Based on our cloud infrastructure, we have built and operate a multi-tenant microservice architecture as well as a shared platform to support our products. In a multi-tenant architecture, a single service serves multiple customers, including databases and computing instances required for running legal-i. Each service contains the data for multiple tenants, but the data of each tenant is isolated and inaccessible to other tenants.

Our microservices are built according to the principle of least privilege and are designed to minimize the scope of zero-day attacks and reduce the likelihood of lateral movements within our cloud environment. Each microservice has its own data store, which can only be accessed with the authentication protocol specific to that service, meaning that no other service has read or write access to this API. We have focused on isolating microservices and data rather than providing dedicated infrastructure per tenant, as this restricts access to the narrow data scope of a single system for many customers. Since the logic is decoupled and data authentication and authorization occur at the application level, this serves as an additional security check when requests are sent to these services. Therefore, if a microservice is compromised, it only results in limited access to the data required by that particular service.