Multitenancy and trust boundaries in SaaS

When a company moves to a SaaS service, it gets ready infrastructure, a fast start, and predictable costs. That is a fair trade. But there is a part of that trade that rarely gets discussed openly: your data lives on the same platform as the data of other customers.

Most of the time, you never notice this. Sometimes it becomes a problem.

What multitenancy is

Multitenancy is an architectural model in which a single instance of a software system serves multiple customers simultaneously. Customers are separated logically, but physically share the same servers, databases, queues, and sometimes the same code.

This is a normal and well-founded practice. Most public SaaS runs exactly this way. The problem is not multitenancy itself - it is where the isolation boundaries are drawn and how reliably they hold.

Where the boundary can fail

Isolation in a multitenant system is not one mechanism but several layers at once. And each layer is a potential failure point.

At the data layer: if two tenants share a database, isolation depends on how strictly queries are filtered by tenant_id. One missed check and one customer's data becomes accessible to another.

At the compute layer: workloads from different tenants compete for resources. The "noisy neighbour" is a real phenomenon - one customer's load degrades performance for others.

At the secrets and configuration layer: if keys, tokens, or settings are stored without strict binding to a tenant, a misconfiguration can expose someone else's data.

At the audit layer: in a multitenant environment it is harder to trace exactly who accessed specific data at a specific time. That is not just a technical inconvenience - it is a compliance issue when an incident occurs.

The neighbour risk

This term is used most often in the context of performance, but it has a security dimension too. If the platform is breached through a vulnerability in one tenant, the question is how well the others are isolated.

A responsible SaaS provider thinks about this in advance. But as a buyer you cannot always verify the quality of that isolation from the outside. That is exactly why you need to ask the questions before signing the contract.

What to look at when evaluating a SaaS platform

The same framework for questioning a cloud provider applies here. For SaaS specifically, a few practical questions worth raising with the provider:

1. How is data isolated between tenants - logically or physically? Is a dedicated database an option?
2. How does the system behave under abnormal load from one customer? Are there resource limits and isolation?
3. What access audit mechanisms exist? Can you get a log of who accessed your data?
4. How are security incidents handled? Are all tenants notified or only the affected ones?
5. Does the platform hold a certification - SOC 2, ISO 27001 or equivalent? That is an indirect signal of process maturity.

When this matters most

For most use cases - planning, marketing, communications - the standard isolation level of a SaaS platform is sufficient. The risk is real but manageable.

The picture changes when the data is sensitive: customer personal data, financial records, medical data, data governed by industry standards. Here, a standard "we ensure isolation" answer is not enough. You need specific technical and process guarantees.

The convenience of a shared platform is a real advantage. The neighbour risk is a real risk. A good SaaS decision is made with a clear understanding of both - and it also includes a continuity plan for when the service you depend on fails.