The biggest challenge in securing companies today is complexity. Too many attacks, but also, too many defenses. And, they keep growing. Maddening. But, there is a new security reference that simplifies this Herculean task. Cisco SAFE uses a model and a method to guide you.
SAFE uses a model to organize the network into logical areas called places in the network (PINs). Each PIN has common business use cases that require common security capabilities.
Cisco SAFE Places in the Network
By understanding how your business flows through out each of the PINs, you are able to tie them to security requirements. SAFE eases this challenge by providing:
Let's take an example for one of the locations; the branch, to show you how SAFE uses a model, a method and icons to secure the business. The branch can be configured to support any industry and we will use retail in this example. How is the retail business and network security related?
These are just some of the critical questions for both the business and technical sides of the house. The Francisco's Supermarket chain wants to ensure that they are secure and able to support the business within their 800 stores across the US.
Francisco's wants to secure their store branch locations.
Francisco's stores have three business use cases that the network must secure.
Francisco's has ranked their store business processes in this order:
Francisco's makes a list of all of the business needs at a location along with policies, risks, and threats that could be present in each of their store branches.
What are the policies? Francisco's Chief Security Officer has three primary policies:
What are the risks and threats? Francisco's identifies five major risks and threats.
By combining the policy, risk, and threat concerns with the business objectives, you can design with a holistic picture of what is important. The next step is to create the solution and depict it using the SAFE icons so that it is easy for the customer to understand.
Knowing the business requirements, policies, risks, and threats, create your solution using the three phases of the SAFE Method.
Capability Phase
Based on the policy, risks, and threats, what security capabilities are needed for this business flow?
SAFE Capability Diagram: Credit Card Clerk required security capabilitiesArchitecture Phase
In the architecture phase, logically arrange the capabilities for the credit card transaction into a business flow architecture. This simply means that you will place the security capabilities where they would logically be used to secure that flow.
SAFE Architecture Diagram: Credit Card business architecture using required security capabilities.Then, do the same exercise with the "Manager use case" and the "third party (vendor access) use case." Ensure that they flow through the capabilities needed to secure them.
SAFE Architecture Diagram: Credit Card, Manager and Vendor business architecture using required security capabilitiesDesign Phase
Knowing the business architecture, you can now create a design that matches the business requirements. The output will be a direct mapping of the business concerns to the security within the network.
SAFE Design Diagram: Francisco's store DesignThese designs will have specific models with the required interfaces and software images. By providing pricing, business justification can be directly mapped to the technology and priority that was captured in the third step.
SAFE provides a model for reference, a method to customize it, and icons to document with. Security isn't simple, but you can use SAFE to help simplify it.
Visit cisco.com/go/SAFE to learn more.