Bud Homeyer
Bud Homeyer

Chief Operations Officer

Managed Network & Voice PCI Compliance Restaurants Retail

Network Modernization – A Practical Guide for Multi-Site Enterprises

What’s Driving Network Modernization in Multi-Location Enterprises?

Multi-site enterprises and consumer-facing brands such as retail and restaurant chains have bounced back from the shock of COVID-19. In hindsight, the winners are those retail and restaurant brands that could adapt to dramatic shifts in customer preferences, high frontline staff attrition rates, and a slew of unexpected physical security and supply-side challenges.

The only way businesses can deal with future uncertainty is by investing in human capital and technology infrastructure that can support rapid changes in operating models.

Here are the key reasons why network connectivity and security hence take center stage in any program that aims to build an agile multi-location business.
Industry Disruption
Why Network Modernization is Needed
Challenges in Hiring & High Employee Turnover

According to the National Restaurant Association, the restaurant industry is currently operating with a labor shortfall of 540,000 employees. The US Bureau of Labor Statistics reported the annual average total separation rate for the retail industry was 5% compared to 3.9% across all industries in May 2023.
Boost Employee Productivity

Retail and restaurant operators have to keep a sharp focus on boosting employee productivity at every touchpoint and automating mundane activities. A scalable network backbone is critical to deploy time-saving productivity and collaboration applications and improve application performance.
Changing Customer Expectations

According to Brandwatch, in 2023, consumers are placing a lot more emphasis on convenience. There is a 12% increase in social media chatter about convenience and shopping experience compared to the previous period.
Create Superior Customer Experiences

Restaurant brands have to reimagine the dining space with a focus on enhancing the speed of service, offering greater convenience, and a wide range of digital ordering services. Similarly, retailers have to invest in delivering superior in-store experiences and last-mile fulfillment across channels. None of these are possible without the underlying network and connectivity infrastructure.
Rising Food Prices and Inventory Glut

The US Department of Agriculture reported that the restaurant consumer price index in July 2023 was 7.1% higher when compared to the same period in 2022. This has impacted both retailers and restaurants. Rising prices also mean unsold inventory. Markdowns and discounts help move them but leave a serious dent in the bottom line.
Invest in Streamlining Operations

Retailers and restaurant brands want to streamline every aspect of their operations to cut costs. Economies of scale are needed in the entire supply chain and the underlying tech infrastructure to take advantage of standardized processes. Well-designed network backbones can optimize operating costs and support advanced analytics solutions to streamline the business.
Violence & Theft

Business locations, especially those in high-risk areas, face significant threats in the form of violent customers, robbery, and gun violence. Internal theft and cash handling risks have historically been a concern for retail and restaurant operators
Invest in Intelligent Security Solutions

Retailers and restaurant chains have to invest in intelligent security systems that provide advanced warnings and are capable of zeroing in on anomalies across millions of POS transactions. This requires investment in a wide range of cloud-based, AI-enabled sensors and data analytics. None of these applications can be deployed with outdated network infrastructure.
As multi-site businesses attempt transformative initiatives, they are faced with practical issues that go back to network design, labor-intensive network operations, management protocols, hardware procured from diverse vendors with differing capabilities, and network security vulnerabilities across the infrastructure.  
  • Employees are becoming more mobile, accessing the network from various locations and endpoints beyond corporate IT control. They are also connecting to public clouds for essential business applications like Office 365.
  • IoT devices, widely distributed in remote and unsupervised locations outnumber human-controlled endpoints opening the door for new security threats. 
  • Cloud service providers have expanded their presence across numerous branches, which connect directly to the cloud, bypassing corporate data centers.
  • With ever-tightening Payment Card Industry (PCI) requirements and data privacy regulations, restaurants and retailers face tremendous risk when migrating data from on-premise POS to cloud-based solutions that offer easier integration with inventory management, online ordering platforms, and the extended supply chain.
  • Support for bandwidth-intensive applications such as video management systems and devices with edge computing capabilities that deliver critical real-time data on store operations (such as security cameras) can be challenging when the last-mile connectivity is not properly handled.
 
The goal of any network modernization program should not only take into consideration the evolving technology solutions that drive transformation but also aim to create a resilient technology operating system that can change rapidly without creating bottlenecks in the future.

Challenges in Managing Legacy Network Infrastructure

There aren’t clear-cut answers. Most likely, retail and restaurant chains always have some part of the network designed decades ago and other parts that were added recently.

Outlets with legacy network components can still run online ordering operations, support in-store applications, and manage their supply chains. The real problem is in administering the network and the penalty it imposes through inefficiencies, downtime, latency, and security vulnerabilities. The limits of what a network infrastructure can support efficiently determine whether a network upgrade is needed or not (Refer to Exhibit 1).

