A Discussion on the Technology, Trends and Security Challenges Shaping the Future Restaurant
Hi, this is Jason "Retail Geek" Goldberg. Welcome to the National Restaurant Association Thought Leadership panel on future retail. We've gotten together. Some of the foremost experts in the industry to have a conversation about some of the topics that are facing us in 2022. So without further ado, let's meet the panel. Karl, can you start by introducing yourself? Sure.
Karl Goodhew, BergerFi International I'm responsible for 120 plus locations in the United. Colleen Caruso. I head up our enterprise sales, engineering and operations, and I'm fortunate enough to have Karl and is one of our customers providing manage services.
I'm Courtney Radke the Field CISO Retail at Fortinet. So we provide security and networking solutions for the retail industry. So I started my career at a now butt of the joke retailer named blockbuster entertainment and blockbuster was digitally disrupted in about 1998.
And I would argue that the restaurant industry has really only been disrupted in the last couple of years. And so it's super interesting to me to think about all the new challenges and opportunities that restaurants are being presented. As a result of this digital disruption, we're seeing a lot of the traditional barriers that separated different channels of restaurants are now competing with each other.
So you can use digital to have a very fast experience and a fast casual restaurant that could now compete with the QSR. And we have grocery stores that are now trying to deliver ready to eat meals. In competition and every restaurant has to sell in marketplaces. And we have this whole new ecosystem of digital amenities that restaurants are expected to offer. And at the same time, we're in this epic battle for talent and labor.
And because of the constrain labor force they have a lot more autonomy and we now have to appeal to them to win the labor that we wanna win. It's a really challenging time for restaurants. And I would argue that there's a tremendous opportunity for the restaurants that can get ahead of curve in this regard. Karl, that's a perfect opportunity to start with you. What are some of the challenges you are seeing in this digital disruption of of restaurants? I would say that the biggest challenge that restaurants are facing with this digital disruption is that a huge portion of the service is now shifted outside of the four walls. So obviously to compete, you have to be online, you have to be ready to serve your customers wherever, and whenever they want.
And however they want. So it's tough as a restaurant to wrap your head around that. If you're an operator you're thinking about cooking fries or making burgers, not.
About the online experience, not about the different ways that a customer might find you all the competitors that you just mentioned. So now you're competing for market share on the social space in on search pretty much every different medium you have to. And understand what your competitors are doing and make sure you're there and your customers know about you and their top of mind, and then obviously share wallet. For me we separated into two different buckets of thinking. It's really what happens in the restaurant and engaging the employees so that they can do a job in an easier way. And that might be done through training mechanisms.
It might be done through service announcements to let 'em know that someone arrived through curbside or something like that. And then we also think about the customer experience. And how they're greeted, whether that's through venue boards, kiosks, POS online, so on and so forth. So it's really complicated.
And you have to really work with your partners to, to leverage the expertise that's available to you because frankly, that labor situation, isn't just in the restaurants, it's in the corporate environment also. So I can. Go and hire techs to go up and down to east coast and service. It's mulitpronged and it's very complicated. It does sound super complicated. You had me at making French fries by the way.
But Courtney is as Karl is describing all of that, I'm imagining that it's also rising a lot of new security concerns as well. Yeah, absolutely. I. I came from the restaurant industry. And I feel like this digital transportation's been happening by some time restaurants, especially happen to make sure that they're getting, access to their customers, wherever their customers are, whether that's now through mobile where you're gonna align directly to the store.
We, we talk about it often as that marriage of physical digital, it's gonna happen over the last five years, but definitely over the last 18, 24 months, it's continued to pick up. It's probably never going to stop. So what that does. This brings on some security concerns, just in the sheer scale technology that's brought outta these organizations.
It's, nothing for us to see a customer that has 30 or 40 different technology vendors inside of their environment. Now we're talking about bringing, all of the devices online inside the store the fry cooker, that you're just talking about that's online, the fridges, have IOT sensors, there's solar panels on the roof, all of this technology coming in. It's bringing along that third party, that supply chain risk, where you may have all the greatest standards from a security standpoint, but maybe those partners don't. And so what I think we've seen is subscribing to more of the platform approach of taking those, 40 or 30 vendors or whatever down and bringing it into a manageable amount of them. That's done through. Obviously subscribing to a platform ecosystem.
