Year: 2016

July 1, 2016 Leave a Comment
Avatar

QSS Capitalizes on the Hybrid Cloud Opportunity

The market for cloud services is growing like wildfire. But to capture it, cloud service providers need speed and flexibility. In this marketplace, making customers choose between the same old limited infrastructure-as-a-service (IaaS) options, or waiting weeks for custom solutions, is no choice at all. Now, leading service providers like QSS can offer a better option: fast, flexible, custom hybrid cloud solutions.

As the leading cloud provider in Bosnia and Herzegovina, QSS leaders know that staying on top means giving customers better business solutions faster. The company was already known for superior custom on-premises and cloud IT solutions. To grow their business and keep an edge on the competition, they wanted to be able to provide a wider range of hybrid cloud services. They wanted to deliver them with total security and flexibility. And they wanted to be able to monetize them sooner.

QSS needed a hybrid cloud platform that would let them quickly acquire new cloud business models and revenue streams wherever new opportunities arose. They wanted to build on a proven architecture with strong security. And they wanted the flexibility to continually integrate new cloud services in an automated fashion, with fast, low-risk migration. They turned to the Cisco Cloud Architecture for Microsoft Cloud Platform.

qss 1

Cisco Cloud Architecture for Microsoft Cloud Platform

QSS launched one of the first Cisco Cloud Architecture for Microsoft Cloud Platform deployments in Europe. The solution uses Cisco Application Centric Infrastructure (ACI) to fuse QSS’ Cisco cloud data center with Windows Azure Pack. With joint design and engineering from Cisco and Microsoft, it all works seamlessly together.

QSS can create new customized cloud solutions for their customers in minutes, and deliver them with little manual intervention. They can offer a broad range of IaaS solutions to customers in financial services, government, and IT. And they can swap easily between private and public cloud domains as needed. Cisco ACI automates almost everything, eliminating the traditional tradeoffs between speed and customizability. qss 2

Hybrid Cloud in Action

Today, QSS is leading the race for next-generation cloud services in Eastern Europe. They can create and monetize new hybrid cloud offerings much faster. And they’re now expanding into new markets like home security and remote metering. QSS has also built a flourishing reseller channel, drawing on training, sales enablement, and demand-generation resources from Cisco and Microsoft. And with Cisco ACI, they can continually refresh their hybrid cloud platform to address new opportunities—simply, and with less risk.

Today, QSS is realizing:

  • 5x faster time to market
  • Setup times reduced from 10 days to 1
  • Customer satisfaction scores that exceed targets
  • Infrastructure that’s updated every two weeks to drive continuous innovation

As a result of the business growth driven by new hybrid cloud capabilities, QSS leaders expect to see a return on their investment within three years.

“Our customers expect us to simplify technology, so they can focus on supporting their business goals,” says Isan Selimović, Chief Executive Officer, QSS. “Now, our business runs lean in operation and agile in delivery. Everything’s kept secure. And it’s much easier and cost effective to customize solutions.”

View the QSS Success Story

qss 3qss 4

Find Out More

And to find out what Cisco Cloud Architecture for Microsoft Cloud Platform can do for your business, visit cisco.com/go/ccamcp.

If you’re joining us in Las Vegas on July 10-14th, visit the Cisco booth which will feature a demo of the Cisco Cloud Architecture for the Microsoft Cloud Platform.

Authors

Avatar

John Malzahn

Senior Marketing Manager

Service Provider Cloud Solutions

Leave a Comment
Avatar

Abstract Away NFV Complexity – Collaboration with Intel and Radware to simplify NFV deployments for Service Providers …

We got together with Intel and Radware over 6 months ago with the idea of not only simplifying NFV deployments, but also pushing the envelope on NFV performance and cloud computing.  The end result was spinning-up a 225 Gbps Radware Alteon ADC within minutes using a GUI, CLI, or REST API.

Cisco’s Data Center NFV Platform Software – Cloud Services Platform 2100

The CSP 2100 is a turn-key NFV and Open x86 KVM software platform for both service provider and enterprise environments. The CSP 2100 is an NFV platform without all the complexities and overhead that come with Openstack deployments. You can start with ONLY one host, then add additional hosts as needed to scale-out.

