Blog Posts

The risks become manifold when considering multi-tenant cloud instances because they are exposed to:

1. Side-channel attacks - These exploit weak authorization mechanisms and compromise otherwise confidential information.
2. Tenant interference - Malicious tenants, misuse the shared environment by bandwidth and traffic monitoring to launch attacks on other tenants.
3. Virtualization complexity - The highly complicated virtualization layer is often compromised, making it almost impossible to secure the underlying infrastructure (virtual machines).

With these risks looming, it's essential to be proactive in securing a multi-tenant environment.

• Isolate the Resources

First things first, why isolate the resources? The answer lies in the ease of exploitation facilitated by the multi-tenant architecture itself. Consider this; attackers often monitor the network and practice brute force. A multi-tenant architecture only makes it easy for them to succeed in their endeavors by allowing residence in neighboring virtual machines. Such proximity paves the way for side-channel attacks.

Hence, resource isolation becomes imperative to tackle the noisy neighbor problem and keep the performance intact. Following are some of the core isolation strategies as suggested by AWS.

1. Silo Isolation - This strategy is aimed at encapsulating the technology stack of a tenant, which means it stifles access to other tenants' resources. Naturally, the noisy neighbor is resolved since the malicious tenant’s impact is significantly reduced due to the dedicated environment being facilitated to each tenant. This is particularly useful for SaaS ISVs that promote isolation, for they are now equipped with the strategy to impose stringent security constraints around a tenant's operational stack. The only thing of concern here is cost, which multiplies due to a dedicated environment. To an extent, scalability also becomes an issue. Although, these can be warded off through streamlined deployment.
2. Pool Isolation - This strategy aims to isolate while providing the abilities to scale and perform self-healing. The basic strategy can guide tenants to share a specific pool of physical or virtual servers, but the underlying operating system and application are specific to each tenant. Security is tightly controlled and restricted by the isolation mechanisms, but there's no denying that this strategy is complex to implement. An expert deployment partner is, thus, highly recommended.
3. Bridge Isolation - The Bridge model is the combination of both Silo and Pool Isolation models. Here, the only difference is the extent of the encapsulation, which allows tenants to share the resources but only at the web tier. The underlying application tier is separate, meaning that the business logic and granular functionalities are fully isolated.

• Implement IDS and IPS

Another strategy that's highly recommended is the deployment of intrusion detection systems (IDS) and intrusion prevention systems (IPS). IDS can be used to detect possible system faults and malicious attempts. IPS, on the other hand, acts as a security guard at the entry points of a network.

As such, IDS can be employed in segregation, i.e., host-based IDS can be placed for internal monitoring of the use of resources. Through such monitoring, it can notify the administrator of any erroneous thread allocations. Alternatively, network-based IDS can be employed to detect unauthorized attempts at connecting to a network. In order to monitor the entire traffic, it can be used as a universal IDS.

While the employment of IDS and IPS is paramount, it doesn't imply that it's a comprehensive solution to the multi-tenant cloud security problem. Multi-tenancy isolation, as explained previously, still needs to be meticulously implemented in the deployment architecture.

• Ensure Privileged Account Management

Overall, it's crucial to manage the ecosystem via regular practices to prevent unauthorized attacks on shared cloud instances. For instance:

1. Multi-factor authentication across all accounts should be maintained to ensure that only authorized users can access the hosting environment and that the resources are allocated only to the users who have a need for using them (dynamic allocation facilities provided by cloud platforms like AWS and Azure make this practically easy to implement).
2. Account credential reuse attacks are rampant in an environment where multiple tenants are housed. For that reason, there needs to be a policy, which bans the same user accounts across multiple tenants and requires each tenant to establish its own account credentials.
3. Administrator privilege management is essential for those administrators who have an elevated level of privileges. To that end, the extent of the privileges should be clearly defined and documented to avoid privilege creep, a situation that could lead to unforeseen repercussions.