Skip to main content

Cloud Software Design

Data security issues due to poor tenant isolation

If you’re a software product company, you may face data security issues with your cloud application in case of insufficient tenant isolation in the multi-tenancy cloud architecture. Bad tenant isolation can lead to data leakage between tenants, fines from clients in case of data security breaches and delays in app response.

There are numerous ways to ensure better tenant isolation in your cloud app but all of them have to do with your application’s database design. Let’s focus on these two:

  • The database-per-tenant approach presupposes that when a new tenant is added to the platform, the app creates a new database for them (with the frontend and backend still shared among all tenants). This approach makes sure that your tenants only have access to their isolated databases and besides that allows easy data backup, recovery and migration. However, this approach does not scale that well, so you have to clearly see your app’s future scalability needs to be sure that this is the way to go.
  • In the shared database approach, a cloud app hosts all tenants in one database and assigns each tenant a unique ID. Each data record has a tenant ID column and thus tenants can only access data attributable to them. Easy resource management is a definite strong side of this approach since the database shares computing and storage resources across all tenants, however, this is also the reason for poor app scalability opportunities behind this approach. That is why it can be sometimes altered by sharding the database and making each shard contain the data of one tenant.

 

Want to Create a Cloud App That Isolates Tenants Just Fine?

ScienceSoft is ready to design and develop your cloud application with cybersecurity in mind and help you identify what particular way of tenant isolation is better for your project.

 

Bad application performance

With poor decisions made on the cloud software design stage, your app can further experience performance drops caused by high network latency.

This problem is only true for developing cloud apps using IaaS because you can’t influence network latency in any other cloud service model. So, in case your application is a big monolith with equal load on all virtual machines, while designing the app, you’d need to use a load balancer to route requests equally among your virtual machines avoiding their overload. And if your app is built using microservices, you’d have to analyze how the features of the app are going to load their respective virtual machines and thus deploy such a number of virtual machines for each feature that would be able to handle the load adequately. These measures normally ensure a lower network latency and better performance of cloud apps.

User overload due to neglected integration capabilities

Insufficient integration between apps can manifest in redundant manual activity for your users when they have to switch between systems. For end-user companies, that means low employee productivity and, for product companies, that means low user satisfaction with their platform and high customer attrition.

There’s much more to the topic of application integration but let’s cut it short for the sake of simplicity. Here are three ways for a cloud app to integrate with other systems:

  • Through an additional architectural component called the integration layer. It runs data transformation (for apps to ‘understand’ each other’s data structures), encryption and transportation. Here is an example of single sign-on app integration we did using the app’s integration layer.
  • Through middleware infrastructure specifically created for the sake of integrating multiple apps and platforms with each other. This is the most cost-effective integration strategy, if you already have the middleware infrastructure in place or if you’re planning to have a lot of your apps integrated in the future (written once – used multiple times).
  • Through a separate cloud integrator application, such as in this integration project we did for a software development company with $1-billion turnover. In this strategy, the integrator app functions as an external integration layer for all apps to be integrated.

The third is usually the more expensive option that companies resort to it if their cloud apps don’t have any internal integration capabilities and there’s no mature middleware infrastructure in place. That’s why, during the cloud software design stage, you need to understand your future app’s integration needs and plan for the integration layer or the middleware infrastructure not to spend more on the integrator app development later.

Excessive cloud expenses

Cloud apps usually offer a lot of flexibility and scalability. However, it is pretty easy to end up paying a fortune if your app wasn’t designed with reasonable resource consumption patterns in mind.

I believe that cloud resource consumption needs to be optimized at the architecture level. For example, while designing your app, you need to provide for using mechanisms that let you avoid overpaying during low periods and at the same time allow handling load surges. Scheduled resource scaling and autoscaling can be such mechanisms (note that you need to be cautious with the latter one not to wind up paying much more than you’d expect). Besides, you need to build your cloud app so that it is dynamically orchestrated and containers are actively scheduled and managed.

Benefit with a meticulously designed cloud app

Cloud software design is the foundation for making your software work smoothly. Decisions made right at this stage will make sure your app will focus on achieving your business goals instead of being an impediment with constant data leakage fines, big fat cloud resource consumption bills, low user satisfaction claims and constant app performance drops. In case you’re not sure you can handle cloud software design on your own without making wrong decisions, consider ITQSOFT cloud-native development offering as your helping hand.