How Do I Secure my Data in a Multi-Tenant Cloud Environment?
Security in a multi-tenant environment begins with asking questions of your potential cloud service providers (CSPs). A consistent tool you can use to compare multiple vendors of a multi-tenant solution is the Consensus Assessment Initiative Questionnaire (CAIQ) from the Cloud Security Alliance. You can provide the questionnaire to each vendor and compare their answers, apples-to-apples. The CAIQ is divided into various “Security Control Domains,” which can educate you, the user, as well as enable you to get objective information from the multi-tenant providers. It’s up to you to decide how much of the questionnaire with which your selected vendor must comply.
If you can’t find sufficient security in a multi-tenant environment, some vendors provide single-tenant versions of their multi-tenant offering:
- Microsoft is leading this charge with Azure Stack, a single-tenant version of Microsoft Azure.
- AWS is rumored to offer a single-tenant version of AWS. You might have to be a very big customer to hear about it.
- And, of course, Thales eSecurity offers CipherTrust Cloud Key Manager as a multi-tenant cloud service, but we also offer it as a single-tenant version.
So, if you can’t get a single-tenant solution, in the best case you can gain assurances from your multi-tenant provider that all data is encrypted, and you can hold the keys.