The CSP 2100 bridges network, server, and security teams by offering several ways to manage and operate the platform. You can manage the platform using a GUI, CLI, REST API, and/or Netconf using Cisco’s Network Services Orchestrator (NSO).

The CSP 2100 is designed for a variety of use cases in the cloud, data center, point-of-presence (POP), central office (CO), co-location (COLO), carrier-neutral facility (CNF), WAN aggregation, DMZ and extranet, core network, and server farm environments.

 

Screenshot 2016-06-30 17.29.43

 

Intel Architecture, Software, and Hardware

The Intel® Xeon® E5-2600 v3 product family offers the following innovative features in the 22-nanometer (nm) Intel process technology node:

  • Accelerated boot and runtime security with little overhead and faster encryption
  • Technologies targeting virtual machine integrity improvement during migration and runtime
  • Asynchronous dynamic random access memory (DRAM) refresh for memory data protection
  • Comprehensive reliability, availability, and serviceability (RAS) features optimized for demanding communications infrastructure needs

The Intel Ethernet Controller XL710 delivers a variety of features, including:

  • Software-configurable Ethernet port speed for up to two 40 Gigabit Ethernet or up to four 10 Gigabit Ethernet connectivity
  • Network virtualization overlay stateless offloads for Generic Network Virtualization Encapsulation (Geneve), Virtual Extensible LAN (VXLAN), and Network Virtualization Using Generic Routing Encapsulation (NVGRE) protocols
  • Intelligent load balancing for high-performance traffic flows of virtual machines
  • Intel DPDK optimized for efficient packet processing to support NFV

Intel DPDK offers the following features:

  • A set of optimized software libraries and drivers that can be used to accelerate packet processing on Intel architecture
  • Support for buffer management, queue and ring functions, flow classifications, network interface cards (NICs), poll mode drivers (PMDs), and an environmental abstraction layer (EAL)

Screenshot 2016-06-30 16.54.05

Radware Network Functions Virtualization

The Radware Alteon and DefensePro virtual appliances decouple network functions from dedicated underlying hardware, allowing next-generation services on the CSP 2100.  Delivering a scalable, ultra-high capacity of up to 225 Gbps per instance (Layer 4) and up to 1 Tbps per cluster, the Alteon virtual appliance for NFV:

  • Reduces total cost of ownership (TCO)
  • Simplifies network services deployment
  • Enables capacity elasticity through a simple license upgrade
  • Automates service lifecycle management

A total of 225 Gbps was achieved on a CSP 2100 2RU form-factor solution, which included the following:

  • CSP 2100 Software running on a 2RU Cisco UCS C240 M4 Rack Server
  • Intel Xeon processor E5-2699 v3 2.30-GHz 145W CPU with 18-core 45-MB cache and DDR4 at 2133 MHz and Intel Xeon processor E3-2600 v3 CPU (two processors). Note: Intel Broadwell processors were not available when testing started, but they will be available in Q3CY16 on the CSP 2100.
  • Dual-port 40-Gbps Quad Enhanced Small Form-Factor Pluggable (QSFP+) Intel Ethernet Controller XL710 NICs (six cards total)
  • Radware Alteon virtual appliance for NFV

The Alteon and DefensePro VNFs provide highly efficient resource utilization on open-source hypervisors by redesigning the virtualization approach to incorporate new technologies that increase overall performance:

  • They bypass the hypervisor’s virtual switch, providing direct and the fast access to the physical NICs of the server based on the Intel PCIe pass-through which is available on the Intel Niantic (Intel 82599 10-Gbps Ethernet controller) and Fortville (Intel Ethernet Controller XL710) NICs.
  • They use a fast-packet-processing algorithm for x86 server-based platforms such as the CSP 2100, which is based on the Intel DPDK code.
  • They use the non-uniform memory access (NUMA) topology of the host server, which enables the VNF to optimize its performance to the underlying server configuration.

These capabilities enable the Alteon virtual appliance for NFV to reach the industry’s best performance of up to 225 Gbps on the CSP 2100.

https://youtu.be/O_fswKA_uz8

Many thanks to Travis Volk and Yaron Antebi of Radware, Ilango Ganga and Jalal Sadreameli of Intel, and Michael Jackson, Ken Hook, and Jim French of Cisco for making this happen.

