Stanton Jones

In a World of Multi-tenant Platforms, Trust, but Verify

Many of you will recall one of President Ronald Reagan’s signature phrases, “Trust, but Verify.” Although not directly attributable to Reagan (it’s actually based on a Russian proverb), Reagan used this statement extensively to describe negotiations with the Soviet Union in the 1980s. The crux of the proverb: Consider information reliable, but perform additional research to verify.

The same advice has been used for years for buyers of information technology (IT) services. Buyers generally consider information in a request for proposal to be reliable, but as part of the agreement, clients build in audit rights to ensure the provider is adhering to the unique security requirements that were dictated as part of the contract.

This model has stood the test of time for one primary reason: Services have been built to specifications using dedicated hardware and software uniquely configured to meet the client’s security requirements. Because the services are dedicated to the client, there is (usually) no technical or contractual reason that the buyer can’t physically and/or logically audit the services.

The traditional “Trust, but Verify” model looks like this:

Indvidual Audits

Enter multi-tenant cloud platforms. In this delivery model, the services are shared across thousands of clients (also known as “tenants”). Their data is isolated from other clients’ data using software, rather than hardware, resulting in clients sharing the same cage, rack and even server. Although this delivery model creates significant economies of scale for the provider, and enables much faster time-to-market for the client, it also creates a dilemma: How can a client audit the environment when it’s shared with other tenants? This question usually focuses around two major areas of concern for the provider:

  • If I let a client try to break/break-into the service, that client may interrupt the service for other tenants, resulting in missed service levels.
  • If I let a client enter the cage where that client’s tenant resides, I am likely to breach the confidentiality agreements of other clients.

In the world of multi-tenant services, the Trust, but Verify model still works; the way buyers verify, however, is very different:

Shared Audits

In the new model, providers identify relevant industry standards and frameworks they choose to audit themselves against (e.g. SOC1, SOC2, ISO 27001, PCI) and hire external auditors to provide an attestation or certification against said standards and frameworks. The provider then shares these results to clients, usually under nondisclosure agreements, at regular intervals.

Although this all seems quite reasonable, it’s an epic shift for enterprise IT buyers who are accustomed to 1) dictating security requirements and 2) auditing those requirements themselves. This is especially the case with large enterprises that bring 50,000 to 100,000 users to a service provider. Until now, when a prospect came to the table with this sort of quantity, providers would do anything needed to win the business — including adopting to, and being audited under, the client’s unique security requirements.

This shift is still just in its infancy, but leading cloud providers are turning up the heat on enterprise buyers as they win more business under their standardized terms. The key message here: Make sure you trust who’s doing the verifying.

Stanton Jones

About Stanton Jones

Stanton Jones helps ISG clients rationalize and capitalize on emerging technology services within the context of the global outsourcing market. Stanton uses his unique background in both IT and outsourcing advisory services to bring a new and unique perspective to ISG clients. Prior to his analyst role, Stanton led corporate technology strategy and global IT operations as TPI’s Chief Information Officer. Stanton played a key role in leading the transition of TPI into a publicly-traded unit of ISG. You can find Stanton on Twitter, Linkedin and Google Plus.


  1. Evaluating Cloud Services? Make Sure You’re SOC Savvy | Consider the Source - August 27, 2013

    […] Remember that if you’re in the market for cloud services, especially multi-tenant cloud services, providers may not let you audit them directly. So, do you want to buy cloud services that 1) have not been audited by a third party and 2) you […]

  2. Revenue Growth Defeats Multitenancy in Most Recent Cloud Battle | Consider the Source - November 22, 2013

    […] multitenant deployment models are not without challenges. The shared nature of these platforms creates significant security and compliance challenges for enterprises that are accustomed to dictating security and compliance requirements to their […]

Leave a Reply