DATA-19

Does the environment provide for dedicated single-tenant capabilities? If not, describe how your solution or environment separates data from different customers (e.g., logically, physically, single tenancy, multi-tenancy).

Explanation

This question is asking about how your environment or solution handles the separation of customer data in your infrastructure. Single-tenancy means each customer has their own dedicated instance of the application and infrastructure, completely isolated from other customers. Multi-tenancy means multiple customers share the same application instance and infrastructure, with logical separation of their data. The security assessment is asking this because data separation is critical for preventing unauthorized access across customer boundaries. If one customer's environment is compromised, proper separation helps ensure other customers' data remains secure. It also addresses compliance requirements that may mandate specific types of data isolation. To best answer this question: 1. Clearly state whether you offer single-tenancy options 2. If you're multi-tenant, explain in detail how you separate customer data 3. Describe the technical controls that enforce this separation (database schemas, encryption, access controls, etc.) 4. Mention any validation or testing of these separation mechanisms 5. If you offer both models, explain when each is used and how customers can choose

Example Responses

Example Response 1

Yes, our environment provides dedicated single-tenant capabilities Each customer receives their own isolated instance of our application with dedicated compute resources, database instances, and storage This includes separate virtual machines or containers, dedicated database instances, and isolated storage buckets Network segmentation is implemented using virtual private clouds (VPCs) with no shared network paths between customer environments This architecture ensures complete isolation of customer data and processing, preventing any possibility of data leakage between tenants.

Example Response 2

No, our solution does not provide dedicated single-tenant capabilities Instead, we implement a secure multi-tenant architecture with robust logical separation Customer data is segregated through a combination of: 1) Database-level separation using separate schemas for each customer within our PostgreSQL database, 2) Row-level security with tenant ID enforcement on all database queries, 3) Application-level access controls that validate tenant context on every request, 4) Encryption of data at rest with tenant-specific encryption keys, and 5) Regular penetration testing specifically targeting tenant isolation boundaries Our architecture has been validated through independent security assessments to confirm the effectiveness of these controls.

Example Response 3

Our environment offers a hybrid approach to tenancy By default, customers are deployed in our multi-tenant environment where data separation is achieved through logical controls including: tenant-specific database schemas, row-level filtering in all queries, and application-level access controls However, we cannot guarantee complete isolation in this model as the underlying infrastructure is shared For customers with higher security requirements or specific compliance needs, we offer a premium tier with dedicated single-tenant deployments that provide complete physical and logical separation of infrastructure, applications, and data We recommend the single-tenant option for customers handling sensitive data or subject to strict regulatory requirements.

Context

Tab: Product
Category: Data