The biggest challenge in securing companies today is complexity. Too many attacks, but also, too many defenses. And, they keep growing. Maddening.  But, there is a new security reference that simplifies this Herculean task. Cisco SAFE uses a model and a method to guide you.


SAFE uses a model to organize the network into logical areas called places in the network (PINs). Each PIN has common business use cases that require common security capabilities.

Cisco SAFE Places in the Network










By understanding how your business flows through out each of the PINs, you are able to tie them to security requirements. SAFE eases this challenge by providing:

  • New icons that represent the 3 phases of the SAFE model: Capability, Architecture and Design.
  • A method that customizes the model to your environment using your policies, threats and risk concerns.

How Does The SAFE Model and Method Work Together?

Let’s take an example for one of the locations; the branch, to show you how SAFE uses a model, a method and icons to secure the business. The branch can be configured to support any industry and we will use retail in this example.  How is the retail business and network security related?

  • What if the store’s wireless network is attacked and services to employees and customers are cut off?
  • What if an attack steals from the credit card machines?
  • What if the store falls out of compliance, and is subjected to hefty fines?
  • What if customer’s identities are stolen?

These are just some of the critical questions for both the business and technical sides of the house. The Francisco’s Supermarket chain wants to ensure that they are secure and able to support the business within their 800 stores across the US.

The SAFE Method for Francisco’s Retail Store

Step 1. Identify Francisco’s goals

Francisco’s wants to secure their store branch locations.

Step 2. Break Francisco’s network into manageable pieces

Francisco’s stores have three business use cases that the network must secure.

  • Store Associates – Take credit card payments on the network.

oStore Associates - Take credit card payments on the network.

  • Store Manager – Needs wireless access for his tablet to connect to central corporate for daily pricing specials

Yellow circle guy

  • Third-Party Vendor Access – The heating and air conditioning is provided to the stores by a contractor. They are a third-party that monitors Francisco’s equipment using the store network.

Purple circle man

Step 3. Develop criteria for success of the business

Francisco’s has ranked their store business processes in this order:

  • Credit card machines = Priority 1
  • Wireless access to central corporate services= Priority 3
  • Vendor access for HVAC company= Priority 2


Step 4. Categorize the risks, threats, and policies

Francisco’s makes a list of all of the business needs at a location along with policies, risks, and threats that could be present in each of their store branches.

What are the policies? Francisco’s Chief Security Officer has three primary policies:

  • Zero trust – Everyone must be identified on the network
  • Restrict access to credit card zones – Must be PCI compliant
  • All systems patched up to date within one month of release – Ensure devices remain secure from vulnerabilities

What are the risks and threats? Francisco’s identifies five major risks and threats.

  • Business outage due to a security incident
  • Lack of segmentation allows for easy exploit spread
  • Loss of customer information and credit card data
  • Custom application exploits and vulnerabilities
  • Vendor access could cause compromise

By combining the policy, risk, and threat concerns with the business objectives, you can design with a holistic picture of what is important. The next step is to create the solution and depict it using the SAFE icons so that it is easy for the customer to understand.

Step 5. Build the security solution

Knowing the business requirements, policies, risks, and threats, create your solution using the three phases of the SAFE Method.

Capability Phase

  • Francisco’s priority is for credit card transactions to remain secure and available.

Green circle woman

Based on the policy, risks, and threats, what security capabilities are needed for this business flow?


SAFE Capability Diagram: Credit Card Clerk required security capabilities
SAFE Capability Diagram: Credit Card Clerk required security capabilities

Architecture Phase

In the architecture phase, logically arrange the capabilities for the credit card transaction into a business flow architecture. This simply means that you will place the security capabilities where they would logically be used to secure that flow.

SAFE Architecture Diagram: Credit Card business architecture using required security capabilities.
SAFE Architecture Diagram: Credit Card business architecture using required security capabilities.

Then, do the same exercise with the “Manager use case” and the “third party (vendor access) use case.” Ensure that they flow through the capabilities needed to secure them.

SAFE Architecture Diagram: Credit Card, Manager and Vendor business architecture using required security capabilities
SAFE Architecture Diagram: Credit Card, Manager and Vendor business architecture using required security capabilities

Design Phase

Knowing the business architecture, you can now create a design that matches the business requirements. The output will be a direct mapping of the business concerns to the security within the network.

SAFE Design Diagram: Francisco’s store Design
SAFE Design Diagram: Francisco’s store Design

These designs will have specific models with the required interfaces and software images. By providing pricing, business justification can be directly mapped to the technology and priority that was captured in the third step.

SAFE provides a model for reference, a method to customize it, and icons to document with. Security isn’t simple, but you can use SAFE to help simplify it.

Visit cisco.com/go/SAFE to learn more.






Christian Janoff

Enterprise Architect, Compliance

Security Technology Group