In particular, Babcock supports multi-tenant, shared cloud computing , which some executives fear has weak security. “To me, Salesforce.com and other SaaS vendors have established the legitimacy of the multi-tenant model. If it didn’t work, we’d be hearing constant complaints about compromises of data and loss of business,” wrote Babcock. “The question of whether it can be made safer than it is, however, I would answer at face value, ‘of course it can.’” [emphasis added]
While it may be argued – and argued well – that “SaaS vendors have established the legitimacy of the multi-tenant model” they have done so only for the SaaS multi-tenant model. The (in)security of SaaS or IaaS does not imply the (in)security of multi-tenancy in other models because they may be (and often are) implemented in entirely different ways.
If none of the “aaS” are the same (and they are not) then neither are the multi-tenant models they employ – if they even employ such a thing. The multi-tenancy requirements of infrastructure and systems – the ones that make up PaaS and IaaS – are necessarily implemented in myriad ways that do not mirror the database-configuration-driven methodology associated with SaaS vendors. Multi-tenancy in a Load balancer, for example, is not implemented using a database and it is, in part, the security of the database system in a SaaS that provides those offerings with a measure of its security.
Using SaaS as the poster-child for cloud security is, to quote Hoff, intellectually dishonest or the product of ignorance.
Almost all of these references to "better security through Cloudistry" are drawn against examples of Software as a Service (SaaS) offerings. SaaS is not THE Cloud to the exclusion of everything else. Keep defining SaaS as THE Cloud and you're being intellectually dishonest (and ignorant.)
Multi-tenancy in an IaaS environment is necessarily more complex than that of a SaaS environment. Unless you really believe that Salesforce.com is not only providing isolation at the application layer but also divvying up the network into VLANs and applying ACls on every router on a per customer basis. I didn’t think you did.
Yet this level of “security” is what it takes at an IaaS layer to provide a secured, multi-tenant environment. Multi-tenant means different things in different deployment models, and one cannot equate SaaS multi-tenancy to IaaS multi-tenancy. Well, you can, but you’d be very, very wrong.
Multi-tenancy is the ability to support multiple “tenants” on the same solution while providing isolation, individual configuration and security for each customer. In an IaaS environment this is not necessarily achieved on the device but is instead often realized through an architectural approach. When the network is involved isolation and security of a complete flow of data is achieved not by configuration settings in a database, but through the use of protocols designed to segment and isolate while routing data through the network. Protocols are not inherently multi-tenant; they are the means by which some forms of multi-tenancy can be (and are) implemented.
But the use of protocols and architecture to achieve multi-tenancy is in no wise related to the multi-tenancy of a SaaS environment. In an IaaS environment providers are concerned with multi-tenancy at the network and infrastructure layer. There are not required to provide this same capability for applications, except where server infrastructure is concerned. SaaS providers, on the other hand, may or may not be concerned about the multi-tenancy of the network and are instead concerned only with the application that is being delivered.
With such very different models and concerns for the provider, it is impossible to apply the (in)security of one model to another. SaaS may be in fact very secure, but that says nothing about an IaaS provider, and vice-versa.
Any such arguments attempting to imply the security of PaaS and IaaS by pointing at SaaS implementations are nothing less than equivocations, and are simply illogical.