Barry Hochfield, Cutitronics Co-Founder & Non-Executive Chairman
When I first became involved in the Cutitronics journey some 5 years ago a key aspect that became a focus for me was the overall product and systems architecture and strategy. Once it became clear that we were to include a digital experience for both end consumers and skincare brands, major concerns about the role of IT security in what is to be a major mass market consumer offering came to the fore. To address these concerns, we first asked ourselves the usual IT Security Analysis questions:
- What are the key assets that need protected?
- What are the key threats?
- What might be a breach’s likelihood and impact?
- What do we need to do to protect ourselves to what degree?
- Do we need to prevent or just detect anomalies, fraud?
etc etc… but we also asked ourselves…
How do we ensure our security is a help and not a hindrance to our users?
From my 35+ something years' experience in the IT sector (at Apple, Mastercard et al) I’ve seen cases where security aspects of doing business are applied with inadequate thought as to how they may affect a business’s day to day operations, and I’ve learned along the way that the best security needs to be virtually invisible to the honest user; nobody wants to waste time or effort managing their way through awkward or intrusive security when all they want to do is get on and enjoy the benefits of the products or services they are trying to access. Having said that an appropriate level of security must still be implemented and so to ‘square this circle’ one must have an engineering mindset and quantify the issues.
There’s no barrier made by humans, that can’t be breached by humans, so the essential art of the security analyst is to define and build barriers that are just high enough to deter a breach; but how do we do this? Well first we quantify the value of the assets the barrier is to protect, then estimate the corresponding effort a hacker has to expend in their attempt to compromise said asset. We then define and build barriers ‘high enough’ such that the hacker is stuck with negative ROI i.e. it costs him more in effort and resources to break through our barriers than the value of the assets on the other side, and so the hacker has no incentive to attack and goes looking elsewhere, all while endeavouring to make said barriers as invisible to the honest user as practical.
In the case of Cutitron® our most valuable asset from the end users’ perspective is the skincare formulation delivered from our Smart Cartridges. To protect this, we have developed an eco-system that ensures absolute practical authenticity of the formulations Cutitron® delivers. Based on the some 100+ collective person-years' experience within the Cutitronics R&D team, we are deploying IT security-enforcing techniques and technologies, that have already proven themselves robust and fit-for-purpose so the brands and their end users can rest assured they shall enjoy a seamless security experience with only genuine product involved.
Share this article