Companies generally use multiple systems and platforms to help them manage the complex network of activities it takes to operate a business efficiently and effectively. When choosing vendors to provide those services, selecting the right partner involves a variety of considerations. One of the critical aspects that should be closely reviewed when evaluating vendors but is often overlooked is the governance and architecture they employ—specifically, the single-tenancy versus multi-tenancy model.
At its core, these technical decisions aren’t just about the backend workings of a platform or service; they can also have a profound impact on the security posture of the company purchasing the services, particularly in the Identity Access Management (IAM) space. For example, single-tenancy architecture offers a more tailored and exclusive environment, akin to a personalized suite, while multi-tenancy is like a shared workspace, and enables cost-efficiency but at the potential expense of security.
The Importance of Architecture
Many vendors provide multi-tenant architecture as their default offering because it delivers benefits like rapid scalability and reduced cost, whereas single-tenancy brings a high level of data isolation and customization as well as more control over performance and options for customization. In short, multi-tenancy can deliver cost-effectiveness and single-tenancy is known for its heightened security benefits.
In this process, evaluating and ranking the most important priorities for the company and aligning them to the desired technical environment is paramount. Understanding the associated risks and benefits involved with each architecture approach is pivotal to making an informed decision that best serves the needs of the business.
The Dilemma
Profit vs. Security. If single-tenancy is the most secure, why do some companies choose a multi-tenancy architecture? Vendors often opt for multi-tenancy to scale rapidly and save costs while serving more customers, a strategy that can sometimes be seen as prioritizing profit over more robust security.
This trade-off becomes evident when considering the potential fallout from a breach. In a multi-tenant system, a breach affects all customers under that vendor's umbrella. It's akin to a domino effect—once one is compromised the impact cascades across the board.
The Okta Breach
The recent breach at Okta highlights the critical ramifications of system architecture and self-governance on cybersecurity. In a nutshell hackers accessed Okta's support case management system using stolen credentials. Subsequently, they stole customer-uploaded session tokens, posing a substantial risk to Okta customers' networks due to their multi-tenant system architecture. Furthermore, the breach extended beyond customer data. Reports and support cases containing Okta-certified user contacts, some Okta Customer Identity Cloud customer contacts, and even partial employee information were compromised.
After initially declaring an impact on only 1% of their customers base, the company later disclosed that the breach in fact had implications for all Okta customers drawing criticism of their auditing and disclosure practices.
The fallout from breaches like this isn't just about the compromised data; it's also about the potential for misuse. After the breach Okta underscored the risk of phishing or social engineering attacks using the stolen information. This danger isn't merely theoretical; this incident joins a string of security challenges for Okta, including previous source code theft and network intrusions.
Transparency and Accountability
Another consideration is the tendency for organizations to “self-audit” with regards to their own governance efforts. A company that self-audits their own compliance and security measures can raise significant cybersecurity concerns. While companies might strive for stringent internal controls, relying solely on self-audits can create a conflict of interest and impede transparency. This self-regulation might inadvertently overlook vulnerabilities or downplay risks to maintain an outward appearance of robust security.
Independent audits conducted by external entities bring a more unbiased perspective, ensuring an impartial evaluation of a company's security practices. This external scrutiny fosters more accountability, transparency, and a higher level of confidence for customers and stakeholders, offering an objective assessment of a company's adherence to industry standards and best practices, mitigating potential risks and enhancing overall cybersecurity resilience.
Real-World Impact
The Okta breach exemplifies the potential real-world repercussions of a vendor’s security architecture choices and self-auditing on an organization’s security posture. Prioritizing cost-efficiency over security can lead to devastating effects. This reinforces the importance of proper diligence, transparency and accountability when assessing vendors.
In a cloud-first landscape where breaches can have far reaching impact, proactive security measures are paramount. Okta's breach serves as a reminder that businesses need to enhance their defenses against evolving threats not just by relying on their vendors to do the right thing but by taking charge of their own security strategies.
Asking the Right Questions
So, how can an organization best manage these risks? The answer lies in asking the right questions. When vetting vendors, don’t be afraid to delve into the details of their architectural environment and probe on their governance measures. If they have multi-tenancy architecture as a default, don't shy away from asking about the possibility of single-tenancy options. Some areas to cover:
- Architecture: Is the architecture single-tenant vs multi-tenant? If multi-tenant as a default, is single-tenant possible?
- Access Reporting: Do they report on all access that exists on downstream systems, not just Identity Provider (IDP) driven access?
- Security Controls: Do they apply the same security controls whether in dev or production environments?
- Audits and Assessments: Are regular external audits and assessments by independent entities performed to provide objective evaluations of security practices and identify potential vulnerabilities?
By proactively seeking transparency and understanding the architecture and governance nuances of vendors, a company can reduce potential risks. This type of due diligence could be the shield that protects a business from a broader impact in the event of a breach.
Selecting the Right Partner
In the realm of IAM security, the right choice transcends features and benefits—it's about safeguarding the company’s integrity. Clarity’s solution centers all decisions around customer security. We help organizations get more visibility into their environments, automate their lifecycle management, and run quick, meaningful user access reviews– without cutting corners. This means that we afford single tenancy to every customer automatically and provide transparent logging and reporting. Schedule a demo today to learn more about our approach and how Clarity can bolster your organization’s identity and access security efforts.