Extended Slovník

Tenant

In cybersecurity, a tenant refers to a dedicated and isolated environment or set of resources within a shared infrastructure, typically a cloud service or multi-tenant application, ensuring data and operations are separate for each customer or organizational unit.

A tenant, within the context of cybersecurity and cloud computing, represents a distinct and secure operating environment provided to an individual client, customer, or organizational unit within a larger shared infrastructure. This logical separation ensures that each tenant's data, applications, configurations, and user identities are isolated and protected from other tenants, even though they share the underlying physical hardware, network, and software platforms.

Effective tenant management and robust security controls are crucial for maintaining confidentiality, integrity, and availability in multi-tenant environments, particularly in SaaS (Software as a Service), PaaS (Platform as a Service), and IaaS (Infrastructure as a Service) offerings, where resources are dynamically allocated and shared among diverse users.

What is a tenant in cybersecurity?

In cybersecurity, a tenant is a logically isolated unit within a shared computing environment. Each tenant operates as if it has its own dedicated infrastructure, with separate data stores, user accounts, configurations, and security policies. The concept is foundational to cloud computing models where multiple organizations or business units coexist on the same physical resources.

Common real-world examples include:

  • Microsoft 365 Tenant — Each organization receives its own tenant (e.g., yourcompany.onmicrosoft.com), which encapsulates all of its users, licenses, mailboxes, and settings.
  • Azure AD Tenant — A dedicated instance of Microsoft Azure Active Directory that serves as the identity and access management boundary for an organization.

The tenant model is central to how cloud providers deliver scalable, cost-effective services while maintaining strict boundaries between customers.

Why is tenant isolation important?

Tenant isolation is one of the most critical security requirements in shared environments. Without proper isolation, a vulnerability or misconfiguration in one tenant could lead to unauthorized access to another tenant's data, a scenario known as cross-tenant attack or tenant escape.

Key reasons tenant isolation matters:

  • Confidentiality: Ensures that sensitive data belonging to one tenant cannot be accessed, viewed, or leaked to another.
  • Integrity: Prevents unauthorized modification of a tenant's data or configurations by external actors or neighboring tenants.
  • Availability: Guards against "noisy neighbor" problems, where one tenant's excessive resource consumption degrades service for others.
  • Compliance: Regulations such as GDPR, HIPAA, and SOC 2 require strict data separation, which tenant isolation enforces. Guidelines from NIST SP 800-144 emphasize the importance of understanding isolation mechanisms in public cloud environments.

Organizations like the Cloud Security Alliance (CSA) publish comprehensive guidance on evaluating and validating tenant isolation controls across cloud platforms.

How to secure a multi-tenant application?

Securing a multi-tenant application requires a defense-in-depth approach that addresses isolation at every layer of the technology stack. Key practices include:

  • Data isolation: Use separate databases, schemas, or row-level security policies to ensure each tenant can only access its own data.
  • Authentication and authorization: Implement robust identity management with tenant-aware authentication flows. Enforce the principle of least privilege so that users within a tenant can only access what they need.
  • Network segmentation: Employ virtual networks, firewalls, and network policies to isolate tenant traffic at the infrastructure level.
  • Encryption: Encrypt data at rest and in transit using tenant-specific keys where possible, preventing cross-tenant data exposure even in the event of a breach.
  • Logging and monitoring: Maintain tenant-scoped audit logs and implement real-time monitoring to detect anomalous cross-tenant access attempts.
  • Input validation and secure coding: Follow the OWASP guidelines to prevent injection attacks, broken access controls, and other vulnerabilities that could compromise tenant boundaries.
  • Regular security assessments: Conduct penetration testing and security audits specifically focused on tenant isolation, as recommended by ISACA cloud security frameworks.

When to use a multi-tenant system?

A multi-tenant architecture is ideal in the following scenarios:

  • SaaS product delivery: When building software that serves many customers from a single codebase and infrastructure, multi-tenancy provides cost efficiency and operational simplicity.
  • Enterprise platforms: Large organizations often use multi-tenant structures to serve different business units, departments, or subsidiaries from a unified platform.
  • Scalability requirements: When the workload demands elastic scaling and shared resource pools, multi-tenancy allows efficient utilization of compute, storage, and networking resources.
  • Rapid onboarding: Multi-tenant systems enable fast provisioning of new customers without deploying separate infrastructure for each one.

However, single-tenant architectures may be preferred when strict regulatory requirements demand physical separation, or when a customer's workload profile is highly specialized and cannot tolerate shared resource contention.

Which identity provider supports multi-tenant?

Most modern identity providers offer built-in support for multi-tenant architectures. Notable examples include:

  • Microsoft Entra ID (formerly Azure AD): Natively designed around the tenant concept, each organization gets a dedicated directory instance with full identity and access management capabilities. It supports multi-tenant application registrations, enabling apps to authenticate users across multiple tenants.
  • Okta: Provides multi-tenant identity management with org-level isolation, supporting SSO, MFA, and lifecycle management for each tenant.
  • Auth0: Offers flexible multi-tenant support through organizations and tenant-level configurations, suitable for B2B SaaS applications.
  • Google Cloud Identity: Supports multi-tenant identity management integrated with Google Workspace and Google Cloud Platform.
  • Keycloak: An open-source identity provider that supports realms as a multi-tenant mechanism, allowing each realm to function as an independent identity domain.

When selecting an identity provider for a multi-tenant system, organizations should evaluate the provider's isolation model, federation capabilities, compliance certifications, and support for standards such as OAuth 2.0, OpenID Connect, and SAML 2.0.

← Back to Glossary