All Services

From back-end infrastructure to personal productivity, Ergo has the knowledge and experience to match technology to all our client requirements. Our strength is understanding your business. The end goal is always the same, to make businesses more agile and competitive.

More About Our Services
Managed Services

Focus on your core business and leave ICT operations and management to the experts. From 24/7 service desk support to managing hybrid clouds, Ergo have the depth and experience to meet the most demanding service level requirements and ensure continuous improvement. 

More About Managed Services

Highlighted Services

Managed People

Competition for talented technology professionals is huge, which is why we make hiring more personal, taking time to match the right people to the right roles. Our technical experience and recruiting know-how help find the perfect fit for both parties.  

More About Managed People

Highlighted Services

Consultancy Services

Speed of change demands a new generation of digital investments that will drive business enablement and profitability. We support IT leaders, wherever they are on their digital transformation journeys, with our digital assessment methodology. 

More About Consultancy Services

Highlighted Services

Print and Document Solutions

Our goal is to deliver the best possible print and document service for you, leveraging the latest technologies and innovation to ensure the performance of your print environment is optimised to maximise employee productivity.  We take out costs, add efficiencies, wrap it in end-to-end security and make print integral to digital transformation. 

More About Print and Document Solutions

Highlighted Services

Cloud

Agility is key to business success and the cloud is where to get it. We offer a wide range of cloud services – public, private, hybrid – and provide the best of both worlds by integrating or migrating legacy systems to streamline the way your IT is consumed. 

More About Cloud

Highlighted Services

Digital Enablement

Ergo provides a clear roadmap for digital transformation with practical steps to make businesses more agile and customer-centric

More About Digital Enablement

Highlighted Services

Mobility and Collaboration

Ergo has provided many of Ireland’s largest organisations with an ecosystem of mobile applications and collaboration services that drive productivity without compromising on security

More About Mobility and Collaboration

Highlighted Services

Software Licensing

Businesses struggle to manage software assets and don’t always get the best value. We can help streamline your software purchasing, simplify deployments and maximise your investments. 

More About Software Licensing

Highlighted Services

Security, Risk and Compliance

Risks around cyber security and data protection are an ever-increasing challenge for businesses. We provide security lifecycle management, from perimeter testing and threat analysis to mitigating the impact of a breach. 

More About Security, Risk and Compliance

Highlighted Services

Microsoft Technology Specialisations

With the largest team of Microsoft IT professionals in Ireland – including two Most Valuable Professionals our expertise spans a comprehensive portfolio of products/services

More About Microsoft Technology Specialisations

Type your query and press the "Search now" button

Security Architecture - From Zero to Hero: Part 1

Security Architecture - From Zero to Hero: Part 1

Read The Article
Security Architecture - From Zero to Hero: Part 1
Return to Blog

Security Architecture - From Zero to Hero: Part 1

Security architecture refers to a unified security design that addresses requirements and potential risks involved in a certain scenario or environment. It also specifies when and where to apply security controls.

Traditionally, and to the pain of security and technical teams alike, security tends to be bolted-on to any new solution. Changes, usually “urgent”, require that security controls are placed ad-hoc on a company’s estate, in order to meet the requirements of a particular project. Budget constraints and short timelines are usually quoted as the reason why a more holistic approach can’t be taken that would suit the security needs of the organisation, as a whole, in the long term.

The result of this?

You end up with a mismatch of tools and processes, which are a nightmare to monitor.

Security architecture will be the cornerstone of all subsequent solution implementations, whether cloud or on-prem, so getting it right first time, or as close to right as possible, will make for a more stable, more secure and more manageable estate, where change can happen quickly and with minimum adverse effect to performance and functionality.

Although security architecture will not be the same in every organisation, the factors to consider as input for shaping it, usually are:

Business requirements is an item that is often overlooked, however my golden rule for some time has been “security is there to enable the business”. There is no point in implementing great security controls if they cause the business to fail.

Enterprise architecture is another contributing factor, as a security architecture should align with the overall enterprise architecture. In most organisations, one would more than likely be in place, but potentially undocumented. It may be challenging to have something in writing if the organisation is not known for its good documentation, but it is imperative that you get that.

Both the business requirements and the technology architecture are items for which you’ll need to liaise with other business units, technology and otherwise.

Laws and regulations: GDPR, PCI-DSS, SOX etc. – these can vary widely depending on your country of operation

Standards and certitications: SOC2, ISO, NIST

Alignment with ISMS: Ideally your ISMS framework is implemented in a way that aligns with your chosen standard (e.g. ISO 27001). If not, it’s time you review and update your ISMS. At the end of the day, your ISMS is the FULL SET of policies, standards, and technical and physical controls that protect the CIA of your company’s information.

A lot of these will dictate your chosen security architecture framework: SABSA, TOGAF, Zachman, DoDAF (DOD architecture framework). That is if you go for one. Though open frameworks are considered “tried and tested”, what they do is they provide a guideline for planning and designing your security architecture. It does not necessarily mean you need to follow one in order for your architecture to be successful, and all-encompassing. Exposure to various security disciplines, a good head on your shoulders, genuine interest in security and hours spent on research, will probably have the same effect.

Need to re-think how your business is looking at security? Talk to an expert here.

News and Blog Posts

Get Compliant. Stay Compliant. 6 ways to stay GDPR proof, 6 months on
Diarmaid Flynn
02 November 2018 • Posted By Diarmaid Flynn Client Services Director

Get Compliant. Stay Compliant. 6 ways to stay GDPR proof, 6 months on

More and more, we have been hearing about companies who are not yet fully compliant with GDPR. In the latest...

Read now
Security Architecture - From Zero to Hero: Part 1
30 October 2018 • Posted By Nikos Vasileiadis IT Security Officer

Security Architecture - From Zero to Hero: Part 1

Security architecture refers to a unified security design that addresses requirements and potential risks involved in a certain scenario or...

Read now
Managed ICT Services: Diving in Deep
News 06 November 2018

Managed ICT Services: Diving in Deep

Read Now
Betting the Business on Big Data
News 06 November 2018

Betting the Business on Big Data

Read Now
Services in the Sky: Changing Clouds in a Shifting Landscape
News 05 September 2018

Services in the Sky: Changing Clouds in a Shifting Landscape

Read Now

Subscribe to Our Blog

Scroll to Top