Challenges in managing legacy network infrastructure
Exhibit 1: Multi-location businesses face a variety of challenges in managing their network infrastructure.

Flat Network Architecture

Restaurant chains with a flat network architecture face significant challenges as the business grows and new requirements emerge.

1. Limited Segmentation

Without dividing the network into security zones, all devices and systems within the organization, such as point-of-sale (POS) systems, employee workstations, and guest networks, are interconnected. This lack of segmentation increases the attack surface, making it easier for an attacker to move laterally across the network. For example, a malware infection in a POS system could spread to the corporate network, compromising sensitive data and systems.

2. Increased PCI Audit Scope

In a flat network, the scope of the PCI audit expands, encompassing the entire network infrastructure, rather than just specific segments. This can increase the complexity and cost of compliance efforts.

3. Weakened Access Control

Without segmentation, it becomes challenging to implement role-based access controls, network segmentation based on user roles, or least privilege access principles. This can result in unauthorized access to critical resources, data leakage, and a higher risk of insider threats.

4. Performance and Scalability Bottlenecks

A flat architecture can hinder performance and scalability. Broadcast and multicast traffic, typically limited to individual segments, can quickly propagate throughout the entire network, leading to congestion, reduced bandwidth availability, and degraded performance.

5. Difficult Troubleshooting

Lack of segmentation makes it challenging to pinpoint the root cause of network problems. This results in increased downtime, extended troubleshooting efforts, and potential business disruptions.

Manual Failover

Manual failover relies on the availability of personnel to identify and respond to network failures promptly. There are serious risks of not upgrading to automated failover systems.

1. Limited Scalability

As the network grows in complexity, manually managing failover becomes increasingly challenging. The need for human intervention in every failover event can limit the network’s scalability and agility.

2. Increased Operational Complexity

Implementing manual failover requires detailed documentation, well-defined processes, and trained personnel who understand the failover procedures. It also increases the reliance on specific individuals or a limited group of staff members with the necessary expertise.

3. Prone to Human Error

There is an increased risk of human error during the transition, such as misconfiguration or oversight, which can lead to service disruptions or unintended consequences. Human error becomes more likely in high-pressure situations, potentially impacting the network’s availability and stability.

Centralized Network Security

Some retail and restaurant chains continue to rely on the security infrastructure at the data centers to do the heavy lifting. This approach can stifle application performance and increase network administrative complexities.

1. High Latency

Routing all traffic through the data center for security scans can increase latency and reduce the performance of internet-dependent applications, affecting productivity and user experience.

2. Increased Network Complexity

Implementing a centralized traffic backhauling architecture requires complex network configurations, including routing, load balancing, and secure tunnels to redirect traffic to the data center for security scans. This complexity can make network management and troubleshooting more challenging.

3. Limited Local Response Capability

Backhauling all traffic for security scans to a central data center can limit the ability to respond quickly to local network security incidents. Any network threats or anomalies that require immediate attention or localized mitigation experience delays due to the traffic redirection and the need to wait for security scans performed in the data center.

Legacy Routers, Modems, and Firewalls

Basic routers, modems, and consumer-grade firewalls lack advanced security functionalities, such as deep packet inspection, intrusion prevention systems (IPS), or advanced threat protection. This leaves the network vulnerable to sophisticated attacks and exploits targeting higher layers of the network stack.

1. Insufficient Traffic Visibility

IT teams may struggle to identify and address anomalous or malicious traffic patterns, making it harder to detect and respond to security incidents promptly.

2. Limited Scalability

As the network expands with additional branches, devices, and users, legacy routers, modems, and firewalls may struggle to handle the increased traffic volume and advanced security requirements. This can lead to performance issues and network bottlenecks.

3. Limited Support and Vendor Updates

Basic routers or consumer-grade firewalls often receive limited vendor support. This can result in outdated firmware, unpatched vulnerabilities, and a higher risk of security incidents due to the lack of ongoing security updates and patches.

Unmanaged Switches and Network Installation

Unmanaged switches offer limited or no visibility into network traffic and lack advanced monitoring features. Using them often results in ad hoc cable installations that hinder maintenance, troubleshooting, and overall network management efforts.

1. High Failure Rates & Poor Manageability

Unmanaged switches typically have a lower build quality that can lead to higher failure rates, increased downtime, and the need for frequent replacements.

2. Limited Scalability and Security

They lack features such as VLAN support, access control lists (ACLs), or traffic segmentation, which are essential for implementing network security policies and isolating different segments of the network.

