Secure Multi-tenant Application in Software as a Service

A multi-tenant application in Software as a Service (SaaS) is accessed by multiple organizations called tenants who have several users attached to them. Multi-tendency enhances resource utilization by effectively sharing resources and reducing cost, increasing productivity and online collaboration. However, providing a secure multi-tenant access to various tenants is still a challenge. Traditional security methods of applications are not effective in a multi-tenant application model due to multiple tenants’ access on a single application instance at runtime. This paper focuses on providing an integrated security model for SaaS application. The tenant specific security specifications are defined using a pluggable component that can be easily integrated to the SaaS application. It works effectively in enforcing security controls, and monitoring SaaS application security. The pluggable security definitions can be easily interlaced with the application at runtime without any interference from the provider. Thereby the multitenant SaaS provider focuses more on the application functionality rather on application security. The proposed Secure Multi-tenant Application (SMA) model provides security isolation among tenants’ at various levels during runtime, reduces security risks and protects sensitive tenant data. Our evaluation and discussions show the effectiveness of the proposed model in securing SaaS multitenant application.