All Cloud Models Support Multitenancy

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.

~ NIST SP 800-145

The three service models are SaaS, PaaS, and IaaS. The four deployment models are private cloud, community cloud, public cloud, and hybrid cloud. The five essential characteristics are 1) on-demand self-service, 2) broad network access, 3) resource pooling, 4) rapid elasticity, and 5) measured service. However, NIST SP 800-145 doesn’t mention the characteristic of multitenancy, which is specified in ISO/IEC 17788.

tenant: One or more cloud service users sharing access to a set of physical and virtual resources.

multi-tenancy: Allocation of physical or virtual resources such that multiple tenants and their computations and data are isolated from and inaccessible to one another.

Multi-tenancy: A feature where physical or virtual resources are allocated in such a way that multiple tenants and their computations and data are isolated from and inaccessible to one another. Typically, and within the context of multi-tenancy, the group of cloud service users that form a tenant will all belong to the same cloud service customer organization. There might be cases where the group of cloud service users involves users from multiple different cloud service customers, particularly in the case of public cloud and community cloud deployments. However, a given cloud service customer organization might have many different tenancies with a single cloud service provider representing different groups within the organization;

~ ISO/IEC 17788

I came across the following practice question from the CCSP OPT 3rd edition, which reads: “In a private cloud deployment, only Matthew’s company would have access to any resources hosted on the same physical hardware. This is not multitenancy.” Its explanation implies a private cloud has a single tenant, and multitenancy leads to a public cloud.

I disagree with the explanation. According to the above definitions in ISO/IEC 17788, all cloud services and deployment models should support multitenancy, regardless of whether it is a private or public cloud. A tenant refers to one or more cloud service users instead of a cloud service customer organization. A single cloud service customer can have multiple tenants.

Since NIST SP 800-145, NIST SP 500-292, and the CSA Cloud Security Glossary don’t define “multitenancy,” while ISO/IEC 17788 does so precisely, I suggest we align the concept of multitenancy with ISO/IEC 17788.

Matthew is reviewing a new cloud service offering that his organization plans to adopt. In this offering, a cloud provider will create virtual server instances under the multitenancy model. Each server instance will be accessible only to Matthew's company. What cloud deployment model is being used?
A. Hybrid cloud
B. Public cloud
C. Private cloud
D. Community cloud
B. The key to answering this question is recognizing that the multitenancy model
involves many different customers accessing cloud resources hosted on shared hardware. That makes this a public cloud deployment, regardless of the fact that access to a particular server instance is limited to Matthew's company. In a private cloud deployment, only Matthew's company would have access to any resources hosted on the same physical hardware. This is not multitenancy. There is no indication that Matthew's organization is combining resources of public and private cloud computing, which would be a hybrid cloud, or that the resource use is limited to members of a particular group, which would be a community cloud.
Source: CCSP Official Practice Tests, 3rd edition

Leave a Reply