We like to say, restaurants are either becoming a platform leveraging one, or they're maintaining status quo. And that doesn't last very long. So when we talk about technology, it's through, the partners obviously takes operators in the restaurant industry that are at least fast followers. They don't have to be eating all the time, but utilizing the technology that's available to them through their partners and hopefully in a more integrated. so Courtney, when you talk about all of that it needs me start to think about how mission critical this new infrastructure has begun back in the beginning of my career. When a store would lose telco, what that meant is they would've to get out a physical entran machine to take credit card.
And it was barely a disruption to the business. Yeah. But today with these always. Digital experiences. I imagine that connectivity and that infrastructure is more mission critical than ever.
Karl, do you lose any sleep over that at all? No. No, no. You have to think about that. So yeah it's very painful. It's the always fun customer experience.
As we just said over the last, couple months we, or years we've really realized that it's always on all the time where it has to have consistency of experience, because there's also more options out there than ever before. And so I think now it's become more business critical ever. So we felt like it's really things like SD-WAN to protect that internet connectivity. Has become a necessary, not a nice to have it's that you need to have this now, even just to maintain tables, sticks with the rest of, the competition that's out there. It's about resiliency and redundancy, but really how can survive a failure, but also how could your applications continue even in the event integrated state that's important right now.
And I think from my perspective that Colleen can agree or disagree, , it's not just about the technology, it's not just about the connectivity, but you need that managed service partner to be able to make sure they're taking care of keeping your network up. So that folks that are in your restaurants are paying attention to your business, addressing. Labor challenges.
And, we Hughes have the security inhouse expertise to make sure that your team isn't dealing with that we are so we lose. So you do it. , that's very true. That's very true.
I would say maybe three years ago. The approach was well, we've got floor limits on our payment system, so we can still operate. It's not great, but we've got a fallback scenario now that close to or approaching 50% of the business may be going through online channels. You can't do that.
That's not an option. So you have to have that ability to make a phone call or actually be, have a proactive view of the network. That's right. And understand where things are possibly failing. Proactively go out there and take care of business.
Colleen, Karl mentioned earlier talking about the necessity to rely on partners and unique expertise in this modern ecosystem. And one of the acronym soups that came up with me was the distinction between managing service providers, MSPs and SSPs. And I was hoping if you could maybe shed some light on what the heck that is. Sure. Yeah, absolutely. QS as a managed services provider and MSP, we've looked at these digital transformations.
We've been a partner, a solid partner for net for what? 16. Wow. A while, long time. And we've noticed this transition.
and in order to attack it, we've made this investment into becoming more of a managed security services provider. So taking on a lot of the cyber security risks of our customers and being able to, in increase our. Subject matter expertise, because as we know, that cybersecurity, labor is a challenge right across the board. So we've made huge investments. We've made that transition with, the help of for net and we've expanded our security portfolio.
You talk about IOT, you talk about putting sensors on refrigerators, stoves, et cetera. That just expands your F and so you have to, you have to not just have the security technology, but you need to have the, the processes, the people and how do we. How do we, respond in the event that there's a cybersecurity threat. And what's interesting is of course we're inviting our customers into the environment and we're asking them to use our network to order through tabletop ordering or through their phone use loyalty. So the number of attack vector has increased substantially exponential exponentially.
Yeah. And that's not, that's customers, you can't control 'em so you just have you, you have to be monitoring and making sure no one's getting with various. Exactly. Yeah. We talk about it again as that there's two cans consolidation, moving it down to the. Manageable amount of vendors in the environment.
It's also about the convergence of network and security. It can't be two different camps anymore. Your network has to feed into your security tools.
