RBAC means having all data in one pile, relying on a policy you create, and sharing resources (e.g. execution).
Multi Tenancy means dedicating resources, storage to particular clients.
For SOAR, we find there are 3 main use cases for Multi Tenancy
- One organisation using MT for internal purposes having each Tenant per business unit
- A MSSP ‘black box’ offering
- A MSSP offering that allows end clients access to the data/processes
Depending on your use cases RBAC might be acceptable for #1
If the data is not sensitive, and you are 100% confident of never making mistakes RBAC might be acceptable for #2
But RBAC should not be used for #3.
Imagine the consequence one of these quite simple mistakes
- inbound data differs from normal is not mapped correctly
- an analyst fat fingers a ticket and removes a tag/role
- the platform config is reverted to a state where the rags/roles were different
- a dev mistakenly maps an automation task to the wrong API credentials (pointing to the wrong destination server)
- …..etc
If your data, processes, credentials are sensitive, make sure whatever you deploy is actually Multi Tenant, and not simply using RBAC.
Andy
(Credit Dan)