AlexOakenman - Fotolia
Companies that are exploring a move to cloud ERP must research the relevant options, among them what factors to include in the single-tenant vs. multi-tenant cloud issue.
"At the core, the tenancy discussion is about software architecture and how the software is deployed and operated," said Claus Jepsen, chief architect at Unit4, a cloud business software provider. "The functionality offered is the same. From the perspective of selecting one deployment scenario over another, the reality comes down to two elements: control and isolation."
The default mode for most cloud apps is a multi-tenant implementation in which a cloud provider shares infrastructure, applications or platforms across multiple customers. With multi-tenant cloud, the vendor manages scalability, security and upgrades. The downside is a company doesn't have a high degree of control over their ERP applications.
On the other hand, having a single-tenant cloud deployment -- sometimes called hosted or managed services -- typically includes greater control over the environment. Single-tenant cloud means one enterprise is given dedicated access to cloud infrastructure, apps or a platform. It's similar to running a private cloud for these applications, except it's hosted in a cloud provider's ecosystem, which makes it easier to integrate with other applications or services running on the same cloud provider.
That control, however, comes with a high price tag. So, how can companies decide which option is best?
Security issues with single-tenant vs. multi-tenant cloud
Multi-tenant cloud ERP is typically a good bet for most companies lacking their own security and management teams, because many cloud providers have dedicated teams for these areas. A multi-tenant service is likely to have good security baked in that exceeds what many enterprises will have in-house.
However, single-tenant cloud can offer additional security and peace of mind for companies that need it. Enterprises may be able to augment this level of protection if they have a top-notch security team -- particularly if they are willing to take the extra steps around isolating sensitive data from the rest of the cloud architecture.
This can provide an additional layer of protection from hackers who take advantage of chip-level vulnerabilities to compromise other applications running on the same hardware on a cloud provider's servers. For example, research sponsored by the National Science Foundation demonstrated the ability to deploy snooping applications on the same server as a target application.
This research was prior to some of the recent discoveries of chip-level vulnerabilities. Older attacks could only listen to applications, but variants that take advantage of chip vulnerabilities may also be able to compromise apps in other ways.
In theory, a single-tenant deployment could also provide an additional layer of isolation at the database application level, as well. If a multi-tenant ERP application shared the same back-end database across customers, a vulnerability at the application layer could compromise the data of all of the users. However, these kinds of attacks have not been demonstrated in practice -- yet.
For a long time, there was a perception that multi-tenant cloud services were inherently less secure than single-tenant cloud deployments. However, that may be changing.
"Multi-tenant SaaS providers are making significant investments in people, process and technology to ensure the highest levels of data privacy for their clients," according to Urvish Vashi, vice president of global marketing at HighRadius, an integrated receivables platform based in Houston.
He said companies no longer exist in a world where private instances of their ERP can be entirely walled off. "Modern enterprises not only encourage, but require their employees to be able to access these systems from home, on the road, from their desktop or on mobile -- you name it," Vashi said.
This means enterprises need to have exceedingly strong competencies in managing security [if they choose single-tenant] -- something that many mid- and even large-size companies struggle to do.
Privacy concerns with single-tenant vs. multi-tenant cloud
One area of concern with multi-tenant cloud relates to data governance. It's important to identify what data a cloud provider collects on the applications it provides to ensure these don't run afoul of any data privacy concerns. This is important with GDPR, which expands the definition of personally identifiable information to include IP addresses used by EU citizens.
Cloud application vendors often monitor the performance of their multi-tenant cloud applications as they are used by customers. This data is used to identify and proactively fix problems, discover defects with upgrades and determine the features used by enterprise customers in practice. This feedback means the vendor can improve the performance of its apps.
The downside is an app provider that integrates with the ERP system may inadvertently also aggregate personally identifiable information, which could create liabilities relating to GDPR or Health Insurance Portability and Accountability Act compliance.
Single-tenant cloud ERP applications might offer privacy protection from vendor analytics tools and help with compliance efforts, because it can provide an enterprise with finer-grained control of what data, if any, is shared with the cloud provider.
Single-tenant vs. multi-tenant cloud for upgrade control
A single-tenant strategy allows an enterprise's IT team to isolate their ERP application ecosystem against upgrades. In general, cloud ERP providers do a good job of ensuring upgrades to their applications don't adversely affect enterprise customers. In many cases, they can provide fine-grained controls to allow enterprises to turn on and off new features, as well.
But, sometimes, an enterprise may be using these ERP applications in unique ways that can create problems when an upgrade occurs. A single-tenant cloud strategy can provide finer-grained control against changes in these applications.
Single-tenant vs. multi-tenant for streamlined management
For the most part, a multi-tenant cloud for ERP is the best bet for the clear majority of use cases. It shifts the burden of scalability onto the cloud provider, is generally cheaper and makes it easier for the cloud provider to patch newly discovered vulnerabilities.
A multi-tenant service allows the cloud provider to spread workloads from multiple customers across multiple servers more efficiently. If one server experiences heavy traffic, the cloud provider handles the process of scaling it to additional servers without burdening an enterprise's IT staff. This reduces the need to provision redundant servers that would be required for an enterprise to maintain the same level of service in a single-tenant infrastructure.
"Multi-tenant cloud solutions have the upper hand on their single-tenant counterparts when it comes to cost-effectiveness and ease of deployment," according to Vashi.
Single-tenant cloud deployment typically comes at a higher cost, as vendors need to maintain and operate customer-specific environments, comparable to running the service on premises.
Two key questions for single-tenant vs. multi-tenant
Charles King, president and principal analyst at Pund-IT, an IT consultancy, said there are two central questions companies considering cloud ERP need to address:
- Will the enterprise realize cost and performance benefits by essentially outsourcing their ERP workloads?
- Is business-critical data exposure more likely if ERP is supported with public clouds?
Charles Kingpresident and principal analyst, Pund-IT
If the answer to both questions is yes, then companies might consider asking SaaS ERP players, such as SAP, Oracle or IBM, whether they offer single-tenant and its dedicated server option. They may also look into deploying their ERP applications on top of single-tenant IaaS offerings from their cloud provider, such as Amazon EC2 Dedicated Hosts or VMware Cloud on AWS. They can then compare and contrast the cost and convenience of those services.
There are other approaches that businesses might consider for these scenarios, especially hybrid cloud software designed to blend or integrate private cloud IT assets with specific public cloud platforms. "For companies that hope [or] plan to maximize control over their data, hybrid clouds are a viable approach to consider," King said.
To answer single-tenant vs. multi-tenant, start with goals
The best place to start in the determination of whether multi-tenant or single-tenant is best for your company is by bringing your IT managers into the mix early to help determine final goals and assess SaaS and cloud service providers (CSPs) and options, King said. Along with outsourcing cost benefits, CSPs typically pitch the value of simplified service ordering and delivery their platforms offer. Single-tenant options usually support those usability features, but in other respects are similar to traditional hosted services.
"The best practices for choosing your deployment model will come down to understanding the level of customization required from stock SaaS solutions, and then mapping that to available options based on the two platforms," HighRadius' Vashi said.
IBM and Oracle are among the few enterprise cloud players currently offering single-tenant options.
"Single-tenant cloud is, and probably will remain, a modest fraction of overall cloud use cases and workloads and is mainly used by organizations that are either risk-averse or work in highly regulated industries," King said.