{"id":13864,"date":"2022-08-09T09:27:17","date_gmt":"2022-08-09T09:27:17","guid":{"rendered":"https:\/\/blog.cloudthat.com\/?p=13864"},"modified":"2024-06-25T10:55:56","modified_gmt":"2024-06-25T10:55:56","slug":"security-practices-designing-aws-multi-tenant-saas-environment","status":"publish","type":"blog","link":"https:\/\/www.cloudthat.com\/resources\/blog\/security-practices-for-designing-aws-multi-tenant-saas-environment","title":{"rendered":"Security Practices for Designing AWS Multi-Tenant SaaS Environment"},"content":{"rendered":"<table border=\"0\">\n<tbody>\n<tr>\n<td>\n<h2><span style=\"color: #000080;\"><strong>TABLE OF CONTENT<\/strong><\/span><\/h2>\n<\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#introduction\">1. Introduction<\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#advantages\">2. Advantages of Multi-tenancy Applications<\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#saas\">3. SaaS Application Security Considerations<\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#conclusion\">4. Conclusion<\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#aboutcloudthat\">5. About CloudThat <\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#faqs\">6. FAQs<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h2 id=\"introduction\"><strong><span style=\"color: #000080;\">Introduction<\/span><\/strong><\/h2>\n<p><span style=\"color: #000000;\">The multi-tenant architecture enables multiple users to share a single instance of a software application and the AWS resources. A tenant can be an individual user, but most frequently, it is a group of users \u2013 such as a customer organization. The customers will share the common access and privileges within the application instance. Each user&#8217;s data is isolated and invisible to other users sharing the application instance, data security, and privacy for all the users.<\/span><\/p>\n<p><span style=\"color: #000000;\">Tenants are associated with the customized policies for the shared resources, liking controlling which user must access the resources.<\/span><\/p>\n<h2 id=\"advantages\"><strong><span style=\"color: #000080;\">Advantages of Multi-tenancy Applications<\/span><\/strong><\/h2>\n<ol>\n<li><span style=\"color: #000000;\"><strong>Scalable<\/strong>: Resources are added and removed by the users when required. It is very flexible with the requirement.<\/span><\/li>\n<li><span style=\"color: #000000;\"><strong>Cost-effective<\/strong>: It is cost-effective because the multiple tenants use the shared resources. Users are billed only for their use. Cloud hosts take care of staff and maintenance and onboard new users.<\/span><\/li>\n<li><span style=\"color: #000000;\"><strong>Secure<\/strong>: Multitenancy is good at threat detection, and tenant data is isolated. Customized policies are applied to the shared resources.<\/span><\/li>\n<li><span style=\"color: #000000;\"><strong>Better use of resources<\/strong>: Multitenancy use the infrastructure in a better way. Multiple users access a single instance instead of limiting it to a single user.<\/span><\/li>\n<li><span style=\"color: #000000;\"><strong>Maintenance free<\/strong>: The host will handle the maintenance, updates, and upgrades related to the infrastructure.<\/span><\/li>\n<\/ol>\n<h2 id=\"saas\"><span style=\"color: #000080;\"><strong>SaaS Application Security Considerations<\/strong><\/span><\/h2>\n<p><span style=\"color: #000000;\">Security is one of the major concerns for all types of applications. It is one of the significant considerations while deploying the<\/span> <a href=\"https:\/\/blog.cloudthat.com\/understanding-paas-vs-saas-vs-iaas-detailed-differences-and-use-cases\/?utm_source=blog-website&amp;utm-medium=text-link&amp;utm_campaign=\/understanding-paas-vs-saas-vs-iaas-detailed-differences-and-use-cases\/\" target=\"_blank\" rel=\"noopener\"><strong>SaaS application.