Multi Tenancy
Secure60 provides a robust multi-tenant architecture that supports complex organisational structures, from simple single-organisation deployments to sophisticated enterprise hierarchies with multiple subsidiary organisations. This flexible approach enables organisations to maintain data separation, implement granular access controls, and support diverse business requirements within a unified platform.
Organisational Hierarchy
Overview
Secure60’s organisational structure is built around a hierarchical model that mirrors real-world business relationships. Organisations can have multiple levels of sub-organisations, enabling enterprises to structure their security operations to match their business organisation.
Organisation Layers
The platform supports unlimited levels of organisational depth:
- Root Organisation - The top-level organisation that owns the Secure60 instance
- Sub-Organisations - Child organisations that inherit certain properties from their parent
- Nested Hierarchies - Sub-organisations can have their own sub-organisations, creating deep organisational trees
Key Characteristics
- Inheritance Model - Child organisations can inherit settings, rules, and configurations from parent organisations
- Selective Inheritance - Organisations can choose which elements to inherit and which to customise
- Data Isolation - Each organisation maintains complete data separation unless explicitly shared
- Administrative Boundaries - Clear separation of administrative responsibilities between organisations
Organisational Structure Benefits
Business Alignment
- Mirror Corporate Structure - Align security operations with business organisational charts
- Subsidiary Management - Manage multiple companies or business units within a single platform
- Geographic Divisions - Organise by geographic regions while maintaining centralised oversight
- Functional Separation - Separate organisations by business function or department
Operational Efficiency
- Centralised Management - Manage multiple organisations from a single administrative interface
- Shared Resources - Share threat intelligence, rules, and configurations across organisations
- Scalable Administration - Delegate administrative responsibilities to appropriate organisational levels
- Consistent Policies - Implement consistent security policies across the enterprise
Compliance & Governance
- Data Sovereignty - Ensure data remains within appropriate organisational and geographic boundaries
- Regulatory Compliance - Meet different compliance requirements for different business units
- Audit Separation - Maintain separate audit trails for different organisational entities
- Access Control - Implement fine-grained access controls aligned with business responsibilities
Projects: Data Containers Within Organisations
Project Overview
Within each organisation, data is organised into Projects. Projects serve as logical containers for security data, allowing organisations to segment data based on business requirements, compliance needs, or operational considerations.
Project Characteristics
- Data Isolation - Each project maintains complete data separation
- Independent Configuration - Projects can have unique rules, dashboards, and settings
- Flexible Scope - Projects can represent any logical grouping of data sources
- Access Control - Users can have different permissions across different projects
Common Project Patterns
Geographic Projects
Organisation: Global Corp
├── Project: North America
├── Project: Europe
├── Project: Asia Pacific
└── Project: Latin America
Business Unit Projects
Organisation: Enterprise Inc
├── Project: Finance Department
├── Project: IT Operations
├── Project: Manufacturing
└── Project: Sales & Marketing
Environment Projects
Organisation: Tech Company
├── Project: Production Environment
├── Project: Staging Environment
├── Project: Development Environment
└── Project: Partner Integrations
Compliance Projects
Organisation: Financial Services
├── Project: PCI DSS Scope
├── Project: SOX Compliance
├── Project: General Operations
└── Project: Customer Data
Data Retention Control
Projects control data retention periods, allowing organisations to implement different retention policies based on business needs, compliance requirements, or cost considerations:
- Project-Specific Retention - Each project can have its own data retention period (e.g., 90 days, 1 year, 7 years)
- Compliance Alignment - Set retention periods to meet specific regulatory requirements for different data types
- Cost Optimization - Use shorter retention periods for high-volume, low-value data and longer periods for critical security data
- Automatic Lifecycle Management - Data is automatically archived or deleted based on project retention settings
Retention Examples
Project: PCI DSS Compliance Data → 3 years retention
Project: General Security Logs → 1 year retention
Project: Critical Infrastructure → 7 years retention
Project: Development Environment → 90 days retention
Project Management
- Dynamic Creation - Create projects as business needs evolve
- Data Migration - Move data between projects when organisational structures change
- Project Templates - Use templates to standardise project configuration
- Cross-Project Analytics - Analyse data across multiple projects when appropriate permissions exist
User Management at Organisation Level
User Assignment Model
Users in Secure60 are assigned at the Organisation level, not at the project level. This design provides flexibility while maintaining administrative simplicity.