Related Radware Blog by Travis Volk

Joint White Paper

Authors

Avatar

Gunnar Anderson

Product Manager

CNSG Product Management

Leave a Comment
Avatar

Partner Rewind and Fast Forward

Knock knock.

Who’s there?

Muffled reply. Sounds serious.

Do you open your door?

Hackers hope so.

 

This week we’re talking about:

  • Security, security, security: what’s new and what does it mean to you?
  • Your value proposition. Does it stand out? Or does it sound like everyone else’s?

 

Hackers are knocking at your door.

Take a scavenger hunt through this week’s blog to find this tidbit.

 

“Collectively, our customers are blocking nearly 20 billion threats every day. And they’re detecting these threats much faster. What used to take about 100 days, they’re now doing in less than one. We’re making this happen. OUR PARTNERS are making this happen. Together we are protecting networks, keeping people and businesses safe and secure, and winning together.” (which of our leaders said this?)

 

Find out how we (that’s us + you, Partners!) are helping customers keep their networks safe, secure, and protected. And helping you grow your security practice. Wendy Bahr, SVP, has the scoop in this blog. Also learn how to sell trust, not just security, and enlist your marketing team to help. Michelle Chiantera, VP, shares how in this blog.

 

What do Wendy and Michelle’s blog have in common? They both talk about how important it is to secure your network, why you should sell and market Cisco security (the best in the industry), and how to take the next step.

 

We’re also taking the next step in building our portfolio. That’s why we announced intent to acquire CloudLock. Get more information and find out what the industry is saying, in particular the Wall Street Journal and TechCrunch.

 

Share the news:

 

 

 

>> Fast Forward: We’ll keep the conversation going about security in the next few weeks on our blog, twitter, FaceBook and LinkedIn. So many ways to keep up!

 

 

Does your business sound like everyone else’s business?

When was the last time you reviewed your businesses value proposition and compared it to others?

 

If your answer isn’t three, six, or twelve months ago, it’s time to review. Try this exercise:

  • Put your value proposition next to 5-7 of your competitors value propositions
  • Remove all attribution (company name and any other signs of the company)
  • Show it to members of your executive team, sales, team, and marketing team
  • Rate it: on a scale of 1-4 how much does your value proposition make you want to do business with your company?If you discover it’s time reinvent or refine how you position your company, we can help. In less than 10 minutes your marketing team can learn how to write a clear, concise statement of your value and learn simple techniques to make your messages even more memorable.It all starts at Marketing Velocity.

>> Fast Forward: we’ll cover more marketing resources to help your business next week.

 

What’s next?

 The partner weekly rewind and fast forward is designed to give you a snapshot of what you missed and what’s to come. Tell us what you think and what you want to hear about in the comments. And come back next week for more!

 

Authors

Avatar

Jill Shaul

No Longer With Cisco

Leave a Comment
Avatar

Surfing the Digital Wave at Cisco Live

Cisco Live is a series of global conferences that take place around the world. Cisco Live in Las Vegas is coming up the week of July 10th and is our largest gathering oflas-vegas-sign2 customers, IT experts, partners, media specialists, industry analysts and others interested in learning more about Cisco and our offerings.  It serves as Cisco’s state of the union to connect Cisco customers and our partner eco-system with an opportunity to showcase how Cisco is changing the way we live, work, learn and play. This year’s event is expected to draw over 29,000 attendees and will bring together Cisco enthusiasts across all business and public sector segments including government, education, healthcare, public safety, and transportation.

While in the past Cisco Live (formerly known as Networkers) served as a technical training event for network engineers and other individual contributors, Cisco Live has evolved into Cisco’s IT and communications conference with programs designed for all levels of the organization and all of Cisco’s stakeholder segments. From business leader to technical specialist, public and private sector to sales and marketing as well as our customers and partners and media friends from all verticals and all over the global.

For those of us at Cisco, this event allows us to share our excitement in the common belief that there has never been a better time for technology to solve the world’s toughest challenges and that Cisco and our partners are at the forefront of developing new approaches to tackle these issues.

