To reduce the total cost of ownership associated with managing security data from several organizations where data sharing across them is not allowed, some users prefer to use Sentinel in a multitenant mode where each organization's data is in a logical silo, preventing one organization from seeing the data of another. A logical silo, as opposed to a physical silo, allows the same hardware and software instances to be used to manage the data from multiple organizations while preserving data privacy. One typical user of this approach are Managed Security Service Providers (MSSPs), which might use this approach to keep their costs low while providing security monitoring for many customers. Multiple MSSP models are possible, ranging from Cloud-based services to outsourced Security Operating Center (SOC) monitoring.
In MSSP environments, the MSSP (Sentinel administrator) administers the Sentinel system and the MSSP's customers, often referred to as tenants, utilize a portion of the system's processing power to perform their security monitoring. Each tenant's data is stored alongside other tenant's data, while the system keeps track of the data that belongs to each tenant and preserves data privacy. Some form of logical separation is important to ensure that one tenant does not see another tenant's data. Only the MSSP should have the ability to see the data across all tenants. Sentinel provides multitenancy capabilities that enable the security monitoring of multiple tenants to be handled by a single instance of hardware and software while preserving data privacy.