Most of you may know I've been taking computer classes; well, this is the first time I've had to submit to my instructor via a url. What better place to post it than on my own SearchAmelia blog, right?
The first example of multi-tenancy that comes to mind is a retail point of sale system. When I managed a Radio Shack, we went from manual ticket receipts to using computer software for our sales, inventory, and re-order system. Different employees had different access to the software. Salesmen, for example, only had access to make sales or look up inventory. They did not have access to close out the day’s paperwork, transfer merchandise, or enter employee information such as name or hours worked in a pay period. Managers, on the other hand, had much more access to the software.
Reports needed to be compiled, stock needed to be ordered, employees needed to get paid; all of these were done using full access to all the software’s features by a store’s assistant manager or above. Now, imagine sharing this system with another company and their employees on a shared cloud.
With specialized software now being shared on the cloud to encourage further business savings and convenience, there are a few new risks being introduced to multi-tenancy. Transitioning to the cloud, sharing multiple users among multiple companies, data isolation, and interference are a few of the issues that may need to be addressed (Hofstede.)
Any exposure to the internet brings up risks of DoS attacks, ransomware and script-kiddies. With data from different companies sharing resources, it is no unthinkable for the tenants to have access to another tenant. The architecture of the software needs to address this risk on as many levels as possible (Brown).
Interference of resource overload could be a real problem, too, causing anything from downtime in the system to a complete crash of the system. Limiting requests by each tenant and a good system for monitoring resources would be a good start.
Bibliography
Brown, Wayne & Anderson, Vince & Tan, Qing. (2012). Multitenancy – Security Risks and Countermeasures. Proceedings of the 2012 15th International Conference on Network-Based Information Systems, NBIS 2012. 7-13. 10.1109/NBiS.2012.142. Accessed October 3, 2019.
Hofstede N. Security risks introduced by multi-tenancy. Blog.scripturaengage.com. https://blog.scripturaengage.com/security-risks-introduced-by-multi-tenancy. Published 2019. Accessed October 3, 2019.