<\/strong><\/a> <span style=\"color: #000000;\">Securing SaaS applications in an environment where multiple tenants share is challenging. Multi-tenant application has unique security considerations when compared to single-tenant applications. Multi-tenant applications must concentrate on an additional layer of security.<\/span><\/p>\n<ul>\n<li><span style=\"color: #000000;\"><strong>Identity:<\/strong><\/span><\/li>\n<\/ul>\n<p><span style=\"color: #000000;\">Single tenant accesses SaaS application through a web application or API. Each user is uniquely identified and associated with the authentication information such as email address, name, and role. The tenants are also defined as a group of one or more users with the same privileges to access the application. Roles assigned to the tenants may differ from other tenants.<\/span><\/p>\n<p><span style=\"color: #000000;\">When a user tries to access the application, the user must provide the tenant details alone with the authentication details. The application will verify the information and makes the authorization decision.<\/span><\/p>\n<p><span style=\"color: #000000;\">There are two techniques in a SaaS application: Using an identity provider (IdP) and Authorization in a token.<\/span><\/p>\n<p><span style=\"color: #000000;\"><strong>Using an Identity Provider:<\/strong><\/span><\/p>\n<p><span style=\"color: #000000;\">Some web applications will store the user data in a relation DB, post the user authentication is successful, the application will issue a session ID. For the frequent request from the user, the user will pass the <strong>Session ID <\/strong>to the application and the application will make the authorization decision based on the session ID.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/saas1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-13917\" src=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/saas1.jpg\" alt=\"SaaS\" width=\"678\" height=\"396\" \/><\/a><\/p>\n<p><span style=\"color: #000000;\">Each request usually results in at least one database cache look-up, creating a bottleneck on the data store handling the user or session information.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/saas2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-13918\" src=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/saas2.jpg\" alt=\"SaaS\" width=\"687\" height=\"403\" \/><\/a><\/p>\n<p><span style=\"color: #000000;\">The identity provider issues a standardized token when the user authenticates with an identity provider.<\/span><\/p>\n<p><span style=\"color: #000000;\"><strong>Representing Identity with tokens<\/strong><\/span><\/p>\n<p><span style=\"color: #000000;\">The signed token usually represents identity. JSON web signature is often called JSON Web Tokens (JWT). The token contains several key-value pairs called claims. The identity provider issues the tokens. It also contains user and tenant information.<\/span><\/p>\n<pre class=\"theme:dark-terminal copy:false popup:false lang:default decode:true\">{\r\n\u201csub\u201d: \u201caaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee\u201d,\r\n\u201ccognito: groups\u201d: [\r\n\u201cTENANT-1\u201d\r\n],\r\n\u201ctoken_use\u201d: \u201caccess\u201d,\r\n\u201cauth_time\u201d: 1562190524,\r\n\u201ciss\u201d: \u201chttps: \/\/cognito-idp.us-west-2.amazonaws.com\/us-west-2_example\u201d,\r\n\u201cexp\u201d: 1562194124,\r\n\u201ciat\u201d: 1562190524,\r\n\u201corigin_jti\u201d: \u201cbbbbbbbbb-cccc-dddd-eeee-aaaaaaaaaaaaa\u201d,\r\n\u201cjti\u201d: \u201ccccccccc-dddd-eeee-aaaa-bbbbbbbbbbbb\u201d,\r\n\u201cclient_id\u201d: \u201c12345abcde\u201d\r\n}<\/pre>\n<p><span style=\"color: #000000;\"><strong>Sample Access Token Claims<\/strong><\/span><\/p>\n<p><span style=\"color: #000000;\">The user and the tenant the user is associated with are represented by this token. The token contains the user identification details and the tenant ID in the Cognito: groups claim. SaaS application receives a JWT as request, the application will validate the token and unpacks the data to make the authorization. Tenant context is the claims within the token set.