Methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing data in a multi-tenant system. One of the methods includes receiving a data processing job associated with a user account of a user; determining to launch the data processing job on one or more cloud clusters of a cloud services provider; identifying a mirror account corresponding to the user, wherein the mirror account defines which cloud resources of the cloud services provider the user is permitted to access; obtaining a key for the mirror account; sending a request to launch the data processing job on the one or more cloud clusters, comprising sending data characterizing the data processing job, the mirror account of the user, and the obtained key to the one or more cloud clusters; and receiving output data associated with the data processing job from the one or more cloud clusters.