3. Cable Loops and Performance Issues

Without proper cable management and oversight, unmanaged switches can contribute to cable loops leading to network broadcast storms, increased network congestion, and degraded performance.

Legacy WiFi Technologies

Businesses relying on legacy WiFi technologies are saddled with lower speeds, and limited bandwidth compared to newer standards like 802.11ac or 802.11ax (Wi-Fi 6 and Wi-Fi 6E). They may not offer the same level of coverage as newer standards resulting in dead zones or areas with weak signals within the premises.

1. Lack of Support for Critical Applications

Modern restaurant and retail chains often rely on various advanced applications and technologies like mobile point-of-sale (mPOS) systems, inventory management systems, order management systems, kitchen automation systems, and IoT devices. Legacy WiFi technologies may not offer the necessary capabilities to support these applications efficiently, limiting the potential for digital transformation and innovation.

2. Inability to Support High Device Density

As the number of devices connecting to WiFi networks continues to rise, legacy WiFi technologies may struggle to handle the increased device density as they operate on crowded and congested frequency bands, such as 2.4 GHz. This can lead to interference from other devices using the same frequency, resulting in degraded performance and unreliable connections.

3. Security Vulnerabilities

Legacy WiFi technologies may lack the advanced security features available in newer standards. This leaves the network more susceptible to unauthorized access, data breaches, and other security threats.

How Business Needs Can Be Mapped to Network Modernization

According to a 2023 retail industry CIO survey by Gartner, 35% of retailers surveyed cited “growth” as their priority, 27% said they will focus on customer experience, and 20% of the retailers surveyed are doubling down on technology modernization. In the restaurant industry, customer convenience and labor shortage were the key drivers for modernization. According to a survey of 300 restaurant operators by SpotOn, 75% of all restaurants surveyed planned to invest in technology modernization in 2023 to combat key labor shortages and offer better customer experience. These business imperatives are completely reliant on network modernization as highlighted below (Refer to Exhibit 2).
Business priorities require supporting network upgrades
Exhibit 2: Multi-site businesses have to upgrade their network infrastructure to support business priorities.
Business Drivers
Network Improvement Needed
Support for increasing transaction volumes, new store openings, and geographic expansion.
Ability to launch new locations using network templates and automation.
Minimize network downtime to ensure uninterrupted POS transactions and customer service.
Redundancy and fault tolerance mechanisms to mitigate the impact of hardware failures or network outages.
Strengthen network security to protect sensitive customer data and payment transactions.
Compliance with industry regulations, such as Payment Card Industry Data Security Standard (PCI DSS).
Enable smooth integration of online and offline channels to support unified commerce.
Connect in-store systems with ordering platforms, inventory management, and customer relationship management (CRM) systems. Support the integration of IoT devices for inventory tracking and layout analytics.
Improve visibility and connectivity across the supply chain for inventory management, logistics, and order fulfillment.
Build integration with vendors, suppliers, logistics, and delivery partners for real-time data exchange and coordination.
Elevate customer experience at the restaurant and the store.
Deploy reliable and fast Wi-Fi for customers and enable mobile device usage. Support dynamic or personalized menu boards, and enhance drive-thru and checkout experiences.
Streamline network operations, reduce maintenance costs, and optimize network resource utilization.
Monitor network performance, security, and compliance from a single dashboard.

Network Transformation Case Studies

The below case studies for a hypothetical multi-site business highlight two different approaches to upgrading the network based on business requirements.

Expand Drive-Thru and Phone Orders for a QSR

FeastOn was operating in a highly competitive QSR segment with a growing digital footprint. The company wanted to deploy a cloud-based POS integrated with an online ordering system, improve its ability to handle phone orders, and expand drive-thru services.

Network Requirements 

FeastOn IT team identified the need for a high-availability design with 4-hour hardware replacement, WAN failover, redundant 48 port POE switches, 1 access point (guest and company use), VoIP with 4-6 corded phones, loud ringer, caller-ID integration with POS, integration of phones with text messages for order management.  They required the ability to deliver drop-free calls during a WAN failure and to keep online orders (web and POS integrators, 60-70% of all orders) working while running on their backup connection. The current POS integration required a single public IP address that could be used over any circuit at each location for this to work. 

Solution

FeastOn implemented two different network solutions based on traffic volumes and the growth potential of the location. One set of locations had a 4-hour hardware replacement SLA and the other set of locations came with a high-availability design that did not require immediate hardware replacement.  The solution also included a cloud gateway SD-WAN solution that ensured phone calls did not drop during network failure and orders were able to flow seamlessly via the POS integrator that switched to the backup circuit. There were extra redundancy factors added to protect against any cloud gateway failures.  This solution provided FeastOn with both WAN and hardware resiliency and met all application and phone failover requirements. This setup allowed them to continue to use some older POS setups while they transitioned to the cloud-based POS in phases.

