HIPAA Security Rules Require the Implementation of Technical, Physical, And Administrative Safeguards for the Storage and Transmission of Electronic Protected Health Information. The multi-tenant isolation provides the benefits of shared Security and distributed cost benefits of shared resources without any performance losses.
We are going to focus on the tenant isolation options available in SQL Database Service from Microsoft Azure Cloud Computing Platform.
Azure SQL database offers various tenancy models available for a multi-tenant SaaS application. Application level isolation and Vendor Management are very common. Cost and complexity are the main factors to be considered.
Architectural considerations for a multitenant solution
Features of Azure SQL Database that support multitenancy
Multitenant solutions on Azure commonly use Azure SQL Database. On this page, we describe some of the features of Azure SQL Database that are useful when working with multitenant systems, and we link to guidance and examples for how to use Azure SQL in a multitenant solution. Azure SQL Database includes a number of features that support multitenancy.
Elastic pools enable you to share compute resources between a number of databases on the same server. By using elastic pools, you can achieve performance elasticity for each database, while also achieving cost efficiency by sharing your provisioned resources across databases. Elastic pools provide built-in protections against the Noisy Neighbor problem.
Elastic database tools
The Shading pattern enables you to scale your workload across multiple databases. Azure SQL Database provides tools to support sharing. These tools include the management of shard maps (a database that tracks the tenants assigned to each shard), as well as initiating and tracking queries and management operations on multiple shards by using elastic jobs.
Row-level security is useful for enforcing tenant-level isolation, when you use shared tables.
The Always Encrypted feature provides the end-to-end encryption of your databases. If your tenants require they supply their own encryption keys, consider deploying separate databases for each tenant and consider enabling the Always Encrypted feature.