Authors: stummidi@pivotal.io , rayc@google.com , pragashjj@gmail.com , ckemper@google.com
Updated: 9 April 2019
This is a living document, please feel free to add use cases and personas through a PR. This initial version was derived from inputs referenced below. Please add references for new use cases, which could include shared documents from other projects, published research or case studies of cloud native technologies in real world use.
References
- Cloud Foundry Use Cases: https://goo.gl/4pmdqt
- Google: Administrators Bill of Rights
Overview
This is a list of use cases to enable secure access, policy control and safety for users of cloud native technology.
Users
Within an enterprise, based on the organization structure, we may have one or more of the personas. The more general user categories are separated into these more detailed personas where roles may be held by different people in a large organization.
- Operators: Enterprise, Quota, Network
- Administrators: Security, Compliance/Audit
- Developers, including Third Party Security Products
- End-users
- Platform Implementers
A project will often have a very focused target audience and not all use cases are applicable in every situation. The use cases below are a guide to consider common needs that often require support from multiple products or technologies in order to be fully functional for the target users.
Operator
Enterprise
As an enterprise operator, I need a central way to look at the organizational resources, so that I can administer them in a single view
As an enterprise operator, I need the ability to see what about the resource changed, who changed it and when it was changed, so that I can report on for compliance
As an enterprise operator, I need a way to delegate policy control to lower level admins, including sub enterprise operators, who help me scale.
As an enterprise operator, I need a way to nominate per-policy-type operators (e.g. network and quota operators) both at the corporate level but also at lower levels.
As an enterprise operator, I can evolve my organization structure through growth, mergers and divestitures.
As an enterprise operator, I can delete my organizations’ cloud resources.
As an enterprise operator, I can act autonomously within the organization or a compartment within an organization that I administer.
As an enterprise operator, I can understand the effect of changes to policy that I am making
Quota
Since quota is often used for cost control, this may imply a different persona with financial, rather than an engineering background.
An important use of quota is to protect a service from abuse. By setting a quota, we can ensure that a single individual or group cannot bring down the service for everybody else (either intentionally or unintentionally). For example, services may lack sufficient protections (such as exponential backoff) and a simple quota enforcement in front of the service can reduce the impact of repeated request on the rest of the infrastructure.
As an quota operator, I need a central way to look at the organizational resources, so that I can administer them in a single view
As a quota operator, I need a central way to look at the usage of all my organizations resources.
As a quota operator, I need a way to constrain how many resources a set of teams is able to use.
As a quota operator, I need a way to delegate resource quota management to lower level admins including sub quota operators who help me scale
As a quota operator, I need to understand how and when teams were allocated their resource quotas.
As a quota operator, I need to be alerted if resource quota allocation exceeds a certain amount.
As a quota operator, I can understand the effect of changes to quota that I am making
Network
As a network operator, I need a central way to look at the networks in my organization, so that I can administer them in a single view.
As a network operator, I need a way to delegate network policy management to lower level admins including sub network operators who help me scale.
As a network operator, I need a way to configure network firewall policy.
As a network operator, I need to understand how and when network policies were configured.
As a network operator, I can understand the effect of changes to network policy that I am making
Administrator
Compliance Officer / Auditor
As a compliance officer, I can audit all accesses and understand all policy grants for my organizations’ cloud resources - including all accesses of other administrators.
As a compliance officer, I can certify access to resources on a periodic basis.
As a compliance officer, I can identify Policy/SOD (segregation of duties) violations.
As a compliance officer, I can set audit logging policy that controls what data gets collected for auditing purposes.
As a compliance officer, I can understand the effect of changes to audit logging policy that I am making.
As a compliance officer, I can configure my organization’s resources to meet the requirements of relevant standards such as PCI , FedRAMP or HIPAA , and I can generate assessment and attestation artifacts showing how the relevant requirements are met.
Security Administrator
As a security administrator, I can centrally administer my organizations’ cloud resources.
As a security administrator, I can audit all accesses and understand all policy grants for my organizations’ cloud resources
As a security administrator, I can compartmentalize my organizations’ cloud resources.
As a security administrator, I can delegate administration of a compartment of my organization’s cloud resources to another administrator.
As a security administrator, I can act autonomously within the organization or a compartment within an organization that I administer.
As a security administrator, I can constrain the behavior of users and resources within my organization.
As a security administrator, I can make exceptions to rules governing my organization’s cloud resources.
As a security administrator, I can exercise the above rights in hybrid and multi-cloud deployments without compromising my ability to manage my organizations’ cloud resources.
Developer
As a developer, I need to provide logs for any changes to a critical resources, such that they can be made available for auditing
As a developer, I need to be able to tag my resources so that they can be grouped by an administrator when required
As a developer I need to be able to perform an access check for a resource
Third Party Security Product/System
A third party system should be able to affect security policy based on assets being tagged as quarantined.
- To put it more generically, I should be able to associate resources with dynamic labels/tags which can be used to trigger certain policies
End user
As an end user, I can understand which resources I can access and how I can request access to a resource
As an end user, I can delegate or revoke access to downstream applications/resource or other users
As an end user, I can request access to a resource and operations.
As an end user, I can understand the effect of changes to policy that I am making
Platform Implementer
The recognition of the platform implementer as a distinct role is a relatively recent phenomenon. The goal of the platform implementer is to take the business requirements and translate them to the underlying technology or cloud platform to make the organization’s enterprise, network and quota operators and security administrators and compliance officers successful.
One important aspect of this role may be to bridge between the heterogeneous cloud environments that are in use at the organization to provide a homogeneous management surface to the administrators and operators. This role is more technical than the roles of the operators and administrators and will often overlap with the role of a developer.
As a platform implementer I can provide central administration of cloud resources to my operators and administrators.
As a platform implementer I can provide compartmentalization of cloud resources for delegation purposes by operators and administrators.
As a platform implementer I can allow my operators and administrators to delegate administration of resources.
As a platform implementer I can enable my security administrators to constrain the behavior of developers by setting guardrails.
As a platform implementer I can enable my security administrators and compliance officers to enforce auditing of access policies.
As a platform implementer I can enable my security administrators and compliance officers the auditing of resource access.
As a platform implementer I can enable my compliance officers the setting of audit logging policies for my organization’s resources
As a platform implementer I can enable my compliance officers to certify the non-violation of my organization’s compliance needs.