Tenant Isolation Strategy Calculator Tenant Isolation Strategy Calculator Assess your multi-tenant architecture’s security posture based on key isolation strategies. Architecture Configuration Deployment Model How infrastructure is provisioned. ‘Silo’ means dedicated resources per tenant, offering the highest isolation. ‘Pool’ means shared resources, maximizing efficiency. Silo (Dedicated Instance/VPC) Hybrid (e.g., Dedicated DB, Shared App) Pool (Shared Everything) Database Isolation How tenant data is segregated. Separate databases offer the best data isolation. Row-level security is efficient but requires flawless application logic. Separate Database per Tenant Separate Schema per Tenant Shared Schema (Row-Level Security) Authentication & Authorization How user identity is managed. Dedicated Identity Providers (IdP) create strong boundaries. Central IdPs require careful, tenant-aware access control (RBAC). Dedicated Identity Provider (IdP) per Tenant Central IdP with Strict Tenant-Scoped RBAC Shared Auth with Basic Role Checks Network Security How network traffic is controlled. Dedicated Virtual Private Clouds (VPCs) prevent cross-tenant network traffic entirely. Security Groups require careful rule management. Dedicated VPC/VNet per Tenant Shared VPC with Per-Tenant Security Groups Open within Shared Network Monitoring & Auditing How actions are logged and reviewed. Per-tenant logs provide clear, isolated audit trails. Centralized logs are good but require disciplined filtering. Per-Tenant Audit Logs & Real-time Alerting Centralized Logs with Tenant ID Filtering Minimal or Shared Logging Isolation Score
