As organizations migrate to the cloud and build new cloud-native application stacks, they face multiple accounts and subscription tenancies across different cloud providers.
This cloud sprawl naturally occurs when teams and business units work in silos, creating accounts and subscriptions without coordinated communication, or when teams create accounts for single projects.
While there can be security benefits to using separate accounts -- such as strong isolation and privilege control capabilities -- there are three major multi-tenancy security issues to be aware of.
1. Lack of visibility into accounts
Using multiple accounts and subscriptions can incur issues with visibility into account and subscription configurations and asset inventory, along with monitoring challenges. Major PaaS and IaaS cloud provider environments offer logging and cloud-native monitoring tools, but these tools tend to be isolated to their respective accounts and lack centralization for a consolidated view. Plus, it's likely security teams will not know about all new accounts that crop up, furthering this lack of visibility management.
The key to managing sprawl and thus improving visibility is a dedication to cloud governance and account discovery efforts across all teams building cloud infrastructure, documentation of accounts and assets, and the use of centralized tools, such as cloud security posture management, to help consolidate monitoring and configuration control.
2. Overallocated privileges
Managing complex privileges in single-cloud tenancy is complicated and challenging, let alone in multiple tenancies. All assets and services have permissions, users and groups to control. Having multiple accounts and subscription tenancies can result in overallocation of privileges and inconsistent assignment of privileges to service accounts, assets within each account, and linked privilege assignments across accounts and subscriptions.
Plus, DevOps and cloud engineering teams frequently have extensive privileges to perform deployments and configure environments. If their privileges are allocated improperly -- which they frequently are -- security issues ensue.
Services such as AWS Organizations and Azure management groups can help centralize identity policies and assignment of policies across a multi-tenant deployment. Organizations should treat the implementation and governance of these services as a high priority for a multi-account strategy.
3. Poor data security management
Data security across multiple accounts and subscriptions should be a major concern for all organizations, especially as more sensitive data types are created and stored in cloud tenants. Multi-tenant cloud data security is complex due to the numerous types of data storage services available, various secrets management requirements across different applications, and widely differing compliance and regulatory requirements depending on data type.
Organizations tend to make liberal use of cloud provider encryption key management tools and services, such as AWS Key Management Service and Azure Key Vault. It's also common for each account or subscription owner to use these services within the context of a single tenancy while building applications.
Encryption key management services can be used centrally across numerous tenants, but they'll need to be configured and deployed properly to achieve centralized encryption control and management. Security teams must help develop migration plans for accounts to make use of new encryption keys generated in a centralized key management service deployment versus those used within a single account or subscription.
Overcoming multi-tenancy security issues
An additional drawback to multiple tenants is complexity. Without a dedicated emphasis on central governance, monitoring and configuration control, most organizations -- even highly mature ones -- will likely lose track of tenants and/or assets.
The use of infrastructure-as-code templates for all deployments, as well as centralized services across all tenants, can greatly aid in keeping sprawl and configuration vulnerabilities to a minimum.