Cloud Series: Building a Secure Identity Cloud
What does it mean for businesses to “go to the cloud?” While the term “cloud” can be used generically, there are many types of cloud architectures. A key benefit of moving to the cloud is that your data is secured with redundant, diversified servers managed by a third party. With your data managed by a third party vendor, it’s important to understand how and where that data is stored. ForgeRock carefully designs an isolated and secure cloud environment for each customer, while maintaining the benefits of the cloud, like sharing high-level resources to reduce costs for customers.
Secure by Design
To understand the concept of these shared cloud resources, it can be useful to imagine the ForgeRock Identity Cloud as a condominium building, with ForgeRock as the landlord. We are responsible for the general construction and maintenance of the building, as well as for shared infrastructure like common water supply and security. Condominium units within the building can be compared to individual customer environments within the cloud, each isolated and protected with walls, locked doors and windows.
By comparison, other identity cloud architectures and deployments are less like condominium buildings and more comparable to open spaces like high school gymnasiums — more open and malleable. These cloud architectures use virtual machine environments which can be spun up and spun down quickly. Would you feel as secure and safe living in a gymnasium as in your own condo unit?
In either scenario — condo or gymnasium — you could still have a noisy neighbor. The farther you are from your neighbors, the more sound protection you have. In the case of a data leak, being farther from your “noisy neighbors” by being in an isolated cloud environment, offers more data protection.
Is your cloud architecture an open space, or a condo building?
This example is an oversimplification but it is meant to underscore the steps ForgeRock has taken to ensure there is no shared knowledge among its customers. We call this architecture our “secure multi-tenant environment with full customer isolation.” In the next few sections, we’ll help you understand exactly what that means for you.
It is important to understand exactly what we mean by multi-tenancy. Revisiting the condominium building analogy, the entire building — from the basic condo unit to the luxury penthouse — is built to common standards using the same materials, and is operated consistently. In the same way, a multi-tenant cloud service is built on a common, consistent model to deliver service to its customers. ForgeRock provides high-level resources, like the ForgeRock Identity Platform that is shared across the entire ForgeRock Identity Cloud. All customer environments are built within the cloud from a standard template and hosted using a common technology base. These environments are maintained according to a consistent set of processes. They are continually updated against security vulnerabilities and upgraded with the latest code base.
Another benefit of multi-tenancy is the ability for large customers to self-manage multiple environments with a high-level, real-time overview across multiple data centers. Customers who require multiple geo-specific data centers for compliance reasons find this particularly valuable.
Full Tenant Isolation Explained
Continuing with the condominium metaphor, full tenant isolation can be compared to the individual condo unit itself. The ForgeRock Identity Cloud provides each customer with a distinct, dedicated data environment. All passwords, private keys, and other secrets associated with a customer’s ForgeRock Identity Cloud instance are generated, securely stored, and used solely within the customer environment. There is no shared knowledge between tenants — each tenant environment is self-sufficient and sovereign. Each environment runs a distinct copy of the service code under dedicated identities, with dedicated storage for customer secrets and data that only the customer can access. Additionally, the ForgeRock Identity Cloud enables customers to select their data center location so they can be in compliance with certain regulations. This is unique among identity cloud providers.
In addition to building a secure cloud architecture, ForgeRock also hardens our software by following the latest industry best practices. Our Secure Software Development Lifecycle (SSDLC) maintains high integrity though continuous testing. Our continuous deployment and integration means you will always have the latest version.
That’s the ForgeRock difference.