Use of multi-tenant cloud vendors vs single tenant cloud vendors

When securing your data do you prefer a deposit box (shared security) or distinct (personal) vault?

The wave of digital transformation in the life, accident and health industry has put carriers into the position of deciding which functions they should use a multi-tenant cloud vendor to support and which functions they should use a single tenant vendor to support. This can sometimes appear to be a gray area, particularly with multi-tenant front end systems that come with rules, tools and their own programming language. Based on recent industry events, I do have a concern about multi-tenant systems for mission critical application – especially in highly regulated areas like insurance core systems. It’s become apparent that there can be global effects on a number of companies using a multi-tenant application due to a single security bug. I can imagine the effect on the insurance regulatory bodies and the customer community if every employee of an insurer had access to confidential underwriting, premium billing and claims data multiplied by several carriers all impacted by the same bug. Can you even imagine the chaos? Note that this kind of problem is not a public cloud related issue in general since this kind of multi-company security fault only occurs in multi-tenant SaaS applications that do not run each customer application in a distinct instance.

Shared vs. Individual Security

I was talking with a non-technical colleague about this concern and the best analogy I could draw was a bank vault with safety deposit boxes vs a private vault company. Most banks offer safety deposit boxes which have relatively light weight security at the deposit box level but are heavily secured within a bank vault. If the vault is locked the boxes are safe and it is not easy for employees of the bank to access the boxes without the owner’s permission or a manager’s override. Private vault companies offer an actual distinct vault for each customer with its own key, of varying sizes and security level depending on need, locked in a secure but not heavily armored offsite area.

Imagine a trusted employee of the bank is in the vault upgrading the security system which rightfully requires access to all the deposit boxes through manager override. While completing the security upgrade, the employee makes an error that leaves all the boxes unlocked during the business day. Now apply this example to multi-tenant SaaS applications within the insurance industry. The implications are considerable.

Now consider the same security upgrade scenario with a single vault. The employee would need the actual owner of the specific vault he is working on to be directly involved in opening that vault for service. The likelihood of a such an error impacting multiple vaults is limited because there are measures in place to help ensure appropriate access to sensitive areas, that the door is closed upon completion of the upgrade, and the contents of the vault remain secure. If an error occurred, the impact would be limited, immediately apparent and contained to a single vault.

Multi-tenant for core financial systems

Multi-tenant applications do make sense for many applications. However, for core financial systems including insurance I would rather keep my PII with associated financial and health data in a distinct vault than a safety deposit box.

If you wish to discuss this topic or anything else related to core insurance systems, feel free to reach out. I’m happy to chat.