Your security needs to be able to understand if there's anomalous traffic on your network, discern that very quickly and make sure that you're spotting threats, as quickly as possible. So I, I don't think they can be different cancers in their. Working do partners working, can do these technology platforms. I think we'll see that more often that there's not gonna be as many lines between network and security teams. It's gotta be converged. Yeah, I agree with that, for sure.
That was another driving reason for us to do that. And then also I'll add on there that I certainly don't have the stack to be monitoring 24 7. And they don't have the expertise to understand.
You don't have to stand whole. I try not to. Sometimes I do, but no, to have an expertise, an expert partner or partner in the field that understands what's important and more importantly, sometimes.
Hey, that's not a problem. So I will say also that I don't wanna stay up all night and this this threat landscape is something that's there 24 7 with the nature of wifi and, your network being outside of the full walls someone could be right outside of your restaurant and. Attacking you, I don't have the staff to monitor 24 7. So I think it's important to have a partner.
Who's an expert in that and understand what's important. Notify us when it is important. And then sometimes it's also important or it's important for my sanity. I just that they understand when it's not important. And just, Hey, this business is usual. Yeah.
And, we've been able to create, our sock as a service and so bringing in that talent so that we're looking at the locks for you, we're determining what the mitigation should be. We're providing that incident response that you just don't have the staff for. And we've been able to strengthen those security services again with. Partnership that we've had right over, these years.
And it's just it's been fabulous. And I think we've shown that with what we've been able to do over fine. Yeah. I mean our FortiGuard, threat intelligence, they respond on or look at billions of events every day.
We have one of the largest sensor networks in the entire world. If it's been out there, if it's something occurring, it's the various chances are we've seen it or we're the ones spotting it. And so that the technology that feeds back into these restaurant organizations that, that our partners leverage is, it's, we have hardware, but we also have, services and software so that the big brains behind the operation is Ford guard. It's, 20 years now of front intelligence discovery, information sharing.
And we work with a lot of organizations, in the industry to help share information with them as well, because I think we're only as smartest to some of all our knowledge that's out there. And so we'd like to share that with our partners and with our customers as. And I, I will say it's a public company. I have an obligation to monitor and report out when something does occur.
I'm legally required to do that. So without someone that I trust, who's monitoring that I wouldn't be able to book my board in the eye and say that I'm doing that and doing a good job. I definitely partners who could monitor 24 7. One of the common denominators I've noticed of all these digital disruption is the incredible acceleration of the pace of business, both customer expectations employee expectations, shareholder expectations. And I have to imagine that speed has a really prominent impact on security as well.
Courtney is, can you talk a little bit. Yeah, absolutely. We like to say that, speed is the one. The time is the one thing you can't get back in tax. So speed is your friend speed.
Do identify what's on your network because the most damaging part of an attack is 12 time. How long is it there before you do, but what, collateral damage is it creating along way? So if you're not actively, proactively looking for these threads that are out there, something is going to happen at some point. So it's how quickly can you identify when it does occur in your network? Are the integrations between all of your tools? Good enough to spot in real time? I think that's what we've seen, is one of the biggest challenges that cybersecurity companies in general, don't like to work together, right? They should, we should be better at, by. So we found that making sure that everything is integrated automated, you can create that proactive stance because again, speed is key. When you're trying to prevent these fast moving attacks, ransomware botnets that are just ever pervasive in the environ.
So I think one of the things we're excited about too, making this transition into the MSSP space. We're also, taking on AIOps a little bit more in the forefront. We used to be reactive to certain things, and then we went into proactive mode and now it's, predictive and prescriptive. So you'd get ahead of these things before they even present themselves as a threat. And that's, it is just, it's exciting to see, but it's moving fast.
it's, we talk about it, security at speed of the business, because what we should never be doing as a security company is making, you have to say, no, you should be able to say yes, more securely, more effectively, more quickly to security has been seen as a bottleneck. It's been seen as, a hurdle to overcome. So we like to make sure.
Any technology we're developing for the industry allows them to do that at speed of business integrate with your business practices. Are there additional steps sometimes? Yes, absolutely. For sure. But I think we have to look at the consequences of not taking security, doing it effectively or building it in from the beginning.
