SmartMoney is an application developed by the fictional company OneFinance, which manages financial data for thousands of customers. SmartMoney helps customers gain insight into their personal finances and provides advice on becoming financially healthy. The customer service department is responsible for managing all of the customer data. Based on this data, the expert department provides advice to customers on how to save costs and create monthly budgets.

When the COVID-19 pandemic broke out, the government enforced lockdowns, which had severe consequences for OneFinance. With employees working from home and unable to access the SmartMoney application, OneFinance which had not invested much in their infrastructure, faced challenges as everything still ran on-premises with no remote connection possible. To enable employees to work from home, the company rushed to bring some of their workloads to the cloud. Below the current architecture in Azure.

Current Azure architecture

SmartMoney Employees from OneFinance can authenticate to the SmartMoney application using their Azure AD account. The application is hosted in Azure App Service and uses Azure SQL and Azure Storage account to store data. The SmartMoney solution is split into a frontend application and backend application that contains a set of APIs. All is deployed and managed into one subscription. The application is available through a public URL. Firewall settings are configured to only allow certain IP addresses to access the application.

Zero Trust

Zero Trust is not a one-time task, but rather an ongoing effort to enhance your security. While it's important to carefully consider your architecture before implementing Zero Trust, I will continually update the information and architecture as I publish new articles about improving the architecture of SmartMoney. Information might be updated to demonstrate new services or features that can be used to improve the security of the application.

Protect surface

To implement Zero Trust, the initial step is to identify the surfaces that require protection. OneFinance has multiple internal and external applications, among which SmartMoney is recognized as a protect surface. Additionally, the ERP system, intranet, and corporate website are also considered as protect surfaces.

Map the transaction flows

  • The frontend application communicates with the backend API to fetch and write data.
  • The backend application fetch and store data from Azure SQL
  • The backend application fetch and store data from Azure Storage account

Architect a Zero Trust environment

In each article, I'll explain how to secure the application and infrastructure.

Create Zero Trust security policies


Monitor and maintain


Read more about Zero Trust

Articles about securing the infrastructure

Here is a list of articles that detail how the infrastructure has been modified to align with the principles of Zero Trust.