Traditional SaaS Multi-tenancy architectures emerged as a cost-effective architecture for providers. However, with the explosion of cyber security and the importance of performance and data control, next generation Multi-instance environments are the emerging as clear winners to reduce cyber risks, improve mission availability, ensure compliance and minimize downtime. The cyber-attack on SolarWinds’ Multi-tenant solution is a prime example.
SaaS is all around us!
To say cloud computing and Software as a Service (SaaS) have changed the way businesses operate today is an understatement. Enterprise-level organizations use an average of 177 SaaS applications. Even small businesses use an average of 16 SaaS apps.
Source – BetterCloud State of SaaSOps Report
With more people working remotely in hybrid work environments or as part of a distributed workforce, accessing software through the internet using SaaS platforms has become standard procedure. From spreadsheets, project planning and file storage to Customer Relationship Management (CRM), payroll processing, and other accounting tools, nearly every business is now using SaaS solutions to work efficiently.
For businesses concerned about security and performance, it is important to understand how your SaaS platform is managed and delivered, particularly in light of the increasingly challenging cyber threat landscape. Multi-Instance SaaS provides higher security protection and guaranteed data isolation with separate instances of the software application for each customer.
Multi-Tenant vs. Multi-Instance Architecture
SaaS providers build and run applications on cloud infrastructure like AWS and Azure. Many SaaS platforms traditionally used multi-tenant architecture, sharing the same software, infrastructure, and data storage across all customers. Customers rent access to the services, effectively making them a tenant of the SaaS provider. Data is stored in a shared database in the same environment along with data from other customers. The key driver for this architectural approach was to reduce costs for the SaaS provider.
With the latest multi-instance architecture, customers have their own instance of the software and their data is stored in a dedicated database separate from other customers. There is no co-mingling of data.
Think of a multi-tenant environment as an apartment complex where tenants rent apartments in a shared building. Multi-instance is like renting the whole building, which is secured and separate from your neighbors.
While there are many providers using both types of cloud architecture, multi-instance architecture environments are on the rise as they provide significant benefits for companies concerned about high levels of security, performance, flexibility, compliance, and scalability.
5 Key Benefits of Multi-Instance SaaS Environments
In multi-instance architecture, your data is fully protected in an isolated database. Your data is not co-mingled with data from other organizations. This provides a higher level of security in case of a breach. In a multi-tenant environment, when a platform is breached, it is much easier for bad actors to move laterally from one organization to the next since they are already inside the environment.
In our apartment analogy, it would work like this; if someone leaves the entrance to an apartment building unlocked, a thief could go apartment by apartment looking for a way into individual apartments. With multi-instance, access to one instance doesn’t allow them a pathway to another instance.
The SolarWinds attack is a good example of how cybercriminals and bad actors can leverage multi-tenant environments. Since the attack occurred on a multi-tenant architecture with multiple customers sharing the same software instance, attackers were able to gain access to multiple networks through a single attack vector. Hackers inserted malicious code into SolarWinds code that went undiscovered. As software upgrades were rolled out to tenants, the malicious code was also shared, allowing hackers to infect the systems of some 18,000 customers, including Fortune 500 companies and multiple government agencies.
Improved Performance and Reliability
With multi-instance architecture, each customer is running in their own instance. There’s less competition for resources, which results in faster response times and fewer performance issues.
Multi-instance also tends to provide higher availability and reliability. In a multi-tenant environment, any outages, maintenance downtime, or service interruptions affect every tenant. Multi-instance architecture separates instances from other users, reducing potential disruptions and producing some of the highest availability rates in the industry.
Most SaaS platforms replicate customer data at a geographically-diverse location. With multi-instance infrastructure, any affected workloads can be automatically failed over to the secondary location to mitigate downtime without impacting other customers.
Better Flexibility and Customization
When every SaaS customer is using the same multi-tenant software, it’s more challenging to provide customers with flexible configurations. With multi-instance environments, the SaaS software, configuration and database are only being used by one customer. This allows for deep customization and personalization for each customer. Multi-instance environments can also be upgraded one at a time, so it’s easier to schedule any downtime or training needed for new features when it suits the customer.
For businesses that have strict compliance regulations, multi-instance SaaS is a great option. Each software instance and database is isolated, helping organizations comply with industry or regulatory requirements. For example, security policies can be customized for each instance, allowing for more stringent controls to meet PCI DSS, HIPAA, CCPA, GDPR, SOX, and other compliance regulations.
Since each instance can be scaled independently, organizations can quickly add or remove compute resources as needed. Since customers have dedicated infrastructure for their SaaS applications and storage, they have more control over resource allocation. For example, companies can add more instances (horizontal scaling) or allocate additional resources (vertical scaling) depending on business needs.
Why Aren’t More SaaS Platforms Multi-Instance?
With so many benefits, you may ask why so many SaaS providers still operate with multi-tenant environments. The simple answer is cost. It’s more economical for SaaS providers. Multi-tenant SaaS providers can share resources across more customers, pooling demand and sharing workloads. Spreading multi-tenant workloads across racks of low-cost servers achieves an efficiency of scale. This works well for providers but does not deliver the benefits of multi-instance environments for customers.
Today, some providers offer a hybrid architecture, running application servers as multi-tenant environments and isolating databases in a single-tenant, called an isolated tenancy, that is virtualized across a multi-tenant architecture. While this does prevent the co-mingling of data, it still relies on a shared environment and does not provide the level of security and performance SaaS users get in a multi-instance architecture.
Leverage Multi-Instance Architecture
Multi-instance environments provide significant benefits over multi-tenant architecture, especially when it comes to privacy, security, compliance, and performance. Organizations that want more customization and granular control over policy administration find that multi-instance architecture delivers the solution they need.
For organizations that process high volumes of invoices and automate procure-to-pay processes, a multi-instance solution provides the highest levels of security, scalability, performance, and more — making it a compelling and robust solution.