We've seen the consequences of that. So I think a lot of organizations are definitely more security focused. But especially over the last 18 people months and I'll add too, but relying on partners like Fornet and Hughes, who think about that all the time and have the power of their business and the numbers and the scale to do that, it frees up the restaurant industry and the restaurant tours to think about how they're going to serve customers better. So that, that speed of service. Is really now becoming how can I change and react to the changing business environment and make sure the customers are being served in the way that they want be served. Absolutely.
I had a mentor back in the 1990s that coin phrase, anything that can be digital will be, and today that doesn't sound like very insightful, but back in the 1990s, that was somewhat controversial. And I feel like. No place one in the restaurant industry. Is that true today? I, you think about how the technology footprint is expanding in your business car.
And now the kitchen is automated with robots, the deliveries automated with drones, everything from the soap dispenser to the refrigerators and the device. I'm assuming it's super easy to get your it budget to scale proportionately with all of these new innovations we're hop for larger budget. Yeah. It's funny.
You mentioned . No, I think that you're absolutely right now at the end of the day, food has to be digested there's. There's nothing that you can change about that. However maybe someone in the future orders, not the future like today. They can order on the metaverse.
They can get an NFT to celebrate that they had this particular meal that was chef inspired. So there's different ways that that no one's really thought of it's not mainstream, but will it be, who knows? Yeah, the I feel like those sort of future opening things are so interesting. Cause it's easy to sit here and say, that's silly.
There's no ROI for ordering today, but I just need to remember like bringing a team on an airplane, flying with the bay area to order a pizza on the internet. Because there was like one zip code in America where you could do an order. And at the time we thought this is the highest friction, most ridiculous thing ever. But today of course, like nobody thinks anything on it.
And so it's really interesting to think about. Some of these bleeding edge use cases that maybe aren't necessarily huge ROI today. But it certainly seems like it's important to really be dog fooding these things and thinking about the implications of supporting them. And I imagine the security implications as well. It continued security.
I it's just rolling in ahead. All of these things, connecting drones to your logistics. I now a lot of retailers are changing space for the warehouse distribution, bringing more robotics. I know that you guys have played with a lot of that.
A lot of the restaurant industry guys as well. There. Gonna be upwards of 30 billion. I IOT devices online, I think 25. That's probably low now, based on the amount of, organizations happen that deep into that. So the security implications are just, they're now impossible to keep up with at scale, most of the times, And yeah, that's definitely something that we worry about.
So Karl, doesn't have to worry about that's what our organizations are doing. Talking about just the scale that we touched on ran somewhere and, bot, we saw a thousand percent increase in ransomware attacks from one year to the next it's leveled out over the last year, but hasn't bought down. So that thousand percent increase is just contain is maintain, is continuing. So we need, we have to make sure they're vigilant and making sure that we're.
Providing that best service out there to analyzing those events every day gives those so S active and that we can partner with, partners like huge demands that technology at scale. Connie. Is there anything that the MSPs can do to help scale this challenge? Yeah. So technology is one thing, right? Understanding where we're going, we're heading the importance that, usually it's in the background, not necessarily in the forefront is you have to test these technologies. You have to make sure that when you're putting them in, how many restaurants do you have.
We have 30 corporate and it's a total of 120, right? You're talking, you can do onesy twosy on your own, but you need someone with a proven experience like Hughes that has, we know how to kick the tires. We know how to go through proof of concepts, but we also know how to operate it at scale. These things we talk about. They're fun. They succeed.
They're gonna bring us into the next generation. There's the feed on the street that Karl referenced earlier, right? If something goes wrong, that you need someone in that store, you need that MSP to be able to operate at scale. And I think that's, what we bring to the table that you know, is in the background. Yeah.
Sorry. I came from restaurant industry and, the, having the wires that are all neatly bundled up and having, the access points and switches in Iraq, that's actually unique having every there's two different, I came side re technology. It's always pretty sexy to me to see nicely bubble buyers in the back end. I, and I think it levels up the professionalism in the environment to see a location that maybe strong together several eight port switches together, like hanging on the wall and then they're, they have professional equipment. That's actually monitoring an actual, a real firewall, not something that the cable company says will protect them.
