In order to protect an individual organization’s data from unauthorized access or disclosure to other parties, data should be segmented on the basis of organization. An example of segmentation would be to use a different database instance for each organization.
Data that is comingled with data from other organizations is more likely to be disclosed. These disclosures could be due to technical flaws, the result of compromise of part of the system, or caught up in a legal order for data for another organization.
Generally, organizations look for their data to be kept in separate database instances, in different cloud object storage buckets, on different virtual volumes, or any other means of separating the individual organization’s data from other organizations.
At a minimum, some organizations, depending on the nature of the information, may accept that the data is identified as belonging to each organization and having mandatory access controls protecting the data from unauthorized access. Note, for this to be acceptable to some organizations, methods for dealing with legal holds, e-discovery, and subpoenas must be well established and documented.