<\/span><\/p>\n<ul>\n<li><span style=\"color: #000000;\"><strong>Tenant Isolation<\/strong><\/span><\/li>\n<\/ul>\n<p><span style=\"color: #000000;\">Tenant isolation will ensure that the data is isolated for all the SaaS applications. One tenant must not access the data or resources of another tenant access.<\/span><\/p>\n<p><span style=\"color: #000000;\">SaaS applications use three types of isolation models: Silo, Pool, and Bridge. Let us look at each one of them in detail.<\/span><\/p>\n<ol>\n<li><span style=\"color: #000000;\"><strong>Silo Deployment model:<br \/>\n<\/strong>In this model, the customer will deploy one set of infrastructure per tenant. There are some shared infrastructures for cross-tenant usage.<\/span><br \/>\n<span style=\"color: #000000;\">Example: VPC per tenant, a set of containers per tenant, or the <a href=\"https:\/\/blog.cloudthat.com\/detailed-guide-to-amazon-relational-database-service-rds-database-setup-with-phpmyadmin\/utm_source=blog-website&amp;utm-medium=text-link&amp;utm_campaign=detailed-guide-to-amazon-relational-database-service-rds-database-setup-with-phpmyadmin\" target=\"_blank\" rel=\"noopener\"><strong>RDS<\/strong> <\/a>per tenant.<br \/>\n<a href=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/saas3.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-13919\" src=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/saas3.jpg\" alt=\"SaaS\" width=\"429\" height=\"434\" \/><\/a><br \/>\n<\/span><\/li>\n<li><span style=\"color: #000000;\"><strong>Pool Deployment Model<\/strong>:<\/span><br \/>\n<span style=\"color: #000000;\">In this model, the infrastructure is shared with all the users. Tenant isolation is implemented logically in this model at the application level.<br \/>\n<a href=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/saas4.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-13920\" src=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/saas4.jpg\" alt=\"SaaS\" width=\"527\" height=\"329\" \/><\/a><\/span><br \/>\n<span style=\"color: #000000;\">In the above example, the lambda retrieves an item from DynamoDB. <a href=\"https:\/\/blog.cloudthat.com\/overview-of-migration-from-mongo-db-to-aws-dynamodb\/?utm_source=blog-website&amp;utm-medium=text-link&amp;utm_campaign=overview-of-migration-from-mongo-db-to-aws-dynamodb\" target=\"_blank\" rel=\"noopener\"><strong>DynamoDB<\/strong><\/a> is shared with all the tenants, and the tenants will need the temporary credentials to access the DB table. The credentials are shared by AWS Security token service. The certificates only allow the users to access the data in the DB that belongs to the tenant making the request.<\/span><\/li>\n<li><span style=\"color: #000000;\"><strong>Bridge Deployment Model:\u00a0<\/strong><\/span><span style=\"color: #000000;\">This model is a combination of both models (Silo and Pool). In this model, some resources are shared, and some are isolated. Choosing the isolation model depends on the customer&#8217;s requirements, industry, and compliance needs.<br \/>\n<a href=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/saas5.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-13921\" src=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/saas5.jpg\" alt=\"SaaS\" width=\"398\" height=\"341\" \/><\/a><br \/>\n<\/span><span style=\"color: #000000;\">The above diagram shows how the silo pool model is integrated, and the bridge model is formed. The web tier is deployed in the pool model, and the App tier is deployed in the silo model. All the tenants access the web tier as a pool model, and the tenants use their app tier as a silo model.<\/span><\/li>\n<\/ol>\n<h2 id=\"conclusion\"><strong><span style=\"color: #000080;\">Conclusion<\/span><\/strong><\/h2>\n<p><span style=\"color: #000000;\">In Multi-tenant SaaS applications, security is one of the significant concerns. As per the best practice, it is recommended to follow one of the security considerations for the application to be safe. Based on the requirement of the customers, the security considerations can opt.