From ce55c07dd20a5a748b801d6fc92ae64588530fc7 Mon Sep 17 00:00:00 2001 From: Boaz Michaely Date: Mon, 10 Mar 2025 18:27:27 -0400 Subject: [PATCH 1/4] Create Use Case Template.md --- scenarios/Use Case Template.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 scenarios/Use Case Template.md diff --git a/scenarios/Use Case Template.md b/scenarios/Use Case Template.md new file mode 100644 index 0000000..e69de29 From 82da98efeef38d4934185a38efd38bacdbcb6ce2 Mon Sep 17 00:00:00 2001 From: Boaz Michaely Date: Mon, 10 Mar 2025 18:45:45 -0400 Subject: [PATCH 2/4] Populated the file I forgot to save before commit... --- scenarios/Use Case Template.md | 96 ++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/scenarios/Use Case Template.md b/scenarios/Use Case Template.md index e69de29..950dfaa 100644 --- a/scenarios/Use Case Template.md +++ b/scenarios/Use Case Template.md @@ -0,0 +1,96 @@ +# Use Case Template + +This template provides a structured way to document use cases for the Zero Trust Validated Pattern. Each use case should clearly define the persona, goal, environment, workflows, security issues, and how Zero Trust addresses these issues. + +--- + +## Persona +*Who is using the pattern?* + +**Example**: +*As a Security Architect, I need to secure a multi-tenant SaaS application running on OpenShift.* + +--- + +## Goal +*What is the persona trying to accomplish?* + +**Example**: +*I want to ensure that communication between microservices is secure, even when some services are running on-premises and others in the cloud.* + +--- + +## Why +*Why is this goal important? What are the risks or challenges?* + +**Example**: +*Without Zero Trust, lateral movement within the network could allow an attacker to compromise multiple services if one is breached.* + +--- + +## Environment +*Describe the real-life environment the persona is working in.* + +**Example**: +*The environment includes an OpenShift cluster running on-premises, a public cloud provider (e.g., AWS), and legacy applications that cannot be containerized.* + +--- + +## Workflows +*Detail the specific workflows or processes the persona follows.* + +**Example**: +*The DevOps engineer deploys microservices using Helm charts, configures CI/CD pipelines, and monitors the environment using Prometheus and Grafana.* + +--- + +## Security Issues +*Identify the security gaps or risks in the current workflow.* + +**Example**: +*Currently, network policies are not enforced, and service-to-service communication relies on implicit trust within the cluster.* + +--- + +## How Zero Trust Addresses the Issues +*Explain how the Zero Trust pattern mitigates the identified risks.* + +**Example**: +*By implementing Zero Trust, all service-to-service communication is authenticated and encrypted, and network policies enforce least-privilege access.* + +--- + +## Example Use Case: Multi-Tenant SaaS Application + +### Persona +*As a Security Architect...* + +### Goal +*I want to secure a multi-tenant SaaS application running on OpenShift.* + +### Why +*Without Zero Trust, a compromised tenant could potentially access another tenant’s data, leading to a data breach and regulatory penalties.* + +### Environment +*The application is hosted on an OpenShift cluster with multiple tenants. Each tenant has its own namespace, but some shared services (e.g., databases) are used across tenants.* + +### Workflows +*Tenants onboard through a self-service portal, and their workloads are deployed in isolated namespaces. Shared services are accessed via APIs.* + +### Security Issues +*Currently, there is no enforcement of tenant isolation at the network level, and shared services rely on IP-based access control.* + +### How Zero Trust Addresses the Issues +*Zero Trust ensures that all communication between tenants and shared services is authenticated and authorized. Network policies enforce strict isolation, and mutual TLS (mTLS) encrypts all traffic.* + +--- + +## How to Use This Template +1. Copy this template for each new use case. +2. Replace the example content with details specific to the use case you're documenting. +3. Save the file with a descriptive name (e.g., `multi-tenant-saas.md`) in the `scenarios` folder. +4. Link the use case to relevant scenarios in the repository. + +--- + +**Note**: This template is a starting point. Feel free to adapt it to better fit the needs of your project! From bba35c2cac41b4291c30a2a3512c28b0c73251d6 Mon Sep 17 00:00:00 2001 From: Boaz Michaely Date: Mon, 10 Mar 2025 18:52:38 -0400 Subject: [PATCH 3/4] Corrected markdownindentation --- scenarios/Use Case Template.md | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/scenarios/Use Case Template.md b/scenarios/Use Case Template.md index 950dfaa..540e923 100644 --- a/scenarios/Use Case Template.md +++ b/scenarios/Use Case Template.md @@ -60,37 +60,34 @@ This template provides a structured way to document use cases for the Zero Trust --- -## Example Use Case: Multi-Tenant SaaS Application +# Example Use Case: Multi-Tenant SaaS Application -### Persona +## Persona *As a Security Architect...* -### Goal +## Goal *I want to secure a multi-tenant SaaS application running on OpenShift.* -### Why +## Why *Without Zero Trust, a compromised tenant could potentially access another tenant’s data, leading to a data breach and regulatory penalties.* -### Environment +## Environment *The application is hosted on an OpenShift cluster with multiple tenants. Each tenant has its own namespace, but some shared services (e.g., databases) are used across tenants.* -### Workflows +## Workflows *Tenants onboard through a self-service portal, and their workloads are deployed in isolated namespaces. Shared services are accessed via APIs.* -### Security Issues +## Security Issues *Currently, there is no enforcement of tenant isolation at the network level, and shared services rely on IP-based access control.* -### How Zero Trust Addresses the Issues +## How Zero Trust Addresses the Issues *Zero Trust ensures that all communication between tenants and shared services is authenticated and authorized. Network policies enforce strict isolation, and mutual TLS (mTLS) encrypts all traffic.* --- -## How to Use This Template +# How to Use This Template 1. Copy this template for each new use case. 2. Replace the example content with details specific to the use case you're documenting. 3. Save the file with a descriptive name (e.g., `multi-tenant-saas.md`) in the `scenarios` folder. 4. Link the use case to relevant scenarios in the repository. ---- - -**Note**: This template is a starting point. Feel free to adapt it to better fit the needs of your project! From 0854d055c1eadb9716640325a19740f0b2325d2e Mon Sep 17 00:00:00 2001 From: Boaz Michaely Date: Mon, 10 Mar 2025 19:19:40 -0400 Subject: [PATCH 4/4] added Type of customer or industry --- scenarios/Use Case Template.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scenarios/Use Case Template.md b/scenarios/Use Case Template.md index 540e923..1723f23 100644 --- a/scenarios/Use Case Template.md +++ b/scenarios/Use Case Template.md @@ -58,6 +58,9 @@ This template provides a structured way to document use cases for the Zero Trust **Example**: *By implementing Zero Trust, all service-to-service communication is authenticated and encrypted, and network policies enforce least-privilege access.* +## Type of customer or industry (optional) +*Identify the type of customer or industry where this use case is appliacble (Finance / Healthcare / Gov / Telco etc). Skip if this is applicable to everyone* + --- # Example Use Case: Multi-Tenant SaaS Application @@ -83,6 +86,10 @@ This template provides a structured way to document use cases for the Zero Trust ## How Zero Trust Addresses the Issues *Zero Trust ensures that all communication between tenants and shared services is authenticated and authorized. Network policies enforce strict isolation, and mutual TLS (mTLS) encrypts all traffic.* +## Type of customer or industry +1. A Telco who manages a mult cluster environment for multiple vendors using ACM Hub +2. Large Enterprise managing infrastructure for internal tenants + --- # How to Use This Template