Managed security service providers (MSSPs) handle multiple customers within their technology stack. Therefore they need technology that makes them more efficient. Multitenancy is a critical capability that helps MSSPs improve efficiency. What are the advantages of multitenancy? And why is it vital that solutions, such as security information and event management (SIEM), support it?
The definition of multitenancy
Software multitenancy is an architecture where a single instance of the software serves multiple tenants or groups of users. The multitenant architecture provides every tenant with a dedicated share of the instance, including configuration and data. For MSSPs, the tenants are typically separate customers. With multitenancy, MSSPs can manage and monitor multiple security systems for numerous customers all in one place. When MSSPs can centrally manage everything with multitenancy, they can increase scalability, reduce cost and improve security.
Single tenant vs. multitenant – What’s the difference?
A single tenant is one instance of the software, usually supporting a single organization. With single tenancy, each organization has its instance and database contained in isolation. MSSPs running applications which only support single tenancy put themselves in an unfavorable situation due to the following potential drawbacks:
Setup and management: With single tenancy, MSSPs need to deploy a single instance for every new customer. Configurations and analytics are not easily shared among end customers, decreasing scalability.
Cost: MSSPs have to run single-tenant instances for each customer, which is more expensive than sharing resources. It requires more labor to set up and manage multiple single-tenant instances.
Maintenance: Having single-tenant instances that need to run smoothly is a task that only keeps increasing the more extensive the customer base grows, requiring more time from the MSSP.
In contrast, multitenancy uses the same software instance for many different organizations. This makes it easier and more cost-effective for hosting providers, MSSPs and security operation centers (SOCs) to manage large scale deployments.
Benefits of multitenancy
While multitenancy is the most efficient solution for MSSPs, let’s look at the benefits regarding SIEM:
Convenient maintenance: MSSPs can efficiently manage hundreds of customers from a single interface, including configuration, asset health monitoring, user provisioning and much more.
Fast deployment: Multitenancy makes it easy to add new customers by limiting the manual work needed to get the solution implemented while vastly increasing time-to-value for the end customer.
Shared analytics and intelligence: SIEMs that support multitenancy make it easy to apply analytics, such as dashboards and reports, across customers. MSSPs can detect and respond to threats from a single pane of glass.
Privacy and security: It’s easy for customers to access their logs in a multitenant SIEM and obfuscate data. Customers can keep sensitive data confidential from MSSPs while still allowing efficient threat detection and response.
Cost: A multitenant SIEM allows MSSPs to reduce labor resources and scale their business. SIEMs priced by the number of devices sending logs, rather than the amount of data, have a predictable total cost of ownership, simplifying budgeting.
Why MSSPs choose LogPoint
LogPoint provides the ultimate platform tailored for MSSPs to efficiently deploy and operate multitenant SIEM solutions across customers, geography, divisions and subsidiaries. LogPoint develops solutions in collaboration with leading MSSPs to ensure IT service providers get the SIEM capabilities they need to run an effective business.
Centralized management for MSSPs
LogPoint has a fully-fledged MSSP platform – LogPoint Director. It allows the Service providers to partition LogPoint servers into a Pool for each customer, which contains the LogPoint servers needed in that environment.
As the central cybersecurity platform for MSSPs, LogPoint provides a situational overview and the analytics to detect breaches, enable threat hunting, and manage incidents across customer environments.
Due to the multitenant nature of LogPoint Director, data segregation is guaranteed. The customer environment holds all of the customer data, and data ownership is clear and unambiguous.
Native features in LogPoint enable complete data obfuscation aided by the four-eye-principle, allowing customers to encrypt data down to log-field levels.
LogPoint allows MSSPs to scale while maximizing return on investment. MSSPs can keep costs in control through advanced analytics, which makes hardware and software more efficient to scale and manage. The LogPoint licensing model is based on the number of log sources – and not driven by data volumes, events per second or the number of LogPoint servers deployed. LogPoint Director makes it easy for MSSPs to predict how much the solution will cost.