Eliminate Downtime and Improve Network Security for a Retail Chain

QualityM realized that store operations were always hobbled by patchy network infrastructure nationwide. Network downtime was commonplace, network security management was a headache, and the legacy POTS phone system kept customers unhappy. PCI compliance kept them on their toes because of poor network design.

Network Requirements

QualityM hired a managed network services vendor to come up with a requirement for WAN redundancy, next-day hardware replacement, secure POS traffic, managed next-gen firewall, 24 port switch, two access points (guest and company use), and three cordless phones with an auto attendant that rings a group of phones to place orders.


Solution

The managed services vendor implemented a broadband circuit with automatic failover to an LTE backup. Every store had a single next-gen firewall, a 24 port switch (4 port POE injector used for the APs to keep cost down), and three cordless phones with auto attendant setup. The POS firewall sat behind the next-gen firewall in its security zone. This allowed the POS to use the WAN redundancy setup and still be secure from other network devices, which were separated into four other networks. This network design provided QualityM with a WAN-resilient and secure network.

Thumb Rules for Network Modernization

Irrespective of business needs or management expectations, there are several key factors and objectives retailers need to consider when evaluating network modernization solutions including:
  • Reliability and Redundancy

Design the network to ensure high availability and minimize downtime.
Implement redundant network components such as routers, switches, and firewalls to prevent single points of failure.

Incorporate backup connectivity options, such as failover to secondary circuits or LTE backup, for uninterrupted operations.

  • Scalability and Capacity Planning

Design the network to accommodate future growth and increasing network demands.

Consider the scalability of network devices, bandwidth capacity, and network architecture. Plan for potential expansion, new store openings, and increased customer traffic.

  • Site Preparation

Conduct a thorough assessment of each store’s infrastructure and requirements. Ensure sufficient power supply, cabling, and physical space for network equipment.

Address any environmental factors that may affect network performance, such as temperature control and ventilation.

  • Contracts with Bandwidth Providers

Evaluate and negotiate contracts with bandwidth providers to ensure reliable and cost-effective network connectivity.

Establish Service Level Agreements (SLAs) for uptime, latency, and bandwidth guarantees.

Maintain ongoing communication and relationship management with providers to address any issues or changes.

  • Contracts with Hardware Vendors

Assess existing contracts with vendors and hardware providers that are no longer needed.

Plan for a smooth transition to new vendors and hardware, including contract termination and equipment returns.

Ensure proper coordination between the network design and procurement/contract management teams.

  • Quality of Service (QoS)

Prioritize critical store applications, like POS (point of sale), inventory management, and sensitive IP traffic.

Allocate appropriate bandwidth and network resources to ensure optimal performance for these applications.

Implement QoS mechanisms to prioritize real-time traffic and minimize latency or packet loss.

  • Security

Implement robust network security measures to protect sensitive customer data and maintain PCI DSS (Payment Card Industry Data Security Standard) compliance.

Utilize firewalls, intrusion detection and prevention systems (IDPS), and secure remote access mechanisms.

Apply secure segmentation to isolate critical systems and restrict unauthorized access.

  • Bandwidth Optimization

Optimize network bandwidth utilization by leveraging caching, compression, and content delivery networks (CDNs).

Implement traffic shaping and bandwidth management techniques to prioritize business-critical applications and limit non-essential traffic.

  • Network Segmentation

Segment the network to enhance security, improve performance, and isolate different store functions.

Separate guest Wi-Fi networks from the corporate network to ensure data confidentiality and prevent unauthorized access.

Segment store operations, point-of-sale, and back-office functions to limit the impact of potential security breaches.

  • Wireless Connectivity

Provide reliable and high-performance Wi-Fi connectivity throughout the store premises.

Plan for adequate coverage and capacity to support customer Wi-Fi, mobile devices, and IoT deployments.

Implement secure guest Wi-Fi with captive portals, authentication, and encryption mechanisms.

  • Migration and Switchover

Develop a detailed migration plan outlining steps for transitioning from the legacy network to the new infrastructure.

Conduct thorough testing and validation of the new network before the switchover. Plan for minimal disruption to store operations during the migration process.

  • Proof of Concept

Roll out a proof of concept (POC) at a limited number of stores to validate the effectiveness of the network design.

Measure the performance, reliability, and security of the new infrastructure in real-world scenarios.