<\/span><\/p>\n<h2 id=\"aboutcloudthat\"><strong><span style=\"color: #000080;\">About CloudThat<\/span><\/strong><\/h2>\n<p id=\"About CloudThat\"><a href=\"https:\/\/www.cloudthat.com\/\" target=\"_blank\" rel=\"noopener\"><strong>CloudThat<\/strong><\/a><span style=\"color: #000000;\">\u00a0is\u00a0the official AWS (Amazon Web Services) Advanced Consulting Partner, Microsoft Gold Partner, Google Cloud Partner, and Training Partner helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build\u00a0a robust\u00a0cloud computing ecosystem by disseminating\u00a0knowledge on technological intricacies within the cloud space.<\/span><span class=\"TextRun BCX0 SCXP93070984\" lang=\"EN-IN\" xml:lang=\"EN-IN\" data-usefontface=\"true\" data-contrast=\"none\"><span class=\"NormalTextRun BCX0 SCXP93070984\"><span class=\"TextRun BCX0 SCXP59000031\" lang=\"EN-IN\" style=\"color: #000000;\" xml:lang=\"EN-IN\" data-usefontface=\"true\" data-contrast=\"none\"><span class=\"NormalTextRun BCX0 SCXP59000031\">\u00a0<\/span><\/span><span class=\"TextRun BCX0 SCXP59000031\" lang=\"EN-IN\" xml:lang=\"EN-IN\" data-usefontface=\"true\" data-contrast=\"none\"><span class=\"NormalTextRun BCX0 SCXP59000031\"><span class=\"EOP SCXP258354852 BCX0\"><span class=\"EOP SCXP66056781 BCX0\"><span class=\"EOP SCXP242272637 BCX0\"><span class=\"TextRun SCXP239778695 BCX0\" lang=\"EN-IN\" xml:lang=\"EN-IN\" data-usefontface=\"true\" data-contrast=\"none\"><span class=\"NormalTextRun SCXP239778695 BCX0\"><span style=\"color: #000000;\">Explore our<\/span>\u00a0<strong><a href=\"https:\/\/www.cloudthat.com\/consulting\/\" target=\"_blank\" rel=\"noopener\">consulting here<\/a>.<\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span style=\"color: #000000;\">If you have any queries regarding AWS multi-tenant SaaS environment,\u00a0 security best practices, or any other AWS service, drop a line below the comments section. I will get back to you at the earliest.\u00a0<\/span><\/p>\n<h2 id=\"faqs\"><strong><span style=\"color: #000080;\">FAQs<\/span><\/strong><\/h2>\n<ol>\n<li>\n<h4><strong><span style=\"text-decoration: underline;\"><span style=\"color: #000000; text-decoration: underline;\">How to decide on the tenancy model?<\/span><\/span><\/strong><\/h4>\n<\/li>\n<\/ol>\n<p><span style=\"color: #000000;\">The tenancy model does not make any changes to the application&#8217;s functionality. We must consider the application layer to decide on the tenancy model. The tenancy model may differ if the application layer is divided into components. Some application components must be treated differently regarding both tenancy and the storage technology\/platform used.<\/span><\/p>\n<ol start=\"2\">\n<li>\n<h4><strong><span style=\"text-decoration: underline;\"><span style=\"color: #000000; text-decoration: underline;\">What are the criteria for choosing the tenancy model?<\/span><\/span><\/strong><\/h4>\n<\/li>\n<\/ol>\n<p><span style=\"color: #000000;\">Following are the criteria to be considered: Scalability, Pre-Tenant cost, Development complexity, Operational complexity, and Customizability.<\/span><\/p>\n","protected":false},"author":312,"featured_media":13931,"parent":0,"comment_status":"open","ping_status":"open","template":"","blog_category":[3606,3607,4459],"user_email":"sindhuh@cloudthat.com","published_by":"324","primary-authors":"","secondary-authors":"","acf":[],"_links":{"self":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/13864"}],"collection":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/users\/312"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/comments?post=13864"}],"version-history":[{"count":1,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/13864\/revisions"}],"predecessor-version":[{"id":41190,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/13864\/revisions\/41190"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/media?parent=13864"}],"wp:term":[{"taxonomy":"blog_category","embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog_category?post=13864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}