Nowhere is this technological evolution more evident than with the profound and accelerating transformation of business and government priorities to leverage digital technologies. Digital transformation is the critical conversation happening in board rooms and with government leaders today. It was one of the top discussions in the World Economic Forum in Davos this year. For our customers, digital transformation can create new experiences for their customers, enable new (more competitive) business models, and provide enable enhanced security.  At Cisco, we believe that the foundation for digital transformation is the network + security + analytics + automation that we are uniquely positioned to deliver across the data center, cloud, and every endpoint. Cisco is your foundation for digital transformation.

If you are coming to Cisco Live this year, be sure to stop by the Public Safety area in the World of Solutions where we will have a number of experts and demonstrations to further explain this concept of digital transformation and how Cisco and our partners are moving forward in this area. We will be discussing how Cisco can deliver safer communities, schools, campuses and countries in a digital era along with the digital architecture which provides the foundation to connect people, process, data and things together. We will also be joined in the area by BlueLine Grid as well as feature other key partners.

Of special interest may be several short World of Solutions Theater presentations we’re hosting including:

  • Safer Schools & College Campuses in the Digital Era (CISSOL-1087), Monday, July 11 @3:00 pm
  • Safer Communities and Countries in the Digital Era (CISSOL-1086), Tuesday, July 12 @12:15 pm
  • Public Safety Architecture Foundation for Digital (CISSOL-1088), Wednesday, July 13 @2:15 pm

Along with a longer breakout presentation session:

  • Connected Architectures for Public Safety (BRKIOT-1201), Thursday, July 14; 1:00 pm

Visit the Cisco Live site now to learn more.  We look forward to seeing everyone in Las Vegas.

Thank you

Cisco Public Safety and Cisco Internet of Things Teams

Authors

Avatar

AJ Ramsey

Global Industries Marketing Lead

GMCC-Services Marketing

June 30, 2016 1 Comment
Avatar

#TransformationThursday Series: Keeping Communities Safer

It Takes a Village:

Stories of public safety threats and humanitarian crises dominate news cycles, ever present and continuously increasing in complexity. How do we respond, how do we ensure that our collective human story is a happier, safer one? After all, feelings of basic safety and personal security are essential to the core of day-to-day life in communities around the world.

Continue reading “#TransformationThursday Series: Keeping Communities Safer”

Authors

Avatar

Kacey Carpenter

Senior Manager

Global Government and Public Sector Marketing

Leave a Comment
Avatar

Gotta be SWIFT for this Spam Campaign!

Talos have observed a large uptick in the Zepto ransomware and have identified a method of distribution for the Zepto ransomware, Spam Email. Locky/Zepto continue to be well known ransomware variants and as such we will focus on the spam email campaign. We found 137,731 emails in the last 4 days using a new attachment naming convention. It was just coincidence that the number is a palindrome. The naming choice this time for this spam campaign is “swift [XXX|XXXX].js”, where ‘X’ is some combination of letter/numbers we have seen both 3 and 4 char strings after the “swift” name. This began Monday 27th June with approx 4000 emails being caught within our Email Security Appliances (ESA). This started to ramp up over the next few days, with spikes occurring around 7-10pm UTC and 7-10am over the next 4 days.

Read More >>

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group

Leave a Comment
Avatar

Live #CiscoChat on July 7th for a “Sneak Peek” of Cisco Live 2016

Cisco Live is Cisco’s most important event of the year. A combination of in-person events, online experiences, and virtual engagements on multiple platforms, it unites technology leaders from all over the world to create digital opportunities that fuel both personal and corporate growth. This year, Cisco Live will be held in Las Vegas, NV from July 10th-14th. But you can get a sneak peek of what’s happening ahead of time, with our #CiscoChat on Thursday, July 7th, from 9:30-10:30am PT.

CIS_218_CiscoChat_SP_Facebook_063016

We’ll be joined by a number of Cisco’s official Twitter channels and the minds behind them, including Global Marketing and Program Manager Kathleen Mudge on the @CiscoLive channel, Marketing Manager Brian Remmel on the @CiscoSecurity channel, Program Manager Janel Kratky on the @CiscoDevNet channel (Cisco’s developer program), and Collaboration Marketing Manager Kim Austin and Social Media Manager Lauren Colson on the Cisco Collaboration channel (@CiscoCollab).

They’ll talk a bit about what you can expect from this year’s Cisco Live event, including keynote speakers, panel discussions, the integration of digital and social media into the event, and much more. And of course, you’ll have the opportunity to ask your own questions and get the inside scoop on what’s going on this year at Cisco Live.

