: Who wakes up at 3 AM when the key rotation fails? (The L3 engineer in Bangalore).
Consider the top row: . Here, the business asks: Why are we securing this asset? The answer might be: “To protect customer credit card data so we don’t lose trust or face fines.” sabsa architecture matrix
: Which specific products? (Model X crypto-card, firmware v2.1). : Who wakes up at 3 AM when the key rotation fails
Now drop down to the row. The architect asks: What are we doing? Answer: “Implementing a data-centric encryption strategy.” Here, the business asks: Why are we securing this asset
In the world of enterprise security, we are drowning in checklists. We have compliance matrices, risk registers, control frameworks, and threat models. Most of these tools share a common flaw: they are two-dimensional. They tell you what to do, but rarely who should do it, why it matters, or when it becomes obsolete. Enter the SABSA Architecture Matrix—a deceptively simple six-by-six grid that looks like an accountant’s spreadsheet but behaves like a master architect’s compass.
Descend to : How is the system structured? (Encryption key management system, access control lists).
: Where do the actual machines sit? (HSMs in a locked data center).