IAM is an important capability of any cloud-native application. This problem is exacerbated for those organizations that adopt multi-tenant architectures on the cloud and that require the management of user identities and access control across more than a single tenant.
Given that cloud-native systems are unique in terms of multi-tenancy and identity management, this article will look at these challenges. Nevertheless, it covers microservices servers and such, increasing the complexity. It also covers some issues, such as tenant isolation, authentication, authorization, privacy, and compliance.
Finally, we discuss the latest approaches, such as role-based access control, attribute-based access control, and risk-based/risk-based authentication, that may overcome some of these challenges. Alongside this, we analyze the use cases in which decentralized identity management across tenants can be obtained with technologies like blockchain and self-usury identity.
By the end, you will have a clear understanding of multi-tenant identity and security pitfalls to avoid while designing highly scalable cloud native identity management systems.
Growth of Multi-Tenant Cloud-Native Systems
According to C&W Business, more than 85% of organizations will adopt a multi-tenant approach while deploying business applications on the cloud. The benefits are obvious – multi-tenancy enables higher utilization of resources, easier administration, and lower costs for vendors.
No wonder then that multi-tenancy has become the de facto standard for delivery of cloud-native SaaS applications as well. Salesforce, Workday, ServiceNow, and NetSuite have been leading providers to achieve great scale by serving the same hardware resources to multiple tenants.
However, the highly distributed nature of modern cloud-native applications brings its unique set of challenges. Microservices architecture, serverless platforms, and the use of containers & orchestrators like Kubernetes lead to highly complex systems spread across IaaS, PaaS, and SaaS layers.
This also increases the number of external users and identity stores that need to be managed. Throw in DevOps practices like continuous delivery (CD) and infrastructure as code (IaC), and you have the recipe for increased identity security threats.
According to a survey by Gartner, nearly two-thirds of organizations have already adopted DevOps and plan to onboard more cloud-native applications over the next years. However, most companies also feel vulnerable to security risks stemming from misconfigured infrastructure and application changes.
It’s no wonder industry experts have referred to identity management as ‘the permanent problem area’ for cloud adopters. Without robust access controls and activity monitoring, cloud-native environments can become easy targets for hackers and malicious insiders.
So, what makes identity management so challenging in cloud-native multi-tenant architectures? Let’s examine some key pain points:
Managing Scale
Cloud-native apps’ dynamic nature allows them to scale rapidly to serve increasing users. For example, a SaaS firm like Salesforce supports 150,000+ tenants and billions of transactions daily.
At this scale, managing so many tenants and users, as well as their access privileges, roles, passwords, API keys, etc., becomes a management nightmare. The problem is exacerbated if tenants have millions of users.
Tenant Isolation
One of the fundamental requirements of multi-tenancy is tenant isolation, i.e., tenants should not have access to each other’s data. E.g., Tenant A users should only access Tenant A data and not Tenant B’s.
However, in practice, weaker isolation controls often lead to leakage across tenant barriers. A misconfigured access rule or application flaw may expose tenant data to unauthorized users.
Securing Inter-Service Communication
Cloud-native apps comprise multiple independently deployable microservices. These services need to communicate frequently to exchange data, trace requests etc.
Securing this inter-service communication is vital to prevent eavesdropping of sensitive user data. However, configuring independent identity providers (IdP) and the secrets of each service makes scale challenging.
Authentication & Authorization
With users, devices and services scattered across different domains, authentication and authorization become tricky.
To log in, users may need to authenticate via social media identities like Google, Facebook, Twitter etc. These external IdPs make user lifecycle management more complex.
Authorizing user access requests also becomes difficult in case of temporary privileged access, e.g., admin rights to troubleshoot the issue in a staging environment.
Regulatory Compliance
Strict access control and audit trails of user activity are required by data privacy regulations such as GDPR and CCPA.
They complicate generating logs and reports to support regulatory auditors of cloud-native apps spread across multiple geographical regions and IDs. Sound compliance controls are important.
Attack Surface Risks
The distributed nature of cloud-native application surface increases vulnerability risks:
Exposure of APIs to the internet makes them an attractive target for attackers
Increased human access points via devices/users amplify insider threats
Frequent infrastructure/app changes due to CI/CD may weaken security configurations
Together, these factors greatly expand the attack surface,e making access management more critical.
