Domino's Pizza: A blueprint for secure enterprise IoT deployment
Article by Rapid7 IoT principal security researcher Deral Heiland.
Increasingly, organisations are embracing smart technologies to underpin innovations that can enhance safety and productivity in every part of our lives, from industrial systems, utilities, and building management to various forms of business enablement.
But whilst these technologies offer enormous benefits, as with any new technology, they also introduce the potential for unintended consequences due to technical issues or manipulation that may not yet have been uncovered and mitigated.
The very purpose of Internet of Things (IoT) technologies is to bridge the divide between our virtual and physical worlds, and as such, technical manipulation or failure has the potential to result in loss of privacy, availability of systems, and in some cases even physical harm.
Recently, I had the opportunity to work with Domino's Pizza to evaluate an internally conceived IoT-based business solution they had designed and deployed throughout their store locations. The multi-national pizza restaurant is the perfect example of a large enterprise business that leverages IoT technology for business enablement on a regular basis.
The Domino's IoT-based ecosystem solution is referred to as Flex, a platform-based solution that consists of various small services. This allows stores to leverage various web experiences and digital products on a variety of kiosk screens in their stores. These are purpose-built, Domino's-specific products that store team members leverage at will. The platform powers all in-store screen technology, allowing stores and team members to be more efficient and situationally aware, so they can effectively run their respective stores. The platform also provides a centralised cloud-managed platform with Domino's hosted experiences, which provides stores and team members with the flexibility in technology they need to make the stores efficient and successful.
The goal of this research project was to understand the security implications around such a large-scale enterprise IoT project and the processes related to acquisition, implementation, and deployment; technology and functionality; and management and support.
The project started with each of the internal teams involved with the project discussing those key areas and how security was defined and applied within each. This provided valuable new insight into how security should play into the design and construction of a large IoT business solution, especially within the planning and acquisition phases, and see how a security-driven organisation like Domino's approaches a large-scale project like this. Two key takeaways emerged. First, always consider vendor security in your risk planning and modelling. Second, security "must-haves" should map to your organisation's internal security policies.
It was also necessary during this initial phase to conduct a full ecosystem security assessment, examining all the critical hardware components, operation software, and associated network communications.
As with any large-scale enterprise implementation, we found a few security problems, which is why all projects, even those with security built in from the start, should go through a wide-ranging security assessment to flush out any shortcomings. This enabled the security teams and project developers to quickly create solutions for fixing the identified issues. Additionally, by observing and discussing the processes and methodologies used for building and deploying fixes into production, the assessment ensured Domino's did it in a safe way to avoid impacting production.
During a typical security assessment of an enterprise-wide business solution like this, we are reminded of a couple of key best-practice items that should always be considered. First, when testing the security of a new technology, use a holistic approach that targets the entire solutions ecosystem. Second, conduct regular testing of documented security procedures — security is a moving target, and testing these procedures regularly can help identify deficiencies.
Once an idea is designed, built, and deployed into production, we have to make sure the deployed solution remains fully functional and secure. To accomplish that at Domino's, they moved the deployed enterprise IoT solution under a structured management and support plan. This support structure was designed as expected to help avoid or prevent outages and security incidents that could impact production, loss of services, or loss of data, focusing on patch management, risk and vulnerability management, and monitoring and logging.
Again, it was important to sit down and talk about security with the various teams involved in the support infrastructure and see how it was not only applied to this specific project but how Domino's applied these same security methodologies across the whole enterprise.
During this final evaluation phase of the project, we were reminded of one of the most critical takeaways that many organisations fail to apply (but not Domino's). That is, when deploying new embedded technology within your enterprise environment, make sure the technology is properly integrated into your organisation's patch management.
At the conclusion of this research project, I have a greatly improved understanding of the complexity, difficulties, and security best-practice challenges a large enterprise IoT project could demand. However, I am pleased to say that on this occasion, Domino's was up to that challenge and successfully delivered this project to their business.