Skip to content

Latest commit

 

History

History
134 lines (68 loc) · 7.45 KB

safe_usecases.md

File metadata and controls

134 lines (68 loc) · 7.45 KB
Raw

Authors: stummidi@pivotal.io, rayc@google.com, pragashjj@gmail.com, ckemper@google.com

Created: 7 March 2017

This is a living document, please feel free to add use cases and personas through a PR. We want this to be a repository of cloud native security related use cases.

Refer:

SAFE Cloud Foundry Use Cases: https://goo.gl/4pmdqt

Administrators Bill of Rights: https://goo.gl/yQCxE8

Summary

Within an enterprise, based on the organization structure, we may have one or more of the personas. They could be from Developer, Enterprise Operator, Network Operator, End User, Infrastructure Provider. In this document, we will try to breakdown the use cases by applying bill of rights to each personas.

Developer

  • As a developer, I need to provide logs for any changes to a critical resources, such that they can be made available for auditing

  • As a developer, I need to be able to tag my resources so that they can be grouped by an administrator when required

  • As a developer I need to be able to perform an access check for a resource

Enterprise Operator

  • As an enterprise operator, I need a central way to look at the organizational resources, so that I can administer them in a single view

  • As an enterprise operator, I need the ability to see what about the resource changed, who changed it and when it was changed, so that I can report on for compliance

  • As an enterprise operator, I need a way to delegate policy control to lower level admins, including sub enterprise operators, who help me scale.

  • As an enterprise operator, I need a way to nominate per-policy-type operators (e.g. network and quota operators) both at the corporate level but also at lower levels.

  • As an enterprise operator, I can evolve my organization structure through growth, mergers and divestitures.

  • As an enterprise operator, I can delete my organizations’ cloud resources.

  • As an enterprise operator, I can act autonomously within the organization or a compartment within an organization that I administer.

  • As an enterprise operator, I can understand the effect of changes to policy that I am making

Quota Operator

  • As an quota operator, I need a central way to look at the organizational resources, so that I can administer them in a single view

  • As a quota operator, I need a central way to look at the usage of all my organizations resources.

  • As a quota operator, I need a way to constrain how many resources a set of teams is able to use.

  • As a quota operator, I need a way to delegate resource quota management to lower level admins including sub quota operators who help me scale

  • As a quota operator, I need to understand how and when teams were allocated their resource quotas.

  • As a quota operator, I need to be alerted if resource quota allocation exceeds a certain amount.

  • As a quota operator, I can understand the effect of changes to quota that I am making

Network Operator

  • As a network operator, I need a central way to look at the networks in my organization, so that I can administer them in a single view.

  • As a network operator, I need a way to delegate network policy management to lower level admins including sub network operators who help me scale.

  • As a network operator, I need a way to configure network firewall policy.

  • As a network operator, I need to understand how and when network policies were configured.

  • As a network operator, I can understand the effect of changes to network policy that I am making

End User

  • As an end user, I can understand which resources I can access and how I can request access to a resource

  • As an end user, I can delegate or revoke access to downstream applications/resource or other users

  • As an end user, I can request access to a resource and operations.

  • As an end user, I can understand the effect of changes to policy that I am making

Compliance Officer /Auditor

  • As a compliance officer, I can audit all accesses and understand all policy grants for my organizations’ cloud resources - including all accesses of other administrators.

  • As a compliance officer, I can certify access to resources on a periodic basis.

  • As a compliance officer, I can identify Policy/SOD (segregation of duties) violations.

  • As a compliance officer, I can set audit logging policy that controls what data gets collected for auditing purposes.

  • As a compliance office, I can understand the effect of changes to audit logging policy that I am making

Security Administrator

  • As a security administrator, I can centrally administer my organizations’ cloud resources.

  • As a security administrator, I can audit all accesses and understand all policy grants for my organizations’ cloud resources

  • As a security administrator, I can compartmentalize my organizations’ cloud resources.

  • As a security administrator, I can delegate administration of a compartment of my organization’s cloud resources to another administrator.

  • As a security administrator, I can act autonomously within the organization or a compartment within an organization that I administer.

  • As a security administrator, I can constrain the behavior of users and resources within my organization.

  • As a security administrator, I can make exceptions to rules governing my organization’s cloud resources.

  • As a security administrator, I can exercise the above rights in hybrid and mutli-cloud deployments without compromising my ability to manage my organizations’ cloud resources.

Third Party Security Product/System

  • A third party system should be able to affect security policy based on assets being tagged as quarantined.

    • To put it more generically, I should be able to associate resources with dynamic labels/tags which can be used to trigger certain policies