search
Ctrlk

serverData Segregation Strategy

hashtag
Context

At Rely.ioarrow-up-right, our SaaS product operates on a multi-tenant architecture, designed to provide our customers with a secure and scalable platform. We strictly adhere to cloud industry standards, ensuring that customer data is fully protected through robust segregation policies. Our approach balances performance, security, and compliance, offering clear data access controls and separation.

hashtag
Product & Data Access

To safeguard all data and systems, we employ a combination of Identity and Access Management (IAM) based on OAuth standards and a centralized Secret Manager. Access to sensitive information is tightly controlled using path-based policies, ensuring each tenant is restricted to their allocated resources.

hashtag
A Tiered System for Data Storage

We have designed a tiered approach to data storage, differentiating between two types of customer accounts:

  1. Temporary Accounts: These include Free Trials, Pilots, and Test Accounts.

  2. Permanent Accounts: These include our active Customers, Partners, and Internal Accounts.

As customers progress through their lifecycle on Rely.ioarrow-up-right, they are seamlessly migrated from Temporary Accounts to Permanent Accounts, ensuring the appropriate level of segregation and access control throughout their journey.

hashtag
Tier One: Temporary Accounts

  • Metadata (Data Model Definitions, Views, Configurations):

    All metadata is managed using a pooled data model, which means multiple tenants share the same resources. However, to maintain strict data access control, Row-Level Security (RLS) is activated for all tenants. This ensures that even though metadata is pooled, each tenant can only access their own data views and configurations.

  • User Data (Telemetry, Entities, etc.):

    For user-specific data, we adopt a Bridge Data Model. Each tenant has their own isolated organization (Org), ensuring that their user data is completely segregated from others. This model ensures full separation and security at the data level while still benefiting from the shared infrastructure.

hashtag
Tier Two: Permanent Accounts

For customers with Permanent Accounts, both Metadata and User Data are managed using a Bridge Data Model.

In this model, each tenant has their own dedicated database schema for both metadata and user data, providing strong levels of isolation and security. This setup ensures that customer data remains segregated, both at the metadata and user data levels.

hashtag
Data Segregation Schema

Illustration of Rely.io's Data Segregation Schema (simplistic view)

Last updated