Multi-Tenancy Options

Dropzone supports three primary approaches to multi-tenancy, each designed to address different customer requirements for data segregation, operational flexibility, and management overhead.

Which multi-tenancy strategy you choose may depend on:

• Regulatory and compliance requirements

• Customer isolation expectations

• Operational scale and cost constraints

This document outlines each option, including its use case, advantages, disadvantages, and practical examples.

1. Tool-Dependent Multi-Tenancy

Overview

Tool-Dependent Multi-Tenancy leverages the native capabilities of integrated tools (such as tags, labels, or namespaces) to logically separate customer or group data within a single Dropzone instance. This approach relies on the underlying tools’ support for traffic segmentation.

When to Use

Best suited for organizations where:

• Integrated tools natively support robust tagging or separation mechanisms

• Strict data isolation is not a regulatory requirement

• Operational simplicity is preferred

Advantages

• Simplicity: Single Dropzone instance to manage

• Lower Overhead: Reduced infrastructure and operational complexity

• Centralized Management: Easier reporting and visibility across all customer data

Disadvantages

• Limited Isolation: Data separation is logical, not physical

• Risk of Misconfiguration: Incorrect tagging may lead to accidental data exposure

• Tool Dependency: Requires all integrated tools to support separation mechanisms

• Compliance Constraints: May not meet strict regulatory or contractual requirements

Example

A SaaS provider uses Dropzone to process data from multiple customers. Each customer’s data is tagged within the integrated SIEM (e.g., Microsoft Sentinel) using customer-specific tags, enabling logical separation and reporting within a single instance.

2. Multiple Dropzone Instances (Total Isolation)

Overview

Each customer or group is provisioned with a dedicated Dropzone instance, ensuring complete physical and logical isolation. All instances are centrally managed and monitored through the Fleet dashboard. (The most common method)

When to Use

Ideal for organizations with:

• Strict security or compliance requirements

• Regulatory mandates requiring full instance isolation

• Customers demanding dedicated environments

Advantages

• Strong Isolation: Full segregation between customers

• Compliance Ready: Meets stringent regulatory and contractual requirements

• Custom Configuration: Each instance can be tailored independently

Disadvantages

• Operational Overhead: Increased complexity managing multiple instances

• Higher Cost: Additional infrastructure and maintenance effort

• Fleet Dependency: Requires Fleet for centralized oversight

Example

A managed security service provider (MSSP) supports several financial institutions. Each institution is assigned its own Dropzone instance, with all instances managed centrally via the Fleet dashboard.

3. One-to-Many Integrations

Overview

A single Dropzone instance is configured to support multiple versions or instances of the same integration (for example, multiple Microsoft Sentinel workspaces). This allows one Dropzone environment to route data to multiple downstream systems.

When to Use

Appropriate for organizations that:

• Manage multiple environments (dev, staging, production)

• Require distinct integration instances without full instance isolation

• Want centralized management with flexible routing

Advantages

• Efficient Resource Use: One instance supports many integration endpoints

• Simplified Updates: Changes can be rolled out centrally

• Centralized Visibility: Unified monitoring across integrations

Disadvantages

• Shared Risk: Instance-level issues affect all integrations

• Configuration Complexity: Requires careful routing logic

• Reduced Isolation: Not suitable for strict compliance environments

Example

A large enterprise uses one Dropzone instance to forward alerts to multiple Microsoft Sentinel workspaces for production, staging, and development.

Summary Comparison