Barry Hochfield: The Cutitronics Approach to Digital Security
When I first became involved in the Cutitronics journey some 4 years ago, a key aspect that became a focus for me was the overall product and systems architecture and strategy. Once it became clear that we were to include a digital experience for both the end consumers and the skincare brands, major concerns about the role of IT security in what is to be a major mass market consumer offering came to the fore.
To address these concerns we first asked ourselves the usual IT Security Analysis questions:
- What are the key assets that need to be protected?
- What are the key threats?
- What might be a breach’s likelihood and impact?
- What do we need to do to protect ourselves and to what degree?
- Do we need to prevent or just detect anomalies, fraud?
etc etc… But we also asked ourselves…
How do we ensure our security is a help and not a hindrance to our users?
From my 35+ something years experience in the IT sector (at Apple, Mastercard et al) I’ve seen cases where the security aspects of doing business are applied with inadequate thought as to how they may affect a business’s day-to-day operations. And I’ve learned along the way that the best security needs to be virtually invisible to the honest user; nobody wants to waste time or effort managing their way through awkward or intrusive security when all they want to do is get on and enjoy the benefits of the products or services they are trying to access. Having said that an appropriate level of security must still be implemented and so to ‘square this circle’ one must have an engineering mindset and quantify the issues.
There’s no barrier made by humans, that can’t be breached by humans, so the essential art of the security analyst is to define and build barriers that are just high enough to deter a breach; but how do we do this?
Well, first we quantify the value of the assets the barrier is to protect, then estimate the corresponding effort a hacker has to expend in their attempt to compromise said asset. We then define and build barriers‘ high enough’ such that the hacker is stuck with negative ROI i.e. it costs him more in effort and resources to break through our barriers than the value of the assets on the other side, and so the hacker has no incentive to attack and goes looking elsewhere, all while endeavouring to make said barriers as invisible to the honest user as practical.
In the case of CutiTron our most valuable asset from the end users’ perspective is the skincare formulation delivered from our Smart Cartridges. To protect this we have developed an eco-system that ensures the absolute practical authenticity of the creams and lotions CutiTron delivers. Based on the 100+ collective person-years experience within the Cutitronics R&D team, we are deploying IT security-enforcing techniques and technologies, that have already proven themselves robust and fit for purpose so the brands and their end users can rest assured they shall enjoy a seamless security experience with only genuine product involved.
If you want to know more about how our game-changing device and digital platform technology can integrate with your business, visit our stand G60 at in-Cosmetics Global from 17-19th April.