Multi-tenant security

Written By Curtis Hunt

Three years ago I built a multi-tenant security framework. This is how I'd build it now.

Same core principle: enforce controls at every layer, bound the blast radius by design, assume every layer above you has already failed.

Different execution: cloud-first from day one, Zero Trust aligned, and designed for PBAC and Verifiable Credentials — not retrofitted to them later.

Same hardest problem: it doesn't respect org chart lines. Network, cloud, cyber, IAM, and dev all own a piece of it. Clear objectives, the right leadership support, and a shared vocabulary across functions are what make it work — not just the architecture.

Reference architecture attached.

Note: I used AI to generate the image but the content is mine and validated.

#ZeroTrust #SecurityArchitecture #CloudSecurity #CyberSecurity

Curtis Hunt
Next

CISO budget allocations