I think. It makes it a real solution and not just something that may work sometimes. According to we joke about, about scaling it budgets, but I know a real concern for every CTO in the, this space is. How to invest their precious dollars because no one has enough capital.
Do you have any advice that you tend to give to the CTOs or CIOs about where, how they should be prioritizing that strain budget? Yeah, we talk about it again as that platform, we call it a security fabric that just make sure the technology investments that you make. Integrate well with each other that they actively share information. The, again, in the industry, we see there's a little bit of budding heads with, security networking companies that maybe their technologies don't integrate well together. So what we've seen is a move away from point product approach, this best of breed and moving into a full integrated platform where everything is sharing information.
It's easier to monitor. It's easier to manage at scale. And it provides you the best security end, the buck as well. One of the biggest issues from a security standpoint is misconfigurations is human errors.
So if you limit the amount of things that have be configured that have to monitor, put you in a much better place from security standpoint, And if we take over right, the configuration and, managing those entitled the entitlements, the licensing, your team, doesn't have to do that. We take care of that for, and we work on integration, right? If your, your network runs with, for know the coordinate security, but you also have, managed digital signage in your stores. And, so Hughes, we take on that entire umbrella.
And integrate to the point where it's seamless for you, us as the end user. Listen I could pick your brains for the next four hours, but we're actually coming up on time. So I wanna make sure that everyone has a chance to share any final thoughts that we didn't.
We didn't cover Karl from your perspective. I will take a step back, actually. Let's say that we also have to think about the fundamentals there's restaurants out there that don't have chip readers and tackle pay, which are far more secure than swipe. So if you're in the restaurant industry, go own a re. Start with the basics.
Get that right. Then think about your network. Think about the ecosystem as a whole and partner with folks who know what you're doing that way you can focus on delivering the best customer experience. Yeah. And I think from an NSSP perspective having that partner to take on the heavy lifting while you're focused on your business while your employees are, not spending time resetting a firewall or looking at flashing lights or trying to move a cable from here to there, your employees and your restaurants or focusing on your, on their. To, provide good customer experience for them.
So we close with, make that thought process, follow an MSP or an MSSP is certainly an advantage. Yeah. And I'll just kinda where we, why we see technology adoption, growing rapidly three areas that. Technology is being driven by is, we talk about the physical and digital. It's not about we, your experiential creatures.
We like to touch and build things. We like to go inside restaurants and have a sit down experience, but we also like convenience. And having the mobile apps loyalty, but all of these things are, super important. So very physical, digital adapted to the rep management workforce. There's not no people out there, so we have to gain, maintain. You retain our people by creating less friction and the training experience and the onboarding keeping employees happy at work.
That's a great resource we could have and then protecting from supply chain. Cause we, we talk about a lot of these attacks. Oftentimes, maybe an organization is the target. But a lot of times they're not collateral damage because they're trying to attack and impact, a vendor that you may be brought into environment, or one of those it devices you may have not been in goal, but part of collateral.
So we talk about protecting and supply chain risk. Those are kind trends that we see, technology, cybersecurity technology being adopted surround before. This has been an amazing conversation. Whenever we talk about the challenges and opportunity of digital disruption, people sometimes ask, like, why are you spending so much bandwidth on security? I kid that's part of it but that's only one aspect of this whole digital disruption. And I, I'm reminded of a painful experience that target 1 20 13. And for folks that don't know their credit card readers were breached in 2013 and an interesting sta.
50% of all account email@example.com never came back to target after that breach. So you think about it, there's a VP of eCommerce that lost 50% of his customers overnight. And what's painful about that is target.
Wasn't breached online. There was never security breach online. The actual vector of attack was exactly like Karl mentioned. It was an internet of things, refrigerator that was sitting on a vendor network.
And so to me that just reminds me what a critical role security plays in this transformation and how it really isn't just the job of the security view and the it department that in this comment, security is everyone's job. Everyone needs to be vigilant. Absolutely.