How Do I Secure my Data in a Multi-Tenant Cloud Environment?

How Do I Secure my Data in a Multi-Tenant Cloud Environment?

Security in a multi-tenant environment begins with asking questions of your potential cloud service providers (CSPs). A consistent tool you can use to compare multiple vendors of a multi-tenant solution is the Consensus Assessment Initiative Questionnaire (CAIQ) from the Cloud Security Alliance. You can provide the questionnaire to each vendor and compare their answers, apples-to-apples. The CAIQ is divided into various “Security Control Domains,” which can educate you, the user, as well as enable you to get objective information from the multi-tenant providers. It’s up to you to decide how much of the questionnaire with which your selected vendor must comply.

If you can’t find sufficient security in a multi-tenant environment, some vendors provide single-tenant versions of their multi-tenant offering:

  • Microsoft is leading this charge with Azure Stack, a single-tenant version of Microsoft Azure.
  • AWS is rumored to offer a single-tenant version of AWS. You might have to be a very big customer to hear about it.
  • And, of course, Thales offers CipherTrust Cloud Key Manager as a multi-tenant cloud service, but we also offer it as a single-tenant version.

So, if you can’t get a single-tenant solution, in the best case you can gain assurances from your multi-tenant provider that all data is encrypted, and you can hold the keys.

Related Articles