How to deal with storage location and tenancy compiled src7cse@gmail.

com 25-Sept-2025 Pg 1 of 7

How to deal with storage location and tenancy for securing data in Cloud
Computing?
(This document is prepared partially from LLM models)

https://www.tutorialspoint.com/cloud_computing/cloud_computing_security.htm

How to deal with storage… This document is prepared partially from LLM models Pg 1 of 7
How to deal with storage location and tenancy compiled [email protected] 25-Sept-2025 Pg 2 of 7

https://www.javatpoint.com/multitenancy-in-cloud-computing
Here's a concise overview of dealing with storage location and tenancy for securing
data in cloud computing, along with an example case:

Storage location and multi-tenancy are crucial aspects of data security in cloud
computing. Cloud providers often store data across multiple geographic locations for
redundancy and performance. However, this can raise compliance and privacy
concerns. To address this:

1. Data residency: Ensure data is stored in locations that comply with relevant
regulations.
2. Data sovereignty: Be aware of laws governing data access in different
jurisdictions.
3. Encryption: Use strong encryption for data at rest and in transit.
4. Access controls: Implement robust identity and access management.
5. Tenant isolation: Ensure proper logical separation between different tenants'
data.

Example case: A multinational financial services company needs to store customer data
in the cloud while complying with various regional regulations. They work with a cloud
provider that offers:

● Region-specific data centers

● Strong encryption
● Virtual private cloud options
● Compliance certifications (e.g., ISO 27001, SOC 2)

How to deal with storage… This document is prepared partially from LLM models Pg 2 of 7
How to deal with storage location and tenancy compiled [email protected] 25-Sept-2025 Pg 3 of 7

The company implements a hybrid cloud solution, keeping sensitive data on-premises
and using the cloud for less sensitive workloads. They use data classification and
tagging to ensure data is stored in appropriate locations and apply encryption and
access controls consistently across their infrastructure.

https://www.tutorialspoint.com/cloud_computing/cloud_computing_security.htm

When migrating data to the cloud, ensuring its security is paramount. Two crucial factors
to consider are storage location and tenancy.

Storage location refers to the geographical region where your data is stored. This can
influence factors like data latency, regulatory compliance, and potential risks. For
instance, if your business operates primarily in Europe, storing data in a European data
center ensures compliance with GDPR regulations. However, storing data in a region
with a different legal framework might expose it to potential risks.

Tenancy refers to the level of isolation between your data and other tenants on the
same cloud platform. In a multi-tenant environment, multiple organizations share the
same infrastructure. 1 While this can be cost-effective, it raises concerns about data
isolation. 2 Cloud providers typically employ various techniques like logical isolation,
encryption, and access controls to mitigate these risks. 3 In contrast, a single-tenant
environment provides dedicated resources for your data, offering a higher level of
security but at a potentially higher cost.

How to deal with storage… This document is prepared partially from LLM models Pg 3 of 7
How to deal with storage location and tenancy compiled [email protected] 25-Sept-2025 Pg 4 of 7

Example: A healthcare organization might choose to store patient data in a data center located within the country to
comply with local healthcare regulations. To mitigate risks associated with multi-tenancy, they could opt for a private
cloud or a dedicated server within a public cloud.

Security in cloud computing is a major concern. Data in cloud should be stored

in encrypted form. To restrict client from accessing the shared data directly,
proxy and brokerage services should be employed.

Security Planning
Before deploying a particular resource to cloud, one should need to analyze
several aspects of the resource such as:

​ Select resource that needs to move to the cloud and analyze its sensitivity
to risk.
​ Consider cloud service models such as IaaS, PaaS, and SaaS. These
models require customer to be responsible for security at different levels
of service.
​ Consider the cloud type to be used such as public, private, community
or hybrid.
​ Understand the cloud service provider's system about data storage and its
transfer into and out of the cloud.

The risk in cloud deployment mainly depends upon the service models and cloud
types.

How to deal with storage… This document is prepared partially from LLM models Pg 4 of 7
How to deal with storage location and tenancy compiled [email protected] 25-Sept-2025 Pg 5 of 7

Understanding Security of Cloud

Security Boundaries

A particular service model defines the boundary between the responsibilities of

service provider and customer. Cloud Security Alliance (CSA) stack model
defines the boundaries between each service model and shows how different
functional units relate to each other. The following diagram shows the CSA
stack model:

https://www.tutorialspoint.com/cloud_computing/cloud_computing_security.htm

Key Points to CSA Model

​ IaaS is the most basic level of service with PaaS and SaaS next two above
levels of services.
​ Moving upwards, each of the service inherits capabilities and security
concerns of the model beneath.
​ IaaS provides the infrastructure, PaaS provides platform development
environment, and SaaS provides operating environment.

How to deal with storage… This document is prepared partially from LLM models Pg 5 of 7
How to deal with storage location and tenancy compiled [email protected] 25-Sept-2025 Pg 6 of 7

​ IaaS has the least level of integrated functionalities and integrated

security while SaaS has the most.
​ This model describes the security boundaries at which cloud service
provider's responsibilities end and the customer's responsibilities begin.
​ Any security mechanism below the security boundary must be built into
the system and should be maintained by the customer.

Although each service model has security mechanism, the security needs also
depend upon where these services are located, in private, public, hybrid or
community cloud.

Understanding Data Security

Since all the data is transferred using Internet, data security is of major concern
in the cloud. Here are key mechanisms for protecting data.

​ Access Control
​ Auditing
​ Authentication
​ Authorization

All of the service models should incorporate security mechanism operating in all
above-mentioned areas.

Isolated Access to Data

Since data stored in cloud can be accessed from anywhere, we must have a
mechanism to isolate data and protect it from client’s direct access.

Brokered Cloud Storage Access is an approach for isolating storage in the

cloud. In this approach, two services are created:

​ A broker with full access to storage but no access to client.

​ A proxy with no access to storage but access to both client and broker.

How to deal with storage… This document is prepared partially from LLM models Pg 6 of 7
How to deal with storage location and tenancy compiled [email protected] 25-Sept-2025 Pg 7 of 7

Working Of Brokered Cloud Storage Access System

When the client issues request to access data:

​ The client data request goes to the external service interface of proxy.
​ The proxy forwards the request to the broker.
​ The broker requests the data from cloud storage system.
​ The cloud storage system returns the data to the broker.
​ The broker returns the data to proxy.
​ Finally the proxy sends the data to the client.

All of the above steps are shown in the following diagram:

https://www.tutorialspoint.com/cloud_computing/cloud_computing_security.htm

Encryption
Encryption helps to protect data from being compromised. It protects data that
is being transferred as well as data stored in the cloud. Although encryption
helps to protect data from any unauthorized access, it does not prevent data
loss.

How to deal with storage… This document is prepared partially from LLM models Pg 7 of 7