Enterprise security architecture: An essential part of the digital economy

The Cyber Security Coalition is a collaborative platform in Belgium that brings together universities, government agencies, and the private sector to improve cybersecurity. By encouraging cooperation between experts from various fields, the Coalition promotes sharing knowledge, skills, and best practices to tackle the ever-changing landscape of cyber threats.  

Its goal is to create a safer digital environment through joint efforts and coordinated strategies, ultimately contributing to a stronger and more resilient cyberspace. 

Frank Souffriau is an Enterprise Security Architect at INNOCOM and co-chair of the Enterprise Security Architecture Focus Group within the Cyber Security Coalition. With extensive experience in cybersecurity, information security, and risk management across both the public and private sectors, he has played a vital role in ICT and critical infrastructure projects at both national and international levels.  

Frank has also worked across all three lines of defense in risk management, ensuring organizations have effective controls to manage and mitigate risks. 

How does the Cyber Security Coalition support cybersecurity efforts? 

The Coalition acts as a hub where experts from different industries come together to share insights and knowledge. This collaboration is crucial, especially for understanding new regulations like the NIS2 directive.  

The Coalition helps organizations make sense of these requirements and better manage their cybersecurity risks through shared expertise and collective problem-solving. 

What role does Enterprise Security Architecture (ESA) play in cybersecurity? 

ESA is essential for helping organizations handle complex cybersecurity challenges by aligning security strategies with business goals. It offers a structured way to manage cyber risks, helping to create long-term, sustainable security practices. 
As co-chair of the ESA Focus Group in the Cyber Security Coalition, I work with other experts to create reusable security assets that enhance organizations' overall security by leveraging shared knowledge and clearing common misconceptions about cybersecurity. 

Like? 

Many companies overestimate their cybersecurity effectiveness, even though they invest heavily in technology. This often happens because they underestimate how complex cybersecurity is, especially as digital transformation continues to evolve. It's vital that organizations continuously learn and collaborate to stay ahead of new threats. 

Cybersecurity should involve everyone in the organization, not just the IT or security department. A decentralized approach can help teams respond faster and build resilience, but it needs to be balanced with centralized oversight to keep the security strategy unified. 

What does a solid cyber resilience strategy look like? 

A solid cyber resilience strategy is based on understanding risks and involves the entire organization, from executives to employees, external partners, and suppliers. It’s about making cybersecurity part of every decision and action rather than seeing it as just a technical responsibility for a specific team. 

You co-author the Cyber Security Coalition whitepaper on Enterprise Security Architecture. What does this aim to achieve? 

The whitepaper examines organizations' growing digital risks and presents ESA as a strategic solution. It explains ESA, explains how it can be applied to organizations of all sizes, and highlights its benefits.  

The goal is to make ESA easier to understand, giving readers the tools to start discussions and implement tailored security strategies that meet their specific challenges. The whitepaper shows how ESA can help mitigate risks and build a strong cybersecurity framework by focusing on sustainable security planning that aligns with business goals. 

Despite ESA's clear strategic benefits, many organizations, even in cybersecurity, still need help understanding it. One reason is that aligning security with business objectives and the fast pace of digital changes can make ESA seem difficult to implement. Many organizations also find it hard to explain ESA’s advantages and put them into practice.  

The whitepaper helps bridge this gap by clearly explaining ESA’s role and how it can help organizations effectively manage cybersecurity risks in a structured, sustainable way.