If all customer requests were sent to a multi-tenant service hosted on the same instance, and that instance was compromised, the resulting security incident would be extensive, and it would affect all tenants.
When using a public cloud provider and a Software as a Service (SaaS) solution with multiple tenants, data flow needs to be secure. As the cloud provider and the consumer share responsibility for security, consumers must take care not to use public-cloud services in a way that undermines data segregation or otherwise reduces our overall security.
Taking Amazon Web Services (AWS) and the Darktrace for Endpoint product as an example, each tenant receives its own container (hosted in ECS Fargate) to ensure absolute separation of data. The container has a DNS entry that is aliased to an AWS Application Load Balancer, which allows data to flow directly to an isolated, customer-specific container and service for processing. Using ECS Fargate decreases costs (as customers pay for a small fraction of container runtime) but ensures that a system breach would be isolated to a single tenant.
This technology has two important benefits:
- Potential compromises would be confined to a single tenant.
- The transient nature of this type of immutable infrastructure means that attackers must pursue a moving target.
Of course, there are many other security measures in place to prevent the compromise of an instance (container in this case) in the first place, and this technology is just one measure that Darktrace takes to protect customers from this unlikely but very serious situation.