VPN Haus recently spoke with Rainer Enders, CTO of NCP engineering, about multi-tenancy in VPNs and its advantages. In the final post of this two-part series, we look into some of the drawbacks of multi-tenancy and what it all means for enterprise users. For part one, click here.
Q: Are there any disadvantages to deploying a multi-tenant network? What are they, and how can they be mitigated?
Enders: The main disadvantages of multi-tenant networks come into play at the backend. Great care must be taken that data domains are not breached so that unauthorized access can occur and potentially result in data leakage. From a technical standpoint data domains must be shielded against unauthorized access in multiple ways implementing the classical defense-in-depth approach. This can be accomplished by building software/virtual firewalls around the virtual containers. Those firewalls allow for filtering of customer assigned address spaces as well as protection against traffic that originates in adjacent domains from co-located VMs. Additionally implementing an integrated AAA approach is mandatory to enforce strict user and device authentication. Centralized authorization and provisioning systems play a key role in this strategy.
Q: Why are multi-tenant VPNs important to the enterprise sector?
Enders: Multi-tenant VPNs play a key role in the service provider sector. The technology serves as a powerful enabler for cloud-based secure services, as it delivers the power and balance of operational and economical scale and efficiency without compromising security to the enterprise network customer.