Lucidity is a fast growing SaaS strategy platform based in Brighton that helps companies of all sizes create and execute their business strategies. We spoke to Tom Ricca-McCarthty to ask why security is important to them and get his perspective on how he and his team consider security to be a top priority for them
I’m one of the founders of Lucidity and was previously CEO of a larger SaaS business
Well, having dealt with lots of personal data in the previous business, in lots of jurisdictions, I was well aware of the critical nature of data security. In Lucidity, where we carry our customers’ strategy information, then we had the obvious obligations of protecting our customers’ data, ensuring we are compliant with any regulation where we operate, making sure the team are aware of our and their accountabilities and of course building a great product that is secure and helps our customers be secure too.
It hasn’t really. We are not a team of beginners, we’ve all been around the block, we knew what we needed to do from the start and so we haven’t really changed our approach in the last 12 months. Of course we watch what’s going on both technically and commercially and keep abreast of developments and threats in the security space.
Well without going into too much detail we use encryption wherever we can, we have measures around passwords both in the product and as a team, we peer-review code for security reasons and we regularly use third-party services to test and highlight anything we didn’t spot. Any third-party tools we use are audited. Within the product, we have a number of features for our users to provide additional security around their own strategy information.
See above – I won’t go into more detail for obvious reasons.
Really important. Our customers use our platform to understand, build and manage their business strategy. So of course, there is some sensitive thinking in there that needs to be protected.
Well he’s pretty sharp in the first place to be our CTO. He’s a keen observer of tech industry progress and trends so of course security is a regular theme for him. He is a member of a few CTO groups who discuss security and additionally we organised a very experienced/successful SaaS CTO as one of his personal mentors so that also provides a good source of information/sounding board for security best practice and insight into what other SaaS businesses are up to.
We have a CTO for that.
Despite the flippancy above, you need to take it seriously. Personal leadership, modelling behaviours etc should be a given. On the strategy planning side you ought to have a clear business strategy, that business strategy ought to contain a Strategic Objective around Operational Excellence or something like that. That needs to contain some Goals/KPIs around security best practice. In terms of the teams then your CTO needs to understand they need to keep the CEO & the company off the TV. That’s in their job description. Because that’s what happens with a large breach. There needs to be a visible Infosec policy in the business and HR needs to make sure that there is clear security policy in employment contracts. Everyone needs to take responsibility but it’s up to managers to make sure everyone is aware of that. And in line with best practice strategic management, this should be reviewed regularly by the management team – monthly, quarterly. So security needs to be part of your business strategy with awareness and responsibility going right across and down through the teams – well communicated on a regular basis.
Hope isn’t a strategy.
Lucidity is a SaaS platform used by companies to build and execute their business strategies. The team at Lucidity are passionate that strategic planning doesn’t need months of work and an MBA. Lucidity makes it super easy for teams to formulate a winning strategy, get your people excited and execute it perfectly, saving time & money.
We spoke to Jim Turner, CEO of Customer Thermometer for his take on SaaS securityRead Article >