Forrester’s James Staten and I collaborated on this research.

True cloud services all use some mode of multitenancy — the ability for multiple customers (tenants) to share the same applications and/or compute resources. It is through multitenant architectures that cloud services achieve high cost efficiencies and can deliver low costs. Multitenant architectures must balance these cost benefits with the need for individual tenants to secure their data and applications. Forrester finds that few application development and delivery (AD&D) pros understand how multitenant architectures balance sharing with security, and many have other concerns as well. This research clarifies the picture and guides good decisions about cloud services.

Our definition: Multitenancy defines IT architectures that let multiple customers (tenants) share the same applications and/or compute resources with security, reliability, and consistent performance.

Our research yielded three major findings about multitenant architectures. These are:

  1. Multitenant architectures must strike a balance between sharing and security. To deliver cost savings and scalability, a multitenant architecture must be able to manage dynamic resource consumption by its tenants without violating their security. These two goals ultimately conflict with one another, since shared resources and individual security rarely go hand in hand.
  2. Two common multitenant architecture models have arisen. Dedicated resource models stake boundaries within shared infrastructure, defining the resources a tenant can access, allowing for tangible and secure walls but lower flexibility. Metadata map models chart protected pathways to shared resources, allowing for increased flexibility, but they ultimately may feel less secure.
  3. Despite resource sharing, multitenancy will often improve security. Most current enterprise security models are perimeter-based, making you vulnerable to inside attacks. Multitenant services secure all assets at all times, since those within the main perimeter are all different clients. Leveraging a mix of dedicated resources and metadata map architectures, these services can deliver stronger security.

Our recommendation: Know how cloud multitenancy works before using it (or dismissing it). Multitenancy is here to stay. Our research and analysis indicates that multitenancy is not a less secure model — quite the opposite! But you should still understand the type of multitenancy used by any service you consume, the security responsibilities you must take on, and whether any supplemental responsibilities are yours to ensure strong security, service reliability, and good performance.

Forrester clients: Read the full report here.