Search code examples
encryptionarchitecturemulti-tenantdata-security

Protecting sensitive customer data in cloud based Multi-Tenant environment

We are building a multi-tenant cloud-based web product where customer data is stored in single Database instance. There are certain portion of customer specific business data which is highly sensitive. The sensitive business data should be protected such that nobody can access it except the authorized users of the customer (neither through application not through accessing Database directly). Customer want to make sure even the platform provider(us) is not able to access specific data by any means. They want us to clearly demonstrate Data security in this context. I am looking for specific guidance in the following areas:

  1. How to I make sure the data is protected at Database level such that even the platform provider cannot access the data.

  2. Even if we encrypt the Data, the concern is that anyone with the decryption key can decrypt the data

  3. What is the best way to solve this problem?

Appreciate your feedback.

Solution

  • "How to I make sure the data is protected at Database level such that even the platform provider cannot access the data"

    -- As you are in a Multi-Tenanted environment, First of all you would have to "single tenant your databases" so one DB per customer. Then you need to modify the application to pick up the database from some form of config.

    For encryption as you are in Azure you would have to use the Azure Key vault with your own keys or customer's own keys. you then configure SQL to use these keys to encrypt the data. see here and here

    if you want the database to stay multi-tenanted, you would need to do the encryption at the application level. However this would need the application to know about customer keys, hence I dont think that this would be a valid solution.

    "Even if we encrypt the Data, the concern is that anyone with the decryption key can decrypt the data" - yep anyone with the keys can access the data. For this you would need to set the access controls appropriately on your key vault.. so the customer can see only their keys.

    In the end as you are the service provider.. the customers would have to trust you some what :)