To participate in the chat:

  • Make sure you’re logged into your Twitter account.
  • Search for the #CiscoChat hashtag and click on the Live tab.
  • The chat will be moderated by the Cisco Live channel, @CiscoLive on Twitter. Be sure to follow the account to participate. They will begin welcoming guests at 9:30am PT (12:30pm ET) and posting questions for discussion.
  • For @ replies to specific participants in the discussion, please use a “.” at the beginning of the tweet, so that your question or comment will appear in your public twitter feed.
  • If you need multiple tweets to answer a question, please preface each tweet with “1A, 2A,” etc. in order to make it easier for others to follow along with the conversation.
  • Be sure to use the #CiscoChat hashtag at the end of each tweet, so that others can find your contributions to the discussion.

Don’t forget to bring your own questions to the discussion as well! See you there!

Authors

Avatar

Kathleen Mudge

Event Management

Leave a Comment
Avatar

Developing Cloud Native Applications Using the Cisco’s Open Source Shipped and Mantl Platforms

Software engineering and developer communities are driving the market for cloud consumption and leading each industry into a new era of software-defined disruption. There are no longer questions about elastic and flexible agile development as the way to innovate and reduce time to market for businesses. Open source software plays a key role in the transformation taking place to cloud native and understanding how your business strategy needs to address this next disruption in software development is crucial to the success of your business. The first key area is to automate your Software Development Life Cycle (SDLC). The modern SDLC for Software Disruption is shown below.

kenimage1

 

Cisco Shipped Developer Experience

The core of Cisco Shipped is modern, simple developer experience for cloud native development that addressed the modern SDLC. The project addresses both the developer needs in the build and deploy phases as well as the operations users in the run (monitor and metering) capabilities. Shipped leverages another open source project called Mantl for multi-cloud/data center deployments for a full container platform that supports Kubernetes and Mesos side by side.

kenimage2

 

I like to call this Hybrid Devops as developers will be developing in a mixed application mode for some time as they move from traditional and cloud models to containers. Also, there will always be a next generation capability that needs to be integrated to this model, so in effect, we are always moving from existing to next gen continuously. Shipped was designed to address this new hybrid model.

Cloud Native Model

The open source project Mantl provides a complete container platform. I use the term platform to represent both the hardware and software associated with delivering the software disruption transformation the enterprise is undertaking. A platform can only be a strong as the physical systems that comprise the hardware architecture of the platform. The security and performance of the underlying physical infrastructure is how your business differentiates. The infrastructure layer is still important to the overall experience as performance and security aspects of the stack require full integration of the physical and logical security components. Being able to optimize the network, compute, and storage resources in a fully automatic and consumption based economic model has been optimized to meet the business requirements.

The mantl curated container stack is shown below.

kenimage3

 

Mantl is an open source, end to end, integrated stack for running container workloads across multiple clouds. Mantl includes deployment automation and assurance and monitoring. We designed the project to be pluggable and grow into a hybrid platform to support application development and data services. With Mantl, enterprise grade networking (L2-4 and overlay), security (secret, AAA, network), and storage (persistent, object, and ephemeral) capabilities built in.

Mantl address a common problem in application orchestration – multi-orchestrator capabilities. There are several use cases and different types of orchestrators that address these use cases. Mantl’s design is extensible and today supports Mesos/Marathon, and/or Kubernetes, and/or Docker Swarm. What is important in a multi-orchestrator model is unification across the service discovery and load balancing to enable multi-cloud deployments – customer choice.

Application Intent

As I looked at the expanding gap between business requirements and infrastructure configuration components, a thought occurred to me to address the business SLAs by understanding the sensitivity of the application called Application Intent. In the definition here, we introduce the business goal of sensitivity. Sensitivity is defined as the degree to which the performance and response time of the application is to these parameters influencing the end users perception of the application performance. It’s best to consider it a scale of no sensitivity to high sensitivity that can be adjusted in real time by the perceptions of the performance being measured by the system and end users.

