More and more organizations are embracing smart technologies to support innovations that can improve safety and productivity in every area of our lives, from industrial systems, utilities, and building management to various forms of business support.
But while these technologies offer tremendous benefits, as with any new technology, they also introduce the potential for unintended consequences due to technical problems or manipulation that may not yet have been discovered and remedied.
Internet of Things (IoT) technologies aim to bridge the gap between our virtual and physical worlds. As such, technical manipulation or failure can lead to loss of privacy, system availability, and in some cases, even physical damage.
Recently, I had the opportunity to work with Domino’s Pizza to evaluate an in-house IoT-based business solution they had designed and implemented in their retail locations. The multinational pizza restaurant is the perfect example of a large enterprise that regularly uses IoT technology for business support.
Domino’s IoT-based ecosystem solution is called Flex, a platform-based solution consisting of several small services. This lets stores use different web experiences and digital products on kiosk screens. These are purpose-built, Domino’s-specific products that team members can use at will. The platform powers all in-store display technology, allowing stores and team members to be more efficient and have situational awareness to run their respective stores effectively. The platform also provides a centralized, cloud-managed platform with Domino’s hosted experiences, providing stores and team members with the technology flexibility they need to run stores efficiently and successfully.
This research project aimed to understand the security implications surrounding such a large-scale enterprise IoT project and the processes related to acquisition, implementation, and implementation; technology and functionality, and management and support.
Start phase
The project started with each of the internal teams involved and discussed those key areas and how security was defined and applied within them. This provided valuable new insight into how security should play a role in the design and build of a large enterprise IoT solution, especially during the planning and acquisition phases, and how a security-driven organization like Domino’s can manage a large-scale project. as this approach. Two major takeaways emerged. First, always consider supplier security in your risk planning and modeling. Second, security “must-haves” must match your organization’s internal security policies.
Security rating
During this initial phase, conducting a full ecosystem security assessment was necessary, examining all critical hardware components, operating software, and associated network communications.
As with any large-scale enterprise deployment, we found a few security vulnerabilities. Therefore, all projects, even those with built-in security from the start, should undergo a comprehensive security review to eliminate any shortcomings. This allowed the security teams and project developers to devise solutions to resolve the identified issues quickly. In addition, by observing and discussing the processes and methodologies used to build and deploy fixes in production, the review ensured Domino’s was doing it safely so as not to affect production.
During a typical security review of an enterprise-wide enterprise solution like this, we are reminded of a few key best practice items that should always be considered. When testing the security of new technology, first, use a holistic approach that focuses on the entire ecosystem of solutions. Second, regularly try documented security procedures – security is a moving target, and regular testing can help identify shortcomings.
Go live
Once an idea is designed, built, and implemented in production, we need to ensure that the implemented solution remains fully functional and secure. They moved the deployed enterprise IoT solution to a structured management and support plan to achieve that at Dominoes. As expected, this support structure is designed to help prevent or prevent outages and security incidents that could affect production, loss of services, or data loss, focusing on patch management, risk, vulnerability management, and monitoring and logging.
Again, it was important to talk about security with the different teams involved in the support infrastructure and see how it was applied to this particular project and how Domino’s applies the same security methodologies across the enterprise.
During this final evaluation phase of the project, we were reminded of one of the most critical points that many organizations fail to implement (but not Domino’s). When implementing new embedded technology in your business environment, you must ensure that the technology is well integrated into your organization’s patch management.
By the end of this research project, I will have a greatly enhanced understanding of the security complexity, difficulties, and best-practice challenges that a large enterprise IoT project might require. However, I am pleased to say that on this occasion, Domino’s took up that challenge and successfully delivered this project to their company.