Logic Clearly Dictates That Different Things are Different
There are many logical fallacies, some more recognizable than others. Today’s lesson is brought to you by the logical fallacy “equivocation” and the term “multi-tenant”.
Definition: Equivocation is sliding between two or more different meanings of a single word or phrase that is important to the argument.
LOGIC DICTATES YOU SHOULD BACK UP and TRY AGAIN
Say “cloud” and ask for a definition today and you’ll still get about 1.2 different answers for every three people in the room. It’s just a rather nebulous technology that’s hard to nail down and because it’s something that’s defined by characteristics rather than a concrete specification it’s difficult to get folks with sometimes diametrically opposed architectural approaches to agree on a definition. One of the reasons this is a problem is because you end up with a lot of equivocation when people start arguing about whether “this” is cloud or “that” is cloud or, more apropos to today’s lesson, whether “cloud” is secure.
Security remains the biggest obstacle preventing major businesses from embracing cloud services. However, Charles Babcock of Information Week says such fears are “overblown.”
In particular, Babcock supports multi-tenant, shared cloud computing , which some executives fear has weak security. “To me, Salesforce.com and other SaaS vendors have established the legitimacy of the multi-tenant model. If it didn’t work, we’d be hearing constant complaints about compromises of data and loss of business,” wrote Babcock. “The question of whether it can be made safer than it is, however, I would answer at face value, ‘of course it can.’” [emphasis added]
While it may be argued – and argued well – that “SaaS vendors have established the legitimacy of the multi-tenant model” they have done so only for the SaaS multi-tenant model. The (in)security of SaaS or IaaS does not imply the (in)security of multi-tenancy in other models because they may be (and often are) implemented in entirely different ways.
SaaS ≠ PaaS ≠ IaaS
If none of the “aaS” are the same (and they are not) then neither are the multi-tenant models they employ – if they even employ such a thing. The multi-tenancy requirements of infrastructure and systems – the ones that make up PaaS and IaaS – are necessarily implemented in myriad ways that do not mirror the database-configuration-driven methodology associated with SaaS vendors. Multi-tenancy in a Load balancer, for example, is not implemented using a database and it is, in part, the security of the database system in a SaaS that provides those offerings with a measure of its security.
Using SaaS as the poster-child for cloud security is, to quote Hoff, intellectually dishonest or the product of ignorance.
Almost all of these references to "better security through Cloudistry" are drawn against examples of Software as a Service (SaaS) offerings. SaaS is not THE Cloud to the exclusion of everything else. Keep defining SaaS as THE Cloud and you're being intellectually dishonest (and ignorant.)
-- Christofer Hoff, “What People REALLY Mean When They Say “THE Cloud” Is More Secure…”
Multi-tenancy in an IaaS environment is necessarily more complex than that of a SaaS environment. Unless you really believe that Salesforce.com is not only providing isolation at the application layer but also divvying up the network into VLANs and applying ACls on every router on a per customer basis. I didn’t think you did.
Yet this level of “security” is what it takes at an IaaS layer to provide a secured, multi-tenant environment. Multi-tenant means different things in different deployment models, and one cannot equate SaaS multi-tenancy to IaaS multi-tenancy. Well, you can, but you’d be very, very wrong.
IaaS and MULTI-TENANCY
Multi-tenancy is the ability to support multiple “tenants” on the same solution while providing isolation, individual configuration and security for each customer. In an IaaS environment this is not necessarily achieved on the device but is instead often realized through an architectural approach. When the network is involved isolation and security of a complete flow of data is achieved not by configuration settings in a database, but through the use of protocols designed to segment and isolate while routing data through the network. Protocols are not inherently multi-tenant; they are the means by which some forms of multi-tenancy can be (and are) implemented.
But the use of protocols and architecture to achieve multi-tenancy is in no wise related to the multi-tenancy of a SaaS environment. In an IaaS environment providers are concerned with multi-tenancy at the network and infrastructure layer. There are not required to provide this same capability for applications, except where server infrastructure is concerned. SaaS providers, on the other hand, may or may not be concerned about the multi-tenancy of the network and are instead concerned only with the application that is being delivered.
With such very different models and concerns for the provider, it is impossible to apply the (in)security of one model to another. SaaS may be in fact very secure, but that says nothing about an IaaS provider, and vice-versa.
Any such arguments attempting to imply the security of PaaS and IaaS by pointing at SaaS implementations are nothing less than equivocations, and are simply illogical.
Related blogs & articles:- Multi-Tenant Security Is More About the Neighbors Than the Model
- Multi-Tenancy Requires More Than Just Isolating Customers
- Architectural Multi-tenancy
- Network Security Does Not Imply Application or Database Security
- What is Network-based Application Virtualization and Why Do You Need It?
- Cloud Security – One Size Does Not Fit All
- What People REALLY Mean When They Say “THE Cloud” Is More Secure…
- I, Cloud
- You Can’t Have IT as a Service Until IT Has Infrastructure as a Service
- Risk is not a Synonym for “Lack of Security”
- The Corollary to Hoff’s Law