Securing the Sweet Treats

View This Article in BOSS Magazine

Krispy Kreme is on a hot streak in cybersecurity

Krispy Kreme, a North Carolina-based global doughnut maker, operates in more than 35 countries through its network of “hot off the line” fresh doughnut shops, partnerships with leading retailers, and a rapidly growing ecommerce and delivery business. Krispy Kreme’s glazed baked goods have a passionate, vocal, and growing fanbase.

“We're growing rapidly organically and through strategic partnerships, which, as you can imagine, means a similar expansion for technology, customer service, and everything that it takes to deliver the world's most loved sweet treat,” said Krispy Kreme’s CISO and Senior Director, Infrastructure, Jerry Fowler.

As the company expands, “The team is engaged with the major growth functions in our company – logistics, real estate, partner organizations – and we are carefully managing how we scale our infrastructure safely,” Fowler said.

An entire team is dedicated to ensuring that the process is moving in the right direction. “One of its beauties is how we interact across the businesses,” he added. “Technology is advancing rapidly just as our business is growing, and it’s important that we push ourselves to evolve and expand tech capabilities at pace.

“We want to be in the mindset of integrating technology with our different business units and provide an avenue for everyone to do their  jobs better, more efficiently, and more securely.”

The approach fosters a cohesive relationship between how the business operates and how the information technology group creates a backbone to do so rapidly and at scale.

While expansion is undoubtedly a massive project for the doughnut maker, Fowler’s team also has the entire global organization to secure. “I’m told all the time at CISO forums, ‘You guys just make doughnuts.’ And yes, we do that. We make one of the world's most loved sweet treats, and you would be surprised at how much action takes place on the cybersecurity front,” Fowler noted.

Changes in the scope and severity of threat landscapes, upcoming SEC and other international regulations, and a number of other variables keep the team busy.

Their effort to better support their expanding network carries the increased risk of cyber threats. “We want to be able to handle cybersecurity for every Krispy Kremer that works for our company, no matter where they are,” he said.

To that end, the company is exploring different approaches to engage as many employees as they can to inculcate threat awareness. Simple reminders are pulling back the curtain on IT so that employees can engage with the tech team from a security and compliance standpoint, which will ultimately make them easier to protect.

Fowler believes in using multilayers of security to prevent unauthorized access and threats, so if one layer fails, others will kick in to hold the line against further attacks.

“There's an art form and a line to operate, one that creates a really secure environment,” he said. “With that protection, you want users to have the freedom to be able to move quickly, and that comes with a scalable and secure infrastructure.”

A recipe for success and cybersecurity

Everyone has a Krispy Kreme story, Fowler says, adding that those stories are more than doughnut reviews. “They all revolve around bringing doughnuts to a friend because they had a rough day or are celebrating a family milestone,” he said. “Bringing home a box of hot, fresh doughnuts is the kind of interaction we are looking to have in place for consumer engagement.”

The technical infrastructure required to deliver a joyful consumer experience is not obvious to the consumer, Fowler says. “I love talking about stuff that allows us to rapidly scale up a franchise location, a bakery, a retail location, and do so in a way that IT is not the anchor but more like the sail that allows us to propel forward at a more efficient speed,” he added.

As Krispy Kreme expands internationally, there are times when new threats may not be immediately obvious. “When we scale or rapidly expand in an area, our first thoughts are about infrastructure we put out there and how we secure it from Day One,” he explained.

Fowler credits many partners that he works with daily on his success in scaling, protecting, and being in compliance. Two examples are HighPoint and AccessIT Group. “These companies have really stepped up to the plate,” he said. “They understood our vision of what the infrastructure, cybersecurity, and GRC should look like, and they've been valuable partners.” Building a strong ecosystem of partners is a critical requirement for every CISO, Fowler says. “In today’s world, both the advances in tech and the expansion of threats require a broad team of partners as part of any differentiated strategy.”

The Krispy Kreme culture is “absolutely amazing,” Fowler stressed. “Krispy Kreme has been here for 87 years making fresh doughnuts, and there are a lot of teams that make it happen, and I am very honored to be a part of it. At the end of the day, we truly strive to be the best we can be as we work to become the world’s No. 1 sweet treat!”