Managed Service Providers (MSPs) and Managed Security Service Provider (MSSPs) have a stressful job. They must provide cybersecurity solutions to their clients, protecting them from a broad and growing range of threats, and ensure their customers’ networks, equipment, data, systems, people, and reputations are insulated from malicious forces.
Whether threats are internal or external, using a process of multitenancy, it is possible to support a large number of vulnerable attack surfaces that can be monitored and protected using the same platform and software for all clients.
The key is to fully partition each instance to avoid intermingling, which can heighten risks.
MSPs, MSSPs, and large global enterprises with multiple business units in different geographies can streamline their security supervision by amalgamating resources into one system that monitors both management and operational activities simultaneously.
The benefits of “buying it once, and selling it many times” include reduction of training, as analysts and admins learn it once and can apply it over multiple projects, accurate and efficient security management when tenants can be broken down into sub-tenants to obtain a more granular level of control, finer grained definition of role-based controls to manage all levels of access permission for each user defined in the system, and remote control of all platform functionality and data, a critical feature of any multi-tenancy management infrastructure as more employees work remotely.
Providing MSP, MSSP, and large enterprise IT management through a multitenancy access platform is the most efficient way to supply a robust cybersecurity defense.
The approach reduces the levels of manpower that have traditionally been employed in providing blanket cybersecurity protection, while offering the best possible threat management available.
In the case of the Privileged Access Management (PAM) and Privileged Identity Management (PIM) use case, we caught up with Orhan Yildirim, CTO of Ironsphere, which offers multitenancy solutions to their partners and clients.
“Large enterprise IT departments and managed service providers who aim to implement a Privileged Access Management (PAM) solution often choose to implement it per business unit, or per customer, which requires setting up different instances of the same application, consuming additional resources for every deployment,” Yildirim explained. “There is an easier way, when the PAM platform is architected to support multiple instances, creating secure, partitioned domains that ensure even greater security, and automation of the process.”
Important aspects, according to Yildirim, include protecting privileged accounts, privileged user access, segregation of duties, and logging of user sessions, to ensure that privileges are used only for legitimate business purposes.
“Multiple isolated and virtually separated services can serve multiple departments in an organization, or in different organizations, as if they have their own dedicated instance,” Yildirim said.
Yildirim provided several use cases:
- Organizations operating in different countries, with regional units managed autonomously, where each region needs to implement PAM for multiple instances
- Managed service companies, with logically separated business units to support different customer operations
- Manufacturing companies, with geographically dispersed and autonomously managed production facilities, requiring separate and dedicated PAM instances for every production facility
- Companies with a growth strategy based on Mergers and Acquisitions, or holding companies with a large portfolio, may require a PAM solution for each acquired company, or subsidiary
- Service providers who must manage incidents across different customer instances, while maintaining separate instances, in line with the agreed upon SLAs for customer retention
“Deploying separate distances for every group of users (business units, different customers) brings up some limitations, including maintenance complexity, scalability, lack of visibility and control, and inefficient use of resources required to manage different instances of the same application,” Yildirim said. “Tenants must be logically isolated from each other, and each tenant’s data must remain invisible to other tenants, with a separate schema created on the database for every tenant, ensuring data security.”
Innovations in multitenancy solutions for MSPs, MSSPs, and large enterprises are allowing teams to manage the entire life cycle of a security threat.
By aggregating vast amounts of information into a single view, multitenancy architectures also bring new advantages, when more data is collected and can be analyzed; insights for that analysis can further enrich the ability of the IT and OT teams responsible for protecting assets, whether they are in-house or service providers, to continually improve how they detect and manage threats.
Edited by Luke Bellos