Click here to sign up for a Free RiskTree trial >>

Security Architecture


Cyber Security Expertise

2T Security architecture pyramid
Risk Analysis
Security Review
Security Architecture
Security Monitoring

Security architecture is the foundation of your cyber security defence.

We are vendor independent and we are able to manage every aspect and all levels of security. That means you get the objectivity you need to bring clarity to your project. And it frees other architects and specialists to focus on your project outcomes.

We thrive on making the most complex security issues manageable, and this starts with the architecture. We can design your systems, oversee the procurement, create documentation and set-up procedures.

We offer all the help you need and nothing you don’t. We’ll up-skill your in-house team or manage everything autonomously. Our business model flexes to fit yours.

2T Security provides a vendor-independent service to assist clients in the design and delivery of their solutions. We manage all security aspects within a design programme of work, so that other architects and specialists can focus on the business solution. We also support design for complex security challenges, and have experience of working across all levels of security. We can help with selection and procurement processes, system design and documentation, as well as the relevant procedures for their use. Our philosophy is to provide only the amount of help and support that is required; we are happy to provide knowledge transfer to enable the sustainable running of the services through in-house teams, or we can work autonomously and deliver a solution that allows the client to focus on their core business functions.

We have experience of requirements specification, design, procurement, build, and run of systems, solutions and environments at all security levels. In particular, we can help with enabling safe data transfer across Protectively Marked domains, for example, where “isolated” environments are required, but data such as anti-malware and anti-virus updates are required to be automatically sent to the environment. We have developed “template” designs that have survived the rigours of NCSC review, and are proven in the field.

Key Benefits

  • Rapid design and deployment of new environments - hardware lead-time is measured in weeks rather than months.
  • We help define environmental strategies to ensure that the environment aligns with the longer term business plans and technical strategy of our clients.
  • Modular approach to functionality - we can rapidly deliver a minimal set of requirements for our client's immediate needs, which can then be augmented in stages to support enhanced requirements.
  • Template designs that have been developed with, and peer reviewed by colleagues in the NCSC architecture team.
  • Automation of onerous tasks to enhance security through consistency and timely execution.
  • Advice and designs to enable data transfer between Protectively Marked domains, either manual or automated depending on the requirement and business benefit.


The provision of a new solution, environment or system, especially for higher sensitivity levels, can be a complex and time-consuming task. We can help with many of the steps needed, including:


  • Establishing requirements for the environment, including both the business requirement and the IA requirement and constraints.
  • Tactical and strategic design for the environment.
  • Procurement of equipment for the environment.
  • Delivery of the environment.
  • Initial configuration and installation of the environment.
  • Development of procedures for administration and use of the system.
  • Training to enable in-house administration of the environment.
  • Ad-hoc support for the environment on a call-off basis.
  • Deployment utilising both virtualisation as a separation mechanism as well as physical segregation, aligned with the threat to the environment.
  • Design of Security Enforcing Functions to enable and control data flow between Protectively Marked domains, that provide robust security and are capable of being highly assured for their function.
  • Design of local environment to enable remote connection to G-Cloud capabilities, to comply with the appropriate Code of Connection.


Our design service can help provide solutions to infrastructure issues, including:


  • Client-Server networking
  • Wide area network and remote site interconnectivity
  • Local segregation and DMZ designs
  • Network-based encryption
  • Firewalls - virtualized, software and hardware
  • User directories and central account management
  • Centralized endpoint management
  • Data import into high-side environment (manual or automated)
  • Data export from high-side environment (manual or automated)
  • Anti-virus and anti-malware services
  • Centralized patch management
  • Network port security (only authorized endpoints can connect)
  • Centralized event collection and storage