Analytics Slideshow Calculating Cloud ROI
|(click for larger image and for full photo gallery)|
The multitenant application by design is meant to serve hundreds or thousands of simultaneous users over the Internet. Its ability to do so determines whether it's an efficient, successful cloud application. Salesforce serves hundreds of thousands of users per day running just 16 instances of its application, he said.
A key part of multi-tenancy is that each user draws from a shared library of business application components, stored in memory, but an application that reflects individual settings, forms, reports, workflows, and access privileges is built on the fly by the Salesforce engine from metadata, stored in a universal data dictionary.
SugarCRM CIO and VP of engineering Lila Tretikov agreed that the multitenant application was the most efficient way to serve thousands of users at one time but differed with Coffee in a key detail. With the SugarCRM approach, the shared application gets its own copy of the database system. A customer's data is stored in a database unique to the customer, not shared with other customers.
Coffee said data from multiple customers is stored in Salesforce databases but the precision and rules of operation of relational database, plus Salesforce's additional tagging and user access control in the use of that data, made the practice safe.
When Ellison referred to "co-mingled data," he was referring to how it was stored by Salesforce, said Tretikov, a Salesforce.com competitor. Salesforce.com minimized the number of database licenses it had to pay for by combining customer data in them. She said the SugarCRM model of generating a database system for each customer was a better way to secure customer data.
"In the lab, I've seen breaches of data security when a technician entered a mistaken foreign key and accessed someone else's data," she said. "I agree with Ellison" that Salesforce.com has a weaker security model, at least in comparison to SurgarCRM, she said.
Coffee said both Ellison and Tretikov were bringing up a non-issue. Banks, telephone companies, and financial services firms mix customer data in one database system without compromising the privacy of the customer data. The database system Salesforce.com uses is Oracle, he noted, while SugarCRM uses open source MySQL as its default system, he noted. Surely Oracle vouches for the integrity of the operation of its database, he said.
Asked about examples of data compromises that she knew of in Salesforce.com's or other companies' mixing of customer data in the database, Tretikov said, "I can't think of any."