-tenancy also poses many challenges. When it comes to security, multi-tenancy can create difficulties in adequately isolating security, as well as authenticating, authorizing and differentiating access. Multi-tenancy can also be a roadblock for robust and enterprise-scale reporting, a crucial aspect for incident response, auditing and investigations. While these issues can be resolved, they may have a negative impact on an organization’s bottom line.

Secure Multi-Tenancy with Thales

To enable federal agencies – and in fact any organization – to address these issues and create secure multi-tenancy in the cloud, the Vormetric Data Security Platform from Thales offers an effective, flexible and cost-effective solution that is easy to install and use. Our solution also meets FIPS 140-2, Common Criteria and NIST certifications, an important consideration for the highly regulated government sector.

Thales reduces total cost of ownership because it is a single solution that can be applied throughout the enterprise – across physical, cloud, container and big data environments. And with two-thirds of enterprises now leveraging more than one cloud provider, Thales provides centralized management of multi-tenant encryption services that can be deployed in multi-cloud, on-premises or hybrid environments.

Thales also provides the ability to scale security enclaves without adding more hardware in the data center. This reduces the amount of people and resources required to implement security – a major benefit considering the cybersecurity industry’s current challenge of acquiring and retaining talent. In fact, the 2017 Thales Data Threat Report, Federal Edition found that U.S. federal organizations are dealing with more acute staffing shortages than most sectors, with 53 percent of respondents citing lack of staff as a chief barrier to data security initiatives.

Want to learn more about Thales eSecurity’s encryption and key management solutions for multi-tenant environments? Leave a comment below.