Security Architecture Case Study
The experts at BTA are uniquely both architects and engineers who turned their years of experience into the proven methodology and automation for technology adoption called S.I.M.P.L.E. BTA specializes in helping companies implement complex nextgeneration technologies efficiently. BTA is a Cisco Digital System Integrator (DSI) Partner and has implemented Cisco for more than 500 enterprise data centers globally.
Founded in 1969, CGB Enterprises, Inc. is a global, multi-service company that assists grain farmers with the buying, storing, selling, and shipping of their crops, as well as providing financing and risk management.
As Gus Gelpi, Vice President of IT at CGB expressed, "People are our biggest threat. I don't think we can get around that, so I believe that the next step becomes building the tools to defend against what happens when that person does whatever they do. And that's when you start looking at micro-segmentation of your networks."
Cisco Secure Workload is the solution CGB chose to segment their network. The value of application segmentation is clear, as described by Gelpi, "How I would value that from a monetary position is that (Cisco Secure Workload) costs far less than even the premium on my cyber risk insurance. And it costs 100 times less than the cost of if my entire business goes down. When we're talking dollars and cents, we need to look at what we're protecting and the value of what we're protecting."
Cisco & BTA Solution
CGB found that Cisco Secure Workload was the only practical approach to first map application dependencies and then create and enforce policies ensuring isolation of application traffic. CGB had previously explored using Windows firewall rules and found their complexity made management impossible. Using application and network segmentation provided by Cisco Secure Workload, CGB could now implement defensible silos between business units. This separation limits the capability of a threat actor to gain access to the entire business in the instance of an attack. Traffic exists only where it is needed, which is within its own business unit. This approach was soon put to the test due to corporate M&A and the divesture of the insurance business unit. CGB was able to quickly and safely give the purchasers of their insurance unit access only to specific servers and workloads of that unit while blocking traffic to the others.
To architect and implement Cisco Secure Workload, CGB partnered with BTA for a successful outcome. As Steve Kitzinger, Director of IT said, "They have been instrumental in getting that product off the ground. We're well ahead of where we would have been without their help and we're extremely pleased with progress so far. The team we're working with as part of the engagement has been fantastic. There's been very little need for us to provide education. They've been able to really take it by the horns and not only get it implemented but allow us to learn as they're implementing." At BTA we use our S.I.M.P.L.E. process to effectively plan engagements with clients and deliver best-in-class time to value (TTV). Using the BTA process, architects, engineers, and the unique capabilities of Cisco Secure Workload, BTA implemented segmentation for CGB across more than 400 servers and workloads to better protect the CGB IT environments from external threats. "I would say that BTA knocked it out of the park," shares Kitzinger.