Key Identity and Access Management (IAM) Capabilities Needed
Clearly, the unique nature of multi-tenant cloud-native apps requires rethinking identity access management. Some of the must-have capabilities include:
Centralized Identity Governance
A unified control plane is needed to manage identity lifecycles across the entire heterogeneous environment, not covering users, devices, services, AP, and more.
It should act as a single policy administration point to streamline identity governance across multiple tenants.
Fine-grained Access Controls
Rather than each user being given blanket access to all resources, granular access policies must be applied to grant access privileges to users based on identity attributes, roles, risk profiles, etc.
For instance, you can only allow users who are part of that tenant to access tenant data based on the “tenant_id” attribute in their profile.
Inter-service Identity Federation
A standard common-based identity federation layer is needed to enable smooth inter-operation of different microservices from different domains.
OAuth 2.0 and OpenID Connect are open protocols in that different services can trust each other’s identities and access tokens.
Continuous Adaptive Authentication
Cloud-native apps need a better authentication scheme than static schemes, such as one-time passwords. Stepped-up multi-factor authentication may be warranted depending on the access context, user risk profile and operation sensitivity.
Holistic Security Across Environment
It’s important to use ‘identity’ as the common control plane across users, devices, services, containers, APIs etc., to link and manage security policies holistically across the entire heterogeneous environment.
Detailed Activity Audit Trails
Information about all user, service and admin activity needs to be continuously observed to maintain detailed activity trails for security analytics, investigations and compliance audits.
AI/ML-powered Threat Protection
Automation of identity and access baselining is needed for behavioral analytics forged with AI/ML. The potential threats can be thwarted, and early anomalies can be detected.
Automated Remediation
Machine learning can also help solve the correlation between threats and historical incidents, enabling automatic response actions like closing the affected user, blocking the affected IP, isolating the individual container, etc., to prevent the spread of the possibility of attack.
Emerging Approaches for Multi-Tenant IAM
Many identity vendors now offer access management solutions specifically for cloud-native environments. They leverage the latest standards, protocols and technologies to address the multi-tenancy challenges we discussed earlier.
Some of the emerging approaches worth highlighting are:
Attribute-based Access Control (ABAC)
To provide tenant isolation and prevent data leakage across tenants, ABAC policies are defined using various identity attributes like user department, location, role etc.
For instance, only users with the “Finance” value for the “department” attribute can access financial data records. ABAC allows building flexible contextual policies tailored to each tenant’s needs.
Risk-based Adaptive Authentication (RbAA)
RbAA is dynamic authentication that evaluates several risk indicators on each access request to select the best authentication mode.
The high-risk indicators can lead to stepping up from single-factor password to multi-factor authentication to verify the identity of the user. Machine learning is used to train risk models.
User Entitlement Management
Cloud-native IAM solutions now offer integrated identity lifecycle and entitlement management. This allows for the automatic management of user access privileges based on their dynamic attributes and roles.
Any change is reflected instantly across all connected systems to prevent the accumulation of stale entitlements over time.
Identity-based Application Access
Modern IAM systems allow securing access to applications based on user identity rather than just IP, VPN or network. This projects user attributes and access context directly to apps for consistent policy enforcement.
Identity-centric Security Automation
Identity context is key for leading IAM vendors in connecting security tools such as cloud access security brokers (CASB), firewalls, SIEM, etc., to form a chorus that responds to threats together across hybrid cloud environments.
Decentralized Identity on Blockchain
At the same time, blockchain-based self-sovereign identity models are emerging as an alternative to traditional centralized identity stores. On the blockchain, users can control their digital identity and interact securely with multiple tenants.
Confidential Computing for Cloud
Confidential computing technologies like Intel’s SGX allow data to be encrypted/decrypted while being used to secure cloud apps. This protects against malicious insiders in multi-tenant environments. Azure, AWS and IBM Cloud now offer confidential VMs.
Conclusion
It is clear that multi-tenancy in these cloud-native environments brings unique identity and security challenges that the normal IAM models are not equipped to address. Cloud-native resources are highly dynamic, use distributed topology, and are ephemeral, so they need an overhaul.
Promising avenues include emerging technologies around blockchain, confidential computing combined with ML-driven adaptive access controls and automated remediation. And with cloud-native adoption accelerating, good identity management is going to be a certainty in reducing the attack surface to the bare minimum.
This means that organizations can make the best usage out of scale and agility benefits of the cloud-native apps, as well as deliver trusted digital services to customers across multiple tenants.
Leave a Reply