Gather feedback and insights from store staff and IT teams to refine the design before full-scale implementation.

  • Monitoring and Management

Implement network monitoring tools to proactively identify and troubleshoot network issues.

Utilize network management systems to centralize network configuration, monitoring, and reporting.

Ensure real-time visibility into network performance, availability, and security events.

  • Compliance and Regulatory Considerations

Adhere to industry-specific regulations such as PCI DSS, GDPR, and HIPAA, based on the retail chain’s operations.

Design the network to meet compliance requirements and implement appropriate security controls.

Maintain audit trails, access controls, and security documentation to demonstrate compliance.

  • Training

Provide training sessions to educate retail staff on the new network infrastructure and its benefits.

Offer guidance on network usage, security best practices, and troubleshooting common issues.

Ensure that staff members understand how to utilize new applications and tools enabled by the upgraded network.

In-House Vs Managed Services Providers for Network Modernization

Can retailers and restaurant brands choose to implement complex network modernization projects internally or should they choose to work with managed service providers? While there will always be opportunities for in-house network transformation projects, most Businesses are choosing to partner with managed network services vendors. According to Gartner, “Enterprises struggling to balance expense reduction with greater WAN and LAN agility and performance are increasingly turning to managed network services.”  Also, the need to lower capital spending and gain access to specialized skillsets needed for digital transformation make managed network services vendors a compelling option to consider. Here are some additional insights on what’s driving retailers to hire managed network services vendors.
  • Network Management Skill Gap

The demand for diverse network management skill sets and the ability to hire and retain employees with specialized network engineering skills can be a tough challenge for enterprises who would rather spend the time and money to strengthen core business operations and build products or services.

For example, a medium-sized retail chain or a restaurant chain looking to design and roll out an SD-WAN solution will probably need highly skilled network engineering talent during the initial design and roll-out phase. Once the solution is stable, the IT organization’s focus will be on ongoing maintenance and periodic updates.

  • Troubleshooting Challenges in Multi-Vendor Setup
Network technologies are increasingly becoming complex and involve integrating solution components from a diverse set of hardware, software, and bandwidth providers. Implementing a sophisticated network connectivity backbone for optimal business application performance will involve a mix of third-party vendors and OEMs specializing in different aspects of the solution. Troubleshooting performance issues with a POS machine at any location can involve packet tracing across multiple devices, networks, and the ISP serving the location. Coordinating troubleshooting involving multiple vendor entities can be a significant drain on the internal IT team’s productivity. It can even compromise routine tasks that the IT team is primarily responsible for due to lack of time.
  • Limited Geographical Reach

Retail and restaurant chains manage hundreds of geographically dispersed locations or branches. Relying just on internal capabilities and skill sets to manage IT/network operations is not practical for a multi-location enterprise. It’s not feasible for internal network engineers to travel across states or international borders to set up or troubleshoot network issues at branch locations.

  • Network Security & Compliance Gaps

In addition to managing a complex security environment, enterprises have to also comply with various data management regulations that are directly related to how secure and compliant the underlying network is. Compliance regulations such as PCI and SOX impose a significant burden on retail IT teams that are focused on complex network modernization challenges. Most retailers face significant cybersecurity challenges as they embrace the cloud and grapple with a combination of lower-than-average staff focused on security operations and inventive cybersecurity attacks that target POS and loyalty management systems.

  • Access to Technologies
The urgent need to transform business operations is felt a lot more in consumer-facing industries such as retail. In most cases, investments and upgrades in network technologies cannot be handled in-house due to the lack of skills or tools needed for such complex projects across multiple locations. Multi-location enterprises have complex networks that are often difficult to upgrade. Managed network services providers with proven expertise and the backing of the solution providers or hardware vendors are well suited to pilot untested technologies, demonstrating ROI before implementing the solution on a large scale.

For a more in-depth understanding of why businesses should hire a managed network services provider, please read this informative blog post.

Ready to Upgrade Your Network?

Your network can be a competitive advantage. Talk to our experts to find out how you can upgrade your network infrastructure and maximize ROI for your investments.

Arrow Right Arrow Right Get a Free Consultation

Share this article

Contents

About the author

Bud Homeyer
Bud Homeyer

Chief Operations Officer

Bud Homeyer is the Chief Operations Officer at Interface Systems. Having worked as an IT and security leader for leading consumer-facing brands like Michaels, Brinker, and Bank of America, Homeyer has a proven track record of solving complex enterprise-wide challenges to drive growth, productivity, and profitability. He spearheads Interface’s efforts to help customers embrace new technologies while minimizing risks.