In this article, we take a look at the differences, as well as highlighting the benefits of single tenant vs multi tenant infrastructure.
Christina Harker, PhD
Businesses across diverse industries are increasingly moving their processes, products, and data into the cloud. For some, this represents an opportunity to unlock greater scaling capabilities while avoiding the capital overhead of maintaining server hardware. For others, the cloud presents a significant obstacle: organizations grappling with stringent compliance and auditing requirements don’t want to be left behind, but face significant difficulty in maintaining a solid compliance footing.
As a company begins to shift into cloud computing, they often take the approach of utilizing multi-tenant providers, writing bespoke middleware and creating virtual infrastructure “fences” to stay compliant. Unfortunately this approach can be costly, both from a time and budgetary perspective. Instead, organizations subject to strict regulatory guidelines should consider adopting a single-tenant approach, providing security and compliance as a first-class, batteries-included feature.
Single-tenant Software-as-a-Service (SaaS) is a type of provider architecture where only a single customer or user’s resources or virtual instances for a given service reside on the underlying hosting infrastructure. Imagine a server in a data center: only Customer A has instances on that server. If Customer B wants to provision instances, they will be provisioned on a separate server.
Single-tenancy as a model can also be applied to Infrastructure-as-a-Service (IaaS) or Platform-as-a-Service (PaaS) as well. The provider simply needs to guarantee that the customer instances and data are subject to some form of physical or logical isolation that cannot be bridged.
It’s important to note that single-tenancy may have different interpretations both at the compliance framework and provider level. While there are no compliance frameworks that explicitly demand single-tenant hardware, there are several that maintain high standards for data security, accessibility, and auditing that are much easier to achieve with single tenant SaaS. For example, section 314.4b of the Gramm-Leach-Bliley Act (GLBA) does not expressively state that single-tenant infrastructure is required, but it does require persistent risk assessments and safeguards. Risk assessments are significantly more complex when having to account for multi-tenant architectures and the possibility of isolation escape or security vulnerabilities inherent to virtualization.
Single-tenant SaaS offers several advantages over multi-tenant and shared hosting infrastructure.
The isolated hosting environments in a single-tenant environment significantly lowers risk factors for certain types of attacks involving virtual machine escapes, privilege escalation, and DDoS or noisy-neighbor. Single-tenant architecture also makes deploying and managing access control simpler from the provider perspective.
In single-tenant architecture, performance is much easier to quantify and predict. While multi-tenancy is more cost-efficient and profitable for the provider, it can have detrimental effects on the performance experienced by individual users. While this isn’t a huge concern for ephemeral, highly variable traffic demands like a web application, it can be problematic for critical infrastructure involved in functions like payment processing or critical data storage.
Dedicated resources for compute, memory, and storage network avoid noisy neighbor problems. Organizations can more easily handle capacity planning and demand forecasting when performance is based on quantifiable hardware capabilities, which is in contrast to the “burstable” features available in multi-tenant platforms that can lead to unpredictable cost and application performance.
Effective compliance is often about defining controls, and then demonstrating that those controls were followed for a given window of time. Single tenant environments vastly simplify this process. Regulatory frameworks such as the above mentioned GLBA require organizations to audit vendors and their respective controls. Control attestation is a much simpler process from the provider perspective when stronger isolation is a design feature.
Single-tenant also simplifies auditing and attestation on the organization side as well. One of the greatest hidden costs of compliance is the extra time engineers often have to spend either building workarounds or combing through logs to meet regulatory requirements and satisfy auditing tasks in traditional multi-tenant architectures. Single-tenancy provides the foundation to avoid a lot of this lost time.
The ability to secure and isolate critical data is paramount to maintaining regulatory compliance. In regulated industries, customer data is often highly sensitive; it should be no surprise that most laws and regulatory frameworks devote significant space to providing guidance on how to properly manage and secure data.
Data controls generally focus on the following areas:
Encryption: Both at-rest and in-transit. Single-tenant can apply specifically to keys as well; in this case data is encrypted with a customer-managed or customer-provided key, rather than a shared one.
Residency: Frameworks like GDPR make specific demands about privacy and where data can be hosted. For instance, the GDPR generally states that US-based cloud servers are not compliant, thus EU-based users must have their data stored on EU-based infrastructure.
Access Control: Defining who can access the data, who can modify the data, who can give access to the data, etc. It’s also typically required that an organization can, on demand, provide logs showing who accessed specific data and for what cause or justification it was accessed.
Isolation: This can mean different things depending on clauses, but generally it refers to the idea that data of different sensitivity levels should not occupy the same logical storage infrastructure. Production user data should not share the same database as test or development data.
While it’s possible to satisfy most of these objectives on multi-tenant infrastructure, single-tenant makes them much easier to achieve.
Single-tenant hosting provides dedicated infrastructure, where each customer has their own private cloud environment, including servers, storage, and network resources. Multi-tenant hosting shares infrastructure among multiple customers, with each customer's applications and data residing on a common platform.
In single-tenant hosting, resources such as computing power, memory, and storage are dedicated to one customer. This can ensure performance, but may also lead to inefficient usage if a single customer doesn’t fully utilize their instance. In multi-tenant hosting, resources are shared among multiple customers. This can help ensure efficient resource utilization, but may also subject tenants to a “noisy neighbor” problem: A single customer may over-utilize or exceed quotas for network bandwidth or compute resources, impacting the performance of other tenants. This can become a serious problem if a single tenant is compromised for use in a DDOS attack.
Single-tenant hosting provides better security and data isolation, as each customer's environment is separated from others, reducing the risk of data breaches or unauthorized access. Multi-tenant hosting has a larger attack surface, as vulnerabilities in the shared infrastructure have a higher blast radius, potentially impacting multiple customers. Providers of multi-tenant infrastructure must maintain much more complex access-control/IAM infrastructure. Referring back to the previous section: compromised customer instances can be used in DDOS. Even if the “target” is outside cloud infrastructure, other tenants will be impacted by resource consumption.
Single-tenant hosting typically has higher upfront costs, as customers are paying for dedicated resources and infrastructure. Multi-tenant hosting is generally more cost-effective, as the shared infrastructure leads to lower costs for each customer. It can be harder to predict costs in certain multi-tenant scenarios; some providers have cost modifiers based on prolonged excessive usage on certain service tiers; AWS does this with burstable instances.
Single-tenant Saas offers simplicity in demonstrating regulatory compliance. When auditing both vendor and internal applications, it is easier to attest to and demonstrate isolation. Most SaaS default service offerings are nearly always multi-tenant. Single-tenancy might be possible on traditional cloud, but requires specifically selecting a more expensive, limited service tier, or implementing workarounds, middleware, or infrastructure shims to achieve meaningful single-tenancy. Consequently, audits become more complex and time consuming.
As cloud adoption grows, the diversity of industries that need to take advantage of cloud infrastructure will only increase, which means the demand for platforms that provide compliance out-of-the-box will increase as well. Single-tenant SaaS providers have a strong value proposition for organizations that need to demonstrate regulatory compliance. Compliance-friendly services and platforms lessen the burden on internal engineering staff to design, maintain, and report on compliance. Public cloud providers can offer compliance-friendly services, but at a greater cost and technical complexity.
Cloud Compliance / Cloud Management / Cloud Cost Control / Cloud Security
Divio Method and Compliance Part 1: An A+ ISO Certification in 4 Months
In this interview with Divio’s Jonathan Stoppani, read about how achieving an A+ ISO certification in 4 months exemplifies Divio's approach to problem solving.