Header background

Dynatrace elevates data security with separated storage and unique encryption keys for each tenant

Dynatrace continues to deliver on its commitment to keeping your data secure in the cloud. Enhancing data separation by partitioning each customer’s data on the storage level and encrypting it with a unique encryption key adds an additional layer of protection against unauthorized data access. Separate data storage fulfills the security compliance requirements of many Dynatrace customers operating in highly regulated sectors, making it much easier for them to use Dynatrace SaaS and accelerate their digital business transformation.

Protect data in multi-tenant architectures

To bring you the most value by unifying observability and security in one analytics and automation platform powered by AI, Dynatrace SaaS leverages a multitenancy architecture, enabling efficient and scalable data ingestion, querying, and processing on shared infrastructure. Such infrastructures must implement additional controls to securely separate each customer’s data. Dynatrace ensures that each customer’s tenant data is separated from each other customer’s data throughout its lifecycle using multiple layers of data security controls, such as:

In addition to the data security controls, a rigorous secure development lifecycle (SDL) ensures that data security controls for data separation work as designed and that any potential issues are detected and prevented during development. The Dynatrace SDL includes penetration testing, red teaming, continuous threat modeling and risk assessments, a public bug bounty program, and vulnerability scans.

Dedicated storage and unique encryption keys for each tenant

Dynatrace introduces a fundamental improvement in how each customer’s tenant data is kept separate. By providing dedicated storage and a unique encryption key for each tenant, each Dynatrace tenant’s data is kept separate at rest on the storage level, significantly reducing the risk of unauthorized access to the data.

A unique encryption key is applied to each tenant’s storage and automatically rotated every 365 days. This guarantees that only one tenant is affected in the unlikely case of a compromised encryption key. For further security and convenience, you can easily revoke a key without impacting your data.

This level of data separation and encryption fulfills the security compliance requirements of many Dynatrace customers operating in highly regulated sectors.

Tenant data separation in Dynatrace

Currently, the enhanced tenant data separation and encryption feature is activated by default for all Dynatrace SaaS customers on AWS using the latest version of Dynatrace SaaS. There is no need to make any changes.

On AWS, each Dynatrace tenant now has a dedicated S3 bucket assigned to it. All new Dynatrace platform data at rest is stored in such a dedicated S3 bucket. S3 buckets are configured to be encrypted with a bucket key stored in the AWS key management system (KMS). Each S3 bucket is assigned its own unique bucket key. All bucket keys are managed by Dynatrace and are configured to rotate automatically after 365 days.

What’s next

Next, the enhanced data separation and encryption features are planned for release to all customers on Azure and then to all customers on Google Cloud.

With improved data separation and newly introduced encryption, Dynatrace helps you fulfill data security requirements for highly regulated sectors.

Contact your Dynatrace account manager to learn how Dynatrace meets your organization’s security, privacy, and compliance requirements and to accelerate your journey to Dynatrace SaaS.