Ensure Data Segregation for Data Sharing - Multi-tenant System
As a service provider, I need to ensure that our customers can NEVER see another customer's data or even meta-data (that they exist) SO THAT customers can't see any information about their competitors and who we work with.
As a industrial operating company that shares data with partners and service providers, I need to ensure that our data is only accessible to those that we share with SO THAT we can ensure our data and company's intellectual property (IP) is safe and secure.
We have started development on Community Management features and Stream data sharing in OSIsoft Cloud Services (OCS) to enable sharing of operational data across tenants.
As part of the Community creation workflow, we are working on a way that Communities are formed without exposing other customer accounts/tenants in the process.
Additionally, Namespaces can now be used to segregate customer data (if you’re providing a service to those customers), or the data can be stored in their own OCS tenant/account and then shared via Community data sharing functionality (when it becomes available).
Using different namespaces for different customers would provide the best isolation mechanism within a single account. It does limit the possibilities of analyzing data across multiple customers though.
Bryan Owen commented
Absolute assurances are rare in cyber security. This item could benefit from discussion of how much difficulty satisfies 'can NEVER'. For example, defining a finite number of safeguards used to segregate data.
Yong The commented
Have a namespace concept so that Pi can service multiple tenants without the risk of breaching data security between tenants. Also allowing data from tags associated with a namespace be archived and the tags reassigned to another namespace.