The Application Intent sensitivities are defined as:

  • Compute
    • CPU Sensitivity
    • Memory Sensitivity
    • Storage Latency Sensitivity or Volume Sensitivity
  • I/O
    • Latency Sensitivity
    • Throughput Sensitivity
    • Thresholds (Optional numerical value – ie 80 connections/sec)
  • Fault/performance
    • Recovery Sensitivity
    • Availability Sensitivity
    • Scale Sensitivity
  • Accounting – Cost Sensitivity

The configuration is shown below:

KenI5

 

Given these sensitivities, the policy system can create an SLA for the business objectives defined here. In addition to these sensitivities, there are hints that the policy system would like to understand. The first one has to do with dependencies:

  • Services
    • Service Affinity
    • Service Anti-Affinity
    • Security Policies (Data Classification)
  • Placement Policies
    • Host Affinity
    • Host Anti-Affinity
  • Availability Zones
    • Regions
    • Geo
  • Constraints – non-coexistence

 

The second has to do with limits and understanding the constraints on the policy

  • Metering Limits
    • IO
    • CPU
    • Memory
    • Connections/sec
  • Security Governance
    • Organizational Constraints (IE, HR, Legal, Engineering)
    • Data Type Constraints (Public, Sensitive, Confidential, Top Secret)
  • Operational Constraints
    • Encryption
    • Auditing
    • Log Retention

Given the sensitivities, dependencies, and limits, the developer can set initial application intent, measure the performance of this initial intent, and make changes based on the actual performance. The Data platform will then be able to enhance the application capabilities in almost real-time to provide the performance and scale the business requires. Over time, the community will continue to add more intelligence into the intent model and enforcement engine.

The runtime view is shown below:

kenI2

 

Come Join Us

We hare hosting several sessions at Cisco Live in the Devnet zone (see below). If your attending Cisco Live US in Las Vegas, please sign up for the sessions of interest as space fills up quickly!

 

Developing Cloud Native Applications Using the Shipped and Mantl Platforms – A Technical Overview

Session ID: DEVNET-1065Kenneth Owens, CTO, Cisco

SCHEDULE Tuesday, Jul 12, 12:00 p.m.

 

Introducing Cloud Development with Project Shipped and Mantl: A Deep Dive

Session ID: DEVNET-1202Brian Hicks, Cisco

SCHEDULE Tuesday, Jul 12, 9:00 a.m.

 

Shipped & Mantl – The Business Case for Using an Integrated Cloud Development Platform
Session ID: BRKDEV-1003Kenneth Owens, CTO, Cisco

SCHEDULE Wednesday, Jul 13, 1:30 p.m

 

Deploying Applications with Cisco Shipped and Mantl – A Technical Deep Dive

Session ID: DEVNET-2027Fabio Giannetti, Principal Engineer, Cisco Systems

SCHEDULE Thursday, Jul 14, 11:00 a.m.

 

Tenant Container Monitoring in Shipped

Session ID: DEVNET-2031Fabio Giannetti, Principal Engineer, Cisco Systems

SCHEDULE Wednesday, Jul 13, 9:00 a.m

 

Devnet Workshop – Deploying Applications with Cisco Shipped and Mantl

Session ID: DEVNET-2028Kenneth Owens, CTO, Cisco

SCHEDULE Monday – Thursday, Jul 11, 9:00 a.m

 

Devnet Workshop – Mantl: How to use it

Session ID: DEVNET-2030
Ken Owens, CTO, Cisco

SCHEDULE Monday-Thursday, Jul 11, 10:00 a.m.

Authors

Avatar

Kenneth Owens

Chief Technical Officer, Cloud Infrastructure Services

4 Comments
Avatar

Building a Secure Architecture with Cisco SAFE

The biggest challenge in securing companies today is complexity. Too many attacks, but also, too many defenses. And, they keep growing. Maddening.  But, there is a new security reference that simplifies this Herculean task. Cisco SAFE uses a model and a method to guide you.

Box

SAFE uses a model to organize the network into logical areas called places in the network (PINs). Each PIN has common business use cases that require common security capabilities.

PINs
Cisco SAFE Places in the Network

 

 

 

 

 

 

 

 

 

By understanding how your business flows through out each of the PINs, you are able to tie them to security requirements. SAFE eases this challenge by providing:

  • New icons that represent the 3 phases of the SAFE model: Capability, Architecture and Design.
  • A method that customizes the model to your environment using your policies, threats and risk concerns.