How User Access Works
Organisation Assignment
- Primary Organisation - Each user is assigned to a primary organisation
- Organisation Hierarchy - Users can access their assigned organisation and any sub-organisations
- Cross-Organisation Access - Users can be granted access to multiple organisations when needed
- Administrative Scope - Administrative privileges apply within the user’s assigned organisational scope
Project Access Control
Once assigned to an organisation, users can be granted specific permissions to projects within that organisation:
- Full Project Access - Complete access to all data and configuration within specific projects
- Read-Only Access - View-only access to specific projects
- Limited Access - Access to specific data types or time ranges within projects
- No Access - Explicit denial of access to sensitive projects
User Role Examples
Organisation Administrator
User: Jane Smith
Organisation: Global Corp (Root)
Access: All sub-organisations and all projects
Permissions: Full administrative access
Regional Security Manager
User: John Doe
Organisation: Global Corp - Europe
Access: Europe organisation and sub-organisations
Permissions: Manage European projects and users
SOC Analyst
User: Alice Johnson
Organisation: Global Corp - North America
Project Access: Production Environment, Staging Environment
Permissions: Read access to security events, create investigations
Compliance Officer
User: Bob Wilson
Organisation: Global Corp (Root)
Project Access: PCI DSS Scope, SOX Compliance (across all regions)
Permissions: Read access to compliance-related data and reports
Inheritance and Configuration
Feature Inheritance Overview
Secure60’s multi-tenant architecture supports comprehensive feature inheritance between organisations, enabling parent organisations to share capabilities, configurations, and resources with their child organisations. This inheritance model promotes consistency, reduces administrative overhead, and ensures standardised security practices across the enterprise.
Inheritable Features
The following features can be inherited from parent to child organizations:
- Rules - Detection rules and correlation logic
- Responses - Automated response actions and workflows
- Reports - Standardized reporting templates and schedules
- Tags - Data classification and labeling schemes
- Tokens - API tokens and integration credentials
- Users - User accounts and role assignments (with appropriate permissions)
Feature Inheritance Flow
The diagram below illustrates how features flow from parent organisations to child organisations, enabling comprehensive inheritance of security capabilities:
As shown in the inheritance model:
- Parent organisations define and maintain core features (rules, responses, reports, etc.)
- Child organisations automatically inherit these features while retaining the ability to customise
- Nested inheritance allows features to flow through multiple organisational levels
- Selective inheritance enables organisations to choose which features to inherit or override
Configuration Inheritance
Sub-organisations can inherit various configuration elements from their parent organisations:
Inheritable Elements
- Detection Rules - Share threat detection rules across the organisation
- Threat Intelligence - Distribute threat intelligence feeds to all sub-organisations
- Data Classification - Apply consistent data classification schemes
- Retention Policies - Implement standardised data retention across the enterprise
- Integration Configurations - Share common integration settings
Customisation Options
- Override Inheritance - Sub-organisations can override inherited settings when needed
- Additive Configuration - Add organisation-specific settings alongside inherited ones
- Selective Inheritance - Choose which elements to inherit from parent organisations
- Local Customisation - Implement organisation-specific configurations for unique requirements
Feature Inheritance Examples
Rule Inheritance
Parent Organisation: Global Security Baseline
├── Rule Group: Failed Authentication Detection
├── Rule Group: Malware Detection
└── Rule Group: Data Exfiltration Detection
Child Organisation: European Division
├── Inherits: All parent rule groups
├── Adds: GDPR-specific data access rules
└── Customises: Adjusted thresholds for regional patterns
Response Inheritance
Parent Organisation: Standard Incident Response
├── Email Notifications → Security Team
├── Ticket Creation → ITSM System
└── Automated Blocking → Firewall
Child Organisation: Finance Division
├── Inherits: All parent responses
├── Adds: Regulatory notification → Compliance Team
└── Enhances: Priority escalation for financial systems
Report Inheritance
Parent Organisation: Executive Reporting Suite
