How We Think About Security

December 17, 2017

Our group of companies provide an incredible service for our customers, we work in a special space for them, helping them create something unique; a snapshot of a time and a place perhaps, the capturing of a memory, the gift that shows someone else how much they care for them. They trust us to be there for them and to protect those magical and intimate moments, it’s something we are proud to take very seriously.

Every day we produce tens of thousands of unique and complex items, we ingest millions of photos into our sites and store them, we support hundreds of colleagues in multiple sites across Europe, our data set is at petabyte scale and we add terabytes more every day.

Our own technology enables every aspect of what we do for customers, from our web sites to our factories we rely on our engineering teams to build, maintain and evolve our services to cope with our growing customer base, the pace of our product evolution and our ever changing manufacturing capabilities.

We are not your usual eCommerce business.

It’s not surprising that our old model of regular pen-tests, risk steering committees etc… wasn’t working, it couldn’t keep up with the pace of change; we were applying waterfall approaches to modern agile delivery. Our approach of applying rules and constraints on enormous complexity after it had been created was limiting our ability to deliver, we decided to rip up our old security playbook and start again.

We are building a security capability that can engage with all aspects of the business to enable and educate the organisation, creating security champions in all teams - security is becoming a part of everyone’s job.

We are implementing and creating advanced tools utilising AI to enhance our ability to detect anomalous behaviours across our technology estate, from our consumer facing websites to our colleagues devices.

The Security team are now working with our Engineering and Product teams to ensure secure design patterns and principles are used, baking this into the development process instead of trying to retro fit it afterwards.

We are working closely with authorities and regulators in multiple territories to ensure our compliance is transparent and to preserve our customers trust.

We agreed a framework that enables us to assess and progress our efforts in these areas:

  • Preserve customer Trust & comply with relevant regulation
  • Prevent security crisis by adopting a multi-defence security model
  • Create a digital Immune System to Detect and Respond to security incidents
  • Enable the group via modern Risk function and secure development practices
  • Educate our customers, security team and brands through innovation and creativity

Our new approach puts security at the heart of everything we do, from our architecture to our testing to our manufacturing.

If this sounds like your kind of thing then get in touch, we’re hiring…

Richard Orme, CTO, Photobox Group

About us

Photobox Group is Europe’s leading digital consumer service for personalised products and gifts and parent of the Photobox, Moonpig, Hofmann and posterXXL brands.

Creative Commons License

© 2018, Photobox Group Security. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Contact

Photobox Group Security
Unit 7, Metal Box Factory
30 Great Guildford Street
London
SE1 0HS
England