Lucidity’s Perspective On SaaS Security

Tom Ricca-McCarthy

Lucidity is a fast-growing SaaS strategy platform based in Brighton that helps companies of all sizes create and execute their business strategies. We spoke to Tom Ricca-McCarthy to ask why SaaS security is important to them and get his perspective on how he and his team consider security to be a top priority for them.

Tell us about Lucidity and your role?

I’m one of the founders of Lucidity and was previously CEO of a larger SaaS business.

As an early-stage SaaS business what were your main security concerns when building your strategy platform?

Well, having dealt with lots of personal data in the previous business, in lots of jurisdictions, I was well aware of the critical nature of data security. In Lucidity, where we carry our customers strategy information, then we had the obvious obligations of protecting our customers data, ensuring we are compliant with any regulation where we operate, making sure the team are aware of our and their accountabilities and of course building a great product that is secure and helps our customers be secure too.

How has your approach to securing your SaaS platform changed over the last 12 months?

It hasnt really. We are not a team of beginners, weve all been around the block, we knew what we needed to do from the start and so we havent really changed our approach in the last 12 months. Of course we watch whats going on both technically and commercially and keep abreast of developments and threats in the security space.

What SaaS security best practices do you follow in your development process?

Well without going into too much detail we use encryption wherever we can, we have measures around passwords both in the product and as a team, we peer-review code for security reasons and we regularly use third-party services to test and highlight anything we didnt spot. Any third-party tools we use are audited. Within the product, we have a number of features for our users to provide additional security around their own strategy information.

What security measures do you offer against hackers and cyber threats to protect user data?

See above – I wont go into more detail for obvious reasons.

How important is cyber security to your customers?

Really important. Our customers use our platform to understand, build and manage their business strategy. So of course, there is some sensitive thinking in there that needs to be protected.

How do your CTO and developers keep up with the latest security trends?

Well hes pretty sharp in the first place to be our CTO. Hes a keen observer of tech industry progress and trends so of course security is a regular theme for him. He is a member of a few CTO groups who discuss security and additionally we organised a very experienced/successful SaaS CTO as one of his personal mentors so that also provides a good source of information/sounding board for security best practice and insight into what other SaaS businesses are up to.

What are the top 3 security risks that keep you up at night?

We have a CTO for that.

How should SaaS CEOs be driving cyber security across their organization?

Despite the flippancy above, you need to take it seriously. Personal leadership, modelling behaviours etc should be a given. On the strategy planning side you ought to have a clear business strategy, that business strategy ought to contain a Strategic Objective around Operational Excellence or something like that. That needs to contain some Goals/KPIs around security best practice. In terms of the teams then your CTO needs to understand they need to keep the CEO & the company off the TV. Thats in their job description. Because thats what happens with a large breach. There needs to be a visible Infosec policy in the business and HR needs to make sure that there is clear security policy in employment contracts. Everyone needs to take responsibility but its up to managers to make sure everyone is aware of that. And in line with best practice strategic management, this should be reviewed regularly by the management team – monthly, quarterly. So security needs to be part of your business strategy with awareness and responsibility going right across and down through the teams – well communicated on a regular basis.

What advice would you offer to CEOs when it comes to cyber security?

Hope isn’t a strategy.

About Lucidity

Lucidity is a SaaS platform used by companies to build and execute their business strategies. The team at Lucidity is passionate that strategic planning doesn’t need months of work and an MBA. Lucidity makes it super easy for teams to formulate a winning strategy, get your people excited and execute it perfectly, saving time & money.

Lucidity Strategy Software