How Does The SAFE Model and Method Work Together?

Let’s take an example for one of the locations; the branch, to show you how SAFE uses a model, a method and icons to secure the business. The branch can be configured to support any industry and we will use retail in this example.  How is the retail business and network security related?

  • What if the store’s wireless network is attacked and services to employees and customers are cut off?
  • What if an attack steals from the credit card machines?
  • What if the store falls out of compliance, and is subjected to hefty fines?
  • What if customer’s identities are stolen?

These are just some of the critical questions for both the business and technical sides of the house. The Francisco’s Supermarket chain wants to ensure that they are secure and able to support the business within their 800 stores across the US.

The SAFE Method for Francisco’s Retail Store

Step 1. Identify Francisco’s goals

Francisco’s wants to secure their store branch locations.

Step 2. Break Francisco’s network into manageable pieces

Francisco’s stores have three business use cases that the network must secure.

  • Store Associates – Take credit card payments on the network.

oStore Associates - Take credit card payments on the network.

  • Store Manager – Needs wireless access for his tablet to connect to central corporate for daily pricing specials

Yellow circle guy

  • Third-Party Vendor Access – The heating and air conditioning is provided to the stores by a contractor. They are a third-party that monitors Francisco’s equipment using the store network.

Purple circle man

Step 3. Develop criteria for success of the business

Francisco’s has ranked their store business processes in this order:

  • Credit card machines = Priority 1
  • Wireless access to central corporate services= Priority 3
  • Vendor access for HVAC company= Priority 2

 

Step 4. Categorize the risks, threats, and policies

Francisco’s makes a list of all of the business needs at a location along with policies, risks, and threats that could be present in each of their store branches.

What are the policies? Francisco’s Chief Security Officer has three primary policies:

  • Zero trust – Everyone must be identified on the network
  • Restrict access to credit card zones – Must be PCI compliant
  • All systems patched up to date within one month of release – Ensure devices remain secure from vulnerabilities

What are the risks and threats? Francisco’s identifies five major risks and threats.

  • Business outage due to a security incident
  • Lack of segmentation allows for easy exploit spread
  • Loss of customer information and credit card data
  • Custom application exploits and vulnerabilities
  • Vendor access could cause compromise

By combining the policy, risk, and threat concerns with the business objectives, you can design with a holistic picture of what is important. The next step is to create the solution and depict it using the SAFE icons so that it is easy for the customer to understand.

Step 5. Build the security solution

Knowing the business requirements, policies, risks, and threats, create your solution using the three phases of the SAFE Method.

Capability Phase

  • Francisco’s priority is for credit card transactions to remain secure and available.

Green circle woman

Based on the policy, risks, and threats, what security capabilities are needed for this business flow?

safe-10

SAFE Capability Diagram: Credit Card Clerk required security capabilities
SAFE Capability Diagram: Credit Card Clerk required security capabilities

Architecture Phase

In the architecture phase, logically arrange the capabilities for the credit card transaction into a business flow architecture. This simply means that you will place the security capabilities where they would logically be used to secure that flow.

SAFE Architecture Diagram: Credit Card business architecture using required security capabilities.
SAFE Architecture Diagram: Credit Card business architecture using required security capabilities.

Then, do the same exercise with the “Manager use case” and the “third party (vendor access) use case.” Ensure that they flow through the capabilities needed to secure them.

SAFE Architecture Diagram: Credit Card, Manager and Vendor business architecture using required security capabilities
SAFE Architecture Diagram: Credit Card, Manager and Vendor business architecture using required security capabilities

Design Phase

Knowing the business architecture, you can now create a design that matches the business requirements. The output will be a direct mapping of the business concerns to the security within the network.

SAFE Design Diagram: Francisco’s store Design
SAFE Design Diagram: Francisco’s store Design

These designs will have specific models with the required interfaces and software images. By providing pricing, business justification can be directly mapped to the technology and priority that was captured in the third step.

SAFE provides a model for reference, a method to customize it, and icons to document with. Security isn’t simple, but you can use SAFE to help simplify it.

Visit cisco.com/go/SAFE to learn more.

 

 

 

 

Authors

Avatar

Christian Janoff

Enterprise Architect, Compliance

Security Technology Group