Building Secure Multi-Tenant Container Platforms

Building and securing a multi-tenant container platform requires an advanced multi-tenancy architecture to ensure every aspect can be managed effectively. The platform should perform a wide range of functions, from creating secure, separated user environments to user access control, recurrent monitoring and more. 

In this article, we will help you determine which security policies and procedures to implement when building a secure multi-tenant container platform, including the underlying reasoning to help you maintain the safest solution.

What is Multi-Tenant Data Architecture?

Multi-tenant architecture relating to container platforms and software-as-a-service (SaaS) applications are a type of cloud infrastructure that uses software and supporting systems to manage multiple users (tenants). This allows multiple tenants to share the same database and resources in separate user environments, meaning each user’s data is in an isolated environment. 

Cloud SaaS applications that are based on a subscription service typically use multi-tenant architecture. Examples of this type of application include:

  • Email applications such as Microsoft Outlook and Gmail. 
  • Communication software such as Slack and Trello. 
  • Cloud storage services such as DropBox, OneDrive and Google Drive.
  • Website builders such as Wix and SquareSpace. 

Multi-Tenancy Architecture Vs. Single-Tenant

Single-tenant architecture differs from multi-tenancy as each user has their own separate software database, software instances and resources, providing a fully-isolated solution that cannot be accessed by other users. However, this type of platform requires the user to perform maintenance and upgrades themselves to maintain a healthy cloud environment. 

This type of solution is generally used in a private cloud environment but is also offered by lead cloud providers such as Oracle and Amazon Web Services (AWS). It is a suitable option for users that have the resources to manage the platform themselves, but it should be noted that maintaining single-tenant architecture and upgrading infrastructure can become expensive. Multi-tenancy architecture is much more affordable and scalable, but the level of security is almost entirely dependent on the vendor. 

The 6 Key Benefits of Multi-Tenancy Architecture

Multi-tenancy architecture has numerous clear advantages when it comes to developing a secure container platform, including products that are used to engage with customers directly, such as sales and CRM platforms.

  • Optimal Use of Computing Resources – Multi-tenancy architecture provides each user with enough resources and storage space to cater to their needs in an efficient way that minimizes waste. A single-tenant solution can often see resources under-utilized, whereas multi-tenancy shares CPU power, memory and storage across large numbers of users in an optimal way. This can be further enhanced with the use of load balancers and other resource allocation tools.
  • Cost Effective – A multi-tenancy solution can be much more cost-effective in terms of the money that needs to be spent on cloud infrastructure. In addition to lower setup and maintenance costs. This is why many startups and SMEs favor multi-tenancy platforms, especially as the solution can be scaled up in the future if needed.
  • Easy Setup and Migration – A multi-tenancy container platform has lower up-front costs thanks to the use of on-demand cloud platforms such as Oracle and AWS, which help to significantly reduce the cost of infrastructure. Not only that, but many tools on the market make migrating applications between different infrastructures very simple.
  • Simple Maintenance and Upgrades – Another key benefit is the ability to update the central application or codebase for multiple users at the same time. Software updates, additional features or scheduled maintenance can be rolled out for all users in one go instead of managing each user on an individual basis.
  • Scalability – The shared nature of a multi-tenancy container platform enables a number of different scaling strategies to be adopted without any impact on infrastructure. Should a user wish to upgrade or downgrade their subscription level, then resources can be easily redistributed based on the requirements of each user.
  • Third-Party Software Integration – Further functionality can be added to container platforms thanks to better third-party apps and API integration. With a fully-isolated, single-tenant solution, new applications would need to be deployed on their infrastructure, delaying access to new features and tools. 

How to Build a Secure Multi-Tenant Container Platform

Building a highly-scalable and optimized multi-tenancy container platform requires thorough planning to determine what tools, methods and processes need to be implemented to serve your clients. To help with this, we have broken down the exercise into four key stages.

Planning Your Container Platform

When planning your container platform, there are a series of questions that need to be asked to determine the exact requirements of the organization and its users. These questions relate to important factors such as estimated workloads, security and resource usage, as well as the core functionality that a typical user would need. 

Questions that should be answered in the planning stage may include:

  • How many users will be supported?
  • How many tenant groups (tiers) will be supported?
  • Will you implement a subscription system with premium features?
  • Will you implement sharding (database partitioning)?
  • How frequently will software updates be scheduled?
  • Will you require advanced data backup and restoration capability?
  • How will the performance of the platform be measured?
  • How will the system respond to periods of high usage?
  • What level of customization will be offered to users and tenant groups?
  • How will the platform comply with data privacy regulations?
  • What cybersecurity measures will be put in place?

Policy Development

The needs of each user can differ greatly, with some requiring a higher share of resources and storage capacity than others. Therefore, clusters need to be created to develop user groups, helping to sort your user base into higher and lower levels. 

To ensure this is done effectively, policies need to be created and, for multi-tenancy architecture, centralized tenant policy management is recommended. This type of management model offers the most optimal performance and will allow new features and software updates to be rolled out when needed.

Decide on a Cloud Computing Platform

There are several cloud computing platforms that could be viable options for your new container platform, offering all the tools you need to develop a system that can handle multiple users. Below are three of the best options for you to consider. 

  • Amazon Elastic Kubernetes Services (EKS) – EKS is based on the Kubernetes platform and allows users to be isolated into their separate clusters. This helps to increase the security of the platform while also being highly customizable. Read more about Kubernetes security best practices here.
  • Amazon Elastic Container Services (ECS) – This Amazon microservices architecture is made up of interdependent components that simplify code deployments for straightforward scaling. This is one of the most affordable cloud computing options. However, there is very little scope for customization, and migrating the ECS setup to other non-ECS infrastructures can prove challenging.
  • Amazon Serverless Computing – Finally, serverless computing is a fully-scalable solution that allows resources to be allocated seamlessly. The downside to this serverless architecture is the level of complexity compared to the aforementioned options, but this also provides a greater level of customization and integration with third-party apps. 

Authorization and Authentication

Implementing authentication and authorization mechanisms can use up a lot of resources, sometimes requiring the process to be performed thousands of times within a single minute, from the initial verification to the issuing of the access token. To save on resources, using a third-party service that makes use of dedicated authentication servers to handle this process is often the most viable solution. 

Building Secure Multi-Tenant Container Platforms: Summary

Multi-tenancy architecture is the ideal solution for container platforms that want to make optimal use of the available resources and storage space, offering multiple benefits over a single-tenant solution. These benefits include being more cost-effective and highly scalable, as well as making it much easier to roll out updates for a large number of users at the same time. 

Building such a platform requires significant planning to determine exactly how it will serve multiple users. In addition to determining its functionality, the correct policies, cloud computing platform and user authentication methods must be established before development. 

Nahla Davies

Nahla Davies is a technical copywriter and former software specialist and lead programmer at several major technology companies whose clients include Collibra, UpGuard and Netflix. Since 2015 Davies has worked with enterprise clients around the world developing RegTech protocols and best practices. She worked both enterprise side and with sovereign governments acting as a key contributor for notable public projects like DCOM. Since 2020 Davies has taken a less active role in compliance consulting and started sharing my insights as a technical copywriter. Visit https://nahlawrites.com to learn more.

Nahla Davies has 13 posts and counting. See all posts by Nahla Davies