Multi-tenancy

It is a cloud service architecture where a single software system serves multiple customers (tenants) simultaneously, using virtualization and logical separation to isolate their computing resources and data. According to ISO/IEC 27017 guidelines, a customer's virtual environment must be protected and separated from the environments of other customers to prevent data leakage or unauthorized cross-tenant access.

Inadequate segregation in a multi-tenant architecture can lead to breaches of personal data or trade secrets, violating Taiwan's Personal Data Protection Act (Article 27) and Trade Secrets Act. For highly regulated industries like finance, healthcare, or the semiconductor supply chain, such incidents can result in heavy fines and a loss of customer trust and contracts.

The primary standard is **ISO/IEC 27017** (Code of practice for information security controls for cloud services), especially control **CLD.9.5.1**, which requires the protection and separation of a customer's virtual environment. It also relates to the information security management system requirements of **ISO/IEC 27001** and the PII protection guidelines in **ISO/IEC 27018**.

As Taiwan's first consultancy to integrate ERM, tech law, and IT, Winners Consulting offers a unique advantage. Led by a founder with a preventive law background, our team of tech lawyers, ISO lead auditors, and data scientists assesses multi-tenancy risks from legal, technical, and procedural perspectives. We vertically integrate ISO standards with corporate governance, providing effective security and trade secret protection for industry leaders like TSMC and MediaTek.