More and more organizations are moving towards a cloud-first strategy where they look to move their on-premises applications to SaaS offerings. This is especially true for customers looking to streamline their on-premises Identity Governance and Administration (IGA) application via a move to the Cloud. One of the things you will notice when you begin to evaluate your options is that various IGA vendors will be trying to differentiate themselves by explaining why their approach to SaaS is better than their competitors. This will often include a discussion of multi-tenant vs single-tenant infrastructure. This leads to the following questions:
- What does multi-tenant and single-tenant SaaS really mean?
- What are the benefits of single-tenant SaaS for IGA?
- Which option best meets your IGA needs?
What does multi-tenant and single-tenant SaaS really mean?
AWS defines the “classic definition” of a multi-tenant SaaS application as a product service that shares all its resources (compute and storage) with all customers. But, interestingly, AWS notes that variations of this are common in SaaS architectures where a vendor might selectively share or silo parts of their SaaS solution. For example, they may share one unified onboarding, identity, metrics, billing, and operational experience while maintaining a dedicated collection of resources for each customer. It is also important to note that both multi-tenant and single-tenant approaches derive operational efficiencies and cost savings from modern DevOps tooling such as Docker, Kubernetes, Kudos and similar technologies. Because of this, AWS suggests moving away from using multi-tenancy to characterize a solution as SaaS. Instead, they suggest, “it makes more sense to refer to any SaaS system that is managed and operated collectively as being multi-tenant.”
A single-tenant SaaS application, when compared to the “classic definition” of a multi-tenant one, can be defined as a product service built to serve a single customer. In this model, a customer has a dedicated SaaS instance of the product service. It does not share its compute power or storage with any other customer. Their data is physically isolated and protected.
We are thus led to ask, is a multi-tenant SaaS the only way to go for IGA, or are there benefits of using a single-tenant SaaS?
What are the benefits of single-tenant SaaS for IGA?
1. Data Isolation: Physical (not just logical) separation of your data from that of other customers. While encryption can be used to provide a similar result, isolating a customer’s data to a physical tenant provides a physical, not just a programmatic, barrier for security.
2. Management: Customers have greater flexibility and control of configurations and customizations.
3. Updates and Upgrades: Updates and upgrades are performed by the vendor for each individual customer without impacting others. These are scheduled with the customer to meet their specific needs and requirements.
4. Interruptions: Reduced risk for many customers to be affected by an outage. By keeping customer environments isolated to a single tenant, only that customer is affected in the event of a tenant failure
5. Performance and Scalability: By taking advantage of modern cloud computing services, customers benefit from a highly available environment that automatically scales based on workload demand.
6.Easier migrations to the cloud: A single-tenant SaaS that is built upon the same architecture as a customer’s on-premises IGA can lead to an easier and faster migration to the cloud. Customers can leverage their existing knowledge, experience, and configuration during their migration.
Which is best meets your IGA needs single-tenant or multi-tenant?
The best option to meet your IGA needs should not be based on what architecture or technology a vendor chooses, to build their solution, but rather on what benefits the solution provides to you. Cloud technologies and vendor architectures will continue to evolve over time. What matters most is an IGA solution that is flexible to meet your unique needs, is scalable and dependable, provides the lowest risk and greatest security, delivers the greatest value for your investment, and offers you the greatest choice today and in the future.