During Cybersecurity Awareness Month, we delved into the role of security in the cloud technology with Kevin Smith, CTO at Lucanet, and Daniel Dragas, Information Security Manager at Lucanet. Our discussion covered how Lucanet uses cloud-native technologies to ensure robust state-of-the-art security while enhancing scalability and performance, to deliver seamless customer experiences. From implementing AI advancements to adopting "shift-left" security practices, discover how Lucanet is navigating the digital landscape while maintaining a strong security posture.
Kevin, can you please describe your experience with cloud-native technologies, and how you are leveraging them to enhance Lucanet's service offerings?
Kevin Smith: "I've been fortunate to work on a number of SaaS products and platforms prior to joining Lucanet. At a previous company, we built a greenfield, cloud-native, microservices SaaS platform in the commodities market data space (both real-time, end-of-day data and intelligence data). It was a pretty sophisticated platform, and we had a lot of fun building it! I've also led teams modernizing legacy platforms and migrating them to the cloud, containerizing workloads, and deploying them to Kubernetes clusters, leveraging cloud-native services. Lastly, I consulted on various SaaS platform initiatives while at Hg Capital.
You learn a lot when building and migrating platforms like these, and sometimes those are hard-earned lessons. Nonetheless, those prior experiences and others have shaped the way we are approaching Lucanet's CFO Solution Platform."
A unified platform for seamless customer success
Kevin Smith: "At Lucanet, first and foremost, we are building a platform, which requires a slightly different mindset. Once the foundational building blocks are in place, you can accelerate progress while delivering a superior customer experience. We are building the platform using cloud-native technologies, which gives us an edge in scalability, availability, security, and fast time to market.
To pick an example, modern cloud-native technologies allow products to be deployed across multiple availability zones, meaning solutions can tolerate the failure of an entire data center with minimal customer interruption., The architectures I had built earlier in my career with the technology available at the time, required a massive amount of engineering effort to ensure maximum uptime and availability across different zones. . Now, it’s a configuration option in the cloud! By standing on the shoulders of giants like AWS (the hyperscalers), we can deliver a superior experience for our customers. As we evolve our product offerings and bring all our products onto the platform, we are creating a single source of truth for our customers' data. This is incredibly powerful in enabling them to achieve their jobs seamlessly."
Prioritizing technology investments
How do you prioritize technology investments to support a seamless transition to cloud services while ensuring alignment with business goals?
Kevin Smith: "We have a very clear vision for our CFO Solution Platform, this is a multi-year strategy that we are already some way into. Our investments are aligned to our vision, we have a balance between ensuring timeliness of delivering value to our customers and having a robust foundation that will stand the test of time.
We prioritize on managing the complexity successfully without compromising on the flexibility or scalability. We also prioritize work that is of a strategic nature and that is an enabler for future work. In practice, this means we employ a modular approach that prioritizes essential strategic components, for example the control plane, which enables platform manageability and operational efficiency. Once these fundamental elements are established, we proceed to develop additional building blocks. We do this because it allows us to deliver efficiencies, and a consistent, high-quality customer experience through automation, those early investments pay back dividends throughout the life cycle of the programme. When building the platform, our goal is to delight our customers, our core product values guide us through this process: out-of-the-box, easy to use, quick time to value."
Exploring AI and machine learning
What role do you see emerging technologies, like AI and machine learning, playing in the evolution of cloud services at Lucanet?
Kevin Smith: "Our strategy with all new technologies that look very capable is to firstly understand them, and then understand how might leverage them to get an edge, either operationally or to help us deliver value to our customers. We've all seen the incredible advancements that large language models (LLM's) have made over the last 2-3 years, we've been experimenting with LLM's for some time, we are very excited by this new and highly capable technology.
This month we released our first GenAI-powered product capability which we are super proud of – its pretty mind blowing, it will deliver massive productivity gains to our customers and really help to ease their pain with XBRL tagging. We have a number of other initiatives that we're working on currently, over the coming weeks, months and beyond, we will be releasing these and other GenAI capabilities where we see good use cases to really enhance our products, so watch this space!"
Strategies for cybersecurity and compliance
Daniel, can you please describe your journey into cybersecurity and how your background has influenced your approach to balancing security and compliance at Lucanet?
Daniel Dragas: "I was fortunate to enter the field of information security/cybersecurity driven by curiosity, a touch of nerdiness, and supportive mentors who trusted in my abilities. My background focused on operational excellence, process management and played a key role. This journey progressed further when Lucanet partnered with Hg Capital. We successfully continued to pursue a strategy of robust and best-in-class safety.
While regulatory compliance provides the foundation, security involves broader risk management strategies - often aligned as 'best practices'. As a leading cloud-based technology company, our strategy is to adopt compliance frameworks that seamlessly integrate with our security practices, ensuring that all regulatory standards are fulfilled within our security processes. We adhere to ISO27001, ISO27017, and ISO27018 standards and have recently achieved SOC1 and SOC2 Type 2 compliance. By fostering a culture that emphasizes security, we naturally achieve compliance, ensuring robust protection for Lucanet’s cloud services and our customers' data."
Building a layered security approach
What mechanisms did you implement to foster security at Lucanet?
Daniel Dragas: "We have implemented a layered security strategy starting with integrating the security POV early in the development process, a concept known as 'shift-left.' This involves incorporating security testing into CI/CD pipelines, enabling developers to identify and address vulnerabilities as code is written. To foster a culture of openness and continuous improvement, regular training programs and hackathons are conducted to raise security awareness among all teams. Additionally, we establish opportunities for feedback loops and open communication channels to encourage the sharing of security insights and best practices, ensuring that everyone at Lucanet is engaged in enhancing our security posture continuously."
How are you balancing the need for robust security measures with the flexibility required by cloud environments?
Daniel Dragas: "We utilize AWS infrastructure, which ensures a shared service model. This means AWS provides components we can build on. I advocate for the adoption of robust Identity and Access Management (IAM) and zero-trust models, which enhance security without compromising usability. Additionally, by using SecDevOps practices, we can integrate security into the development process, ensuring that security considerations are addressed without hindering innovation or agility."
Since it is Cybersecurity Awareness Month: Give us your top 5 for a resilient (personal) cyber footprint/life.
Daniel Dragas:
- Use a password manager (that is not built into your browser) with different passwords for each service.
- Use multi factor authentication (app is good enough) for all important accounts.
- Regularly update your software and devices, don’t support vendors that sell obsolete products.
- Be cautious what information you share online – in times of AI your voice, your looks your gestures can be mimicked with a single prompt. (Have a safe word with people as a personal MFA.)
- Stay informed on (phishing) threats and trends. Be vigilant and skeptical of unexpected communications.
Mastering the future of cybersecurity with Lucanet
At Lucanet, we're redefining the future of cloud technology and cybersecurity. By integrating innovative solutions with robust security, we lead the charge in today's digital landscape. Explore how our CFO Solution Platform can elevate your business. Discover the tools and security we offer for tomorrow's challenges.