├── Monthly Security Dashboard
├── Compliance Summary Report
└── Threat Intelligence Briefing
Child Organisations: All Subsidiaries
├── Inherit: All parent reports with organisation-specific data
├── Customise: Branding and contact information
└── Extend: Additional local compliance reports
Data Retention Control
Parent Policy: Standard 7-year retention
├── Financial Sub-Org: 10 years (regulatory requirement)
├── Development Sub-Org: 1 year (cost optimization)
├── PCI Environment: 3 years (PCI DSS compliance)
└── General Operations: 7 years (inherited policy)
Multi-Tenant Security
Feature Inheritance Benefits
The comprehensive feature inheritance model provides significant operational and security advantages:
Operational Efficiency
- Centralised Management - Define security policies once at the parent level and automatically distribute to child organisations
- Consistent Security Posture - Ensure all organisations benefit from the latest threat detection capabilities
- Reduced Administrative Overhead - Minimise duplication of effort across multiple organisations
- Rapid Deployment - New security features automatically available to all child organisations
Flexibility and Control
- Selective Inheritance - Choose which features to inherit and which to customise locally
- Override Capability - Child organisations can override inherited features when business needs require it
- Additive Configuration - Add organisation-specific features alongside inherited ones
- Version Control - Track changes to inherited features across the organisational hierarchy
Data Isolation
- Complete Separation - Each organisation’s data is completely isolated from others
- Encrypted Storage - All data encrypted with organisation-specific keys
- Network Isolation - Logical network separation between organisational data flows
- Access Logging - Complete audit trail of all cross-organisational access
Administrative Separation
- Role-Based Boundaries - Administrative roles respect organisational boundaries
- Audit Independence - Each organisation maintains independent audit logs
- Configuration Isolation - Organisation configurations cannot interfere with each other
- Backup Separation - Data backups maintain organisational separation
Implementation Best Practices
Planning Your Organisational Structure
- Map Business Structure - Align security organisation with business organisation
- Consider Compliance - Factor in regulatory requirements for different business units
- Plan for Growth - Design structure to accommodate future organisational changes
- Define Data Flows - Understand how data should flow between organisations
User Management Strategy
- Principle of Least Privilege - Grant minimum necessary access to each user
- Regular Access Reviews - Periodically review user access across organisations
- Role Standardisation - Develop standard roles that can be applied across organisations
- Onboarding/Offboarding - Establish clear processes for user lifecycle management
Feature Inheritance Strategy
- Inheritance Planning - Design which features should be inherited vs. customised at each organisational level
- Version Management - Establish processes for updating inherited features across the organisation
- Override Governance - Define clear policies for when child organisations can override inherited features
- Change Communication - Implement communication processes for feature updates that affect multiple organisations
Project Organisation
- Logical Grouping - Group related data sources into coherent projects
- Clear Boundaries - Ensure project boundaries align with business and compliance needs
- Retention Planning - Design project retention policies to balance compliance, cost, and operational needs
- Consistent Naming - Use consistent naming conventions across organisations
- Documentation - Maintain clear documentation of project purposes, scope, and retention requirements
Getting Started with Multi-Tenancy
Initial Setup
- Design Organisation Structure - Plan your organisational hierarchy
- Create Organisations - Set up parent and child organisations
- Configure Inheritance - Set up appropriate inheritance relationships
- Create Projects - Establish initial projects within organisations
- Assign Users - Add users to appropriate organisations with correct permissions
Migration Considerations
- Existing Deployments - Migrate existing single-tenant deployments to multi-tenant structure
- Data Migration - Plan for moving existing data into appropriate projects
- User Transition - Transition existing users to new organisational structure
- Configuration Updates - Update existing configurations to work with new structure
For detailed implementation guidance and step-by-step setup instructions, visit our Guides section.