Frozen Assets

— By Ian Eyberg —

Secure servers in foodservice: how to freeze the hackers out cold.

2018 was a record-breaking year for data breaches. Everyone from Facebook to Marriott to even Google suffered and continues to suffer. What’s the rub? Unfortunately, every year seems to be a record-breaking year.

Ian Eyberg, NanoVMs

Restaurants have traditionally not had to worry as much about all the nastiness involving technology — after all, what’s a frying pan or an oven have to do with computers? In the past, restaurants have only had to pay attention to the essentials like POS systems which involve credit card processing, payroll and timesheets and the like; however, the flood of technology and its siren call of innovation have been creating a very large hidden set of concerns. It’s not just loyalty and drive-thru technology anymore.

Sensors have started to invade everything from the frying vats to the fridges. These aren’t your grandpa’s sensors either. In the past you might hear a smoke alarm go off if something was burning but that was only audible inside the building. Now sophisticated software utilizing advanced machine learning capabilities are starting to spring up everywhere. There’s even software that lives inside a camera to detect spills before someone slips and sues you out of existence. Indeed, even popular chains like Chick-fil-A are putting artificial intelligence and edge solutions inside each of their stores to predict how much chicken they can sell per hour. Smart kitchen indeed.

Energy management solutions are flooding into the space. HVAC can be an incredible amount of total energy cost so controlling everything like connected thermostats through real-time technology is a huge plus.

However, all this new technology comes at a price — and I’m not talking about the one-time software development acquisition cost. It’s opening new doors for businesses but also new doors for hackers.

You see, hackers like to prey on weak systems. In general, despite what Hollywood makes them out to be, hackers don’t actually care about a specific piece of software they are trying to break. Instead, all they want is access to your system to run their code — therein lies the problem.

Most of the software you interact with today — be it on a laptop or a smartphone — runs on servers. Even the apps on your phone do most of the non-UI work on the server side. For a lot of businesses that has been ‘good enough’ for the past 10-15 years. Things are now changing, however, as much of what programmers call the “business logic” is moving away from these servers in those massive data centers back out to what is called the edge. Of course, you just call the edge “your building.” Things like your connected thermostats are starting to have their “business logic” put inside a computer inside your building as new more advanced technology comes online. Much of it is being driven by the fact that things like artificial intelligence require massive amounts of data that is too slow and too expensive to ship back to the cloud. If you’re doing anything with video, like the spill detection, it just makes the problem worse.

So, what used to be the provenance of software engineers, securing their servers in data centers, now becomes something that lives on-site and is probably connected to everything else on-site like payroll, for instance, or your QuickBooks. This dramatically changes the game. What traditionally was not an easily identifiable target has now become a huge ‘hack me’ sign.

Software engineers are aware of this problem and, being the types they are, have started exploring solutions to these problems.

One of those solutions is unikernels. Unikernels are a unique spin on deploying software. Instead of deploying an operating system like Windows or Linux and then putting software on top of it, unikernels roll the operating system and the application together into one distinct unit. This unit has a four-point security model — it has no usernames/passwords, it doesn’t have a shell which is basically a way to launch other programs on the end machine, it massively reduces the attack surface and, more importantly, it’s inherently built to run only one program — yours — not the attacker’s. You see, by removing the incentive to run their programs on your systems, you start removing that big ‘hack me’ sign on your back.

Technology infiltration into your restaurant is not going to slow down and, even if you are the type that doesn’t like a lot of the technology, be aware that your competition does. In fact, these on-site technology intrusions are only going to speed up. Just as you invest in safes, security cameras and locks on the door, talk to your technology vendors and ask them if they are providing you with unikernel-based solutions or if they’re tossing you some older insecure solutions. As you adopt those connected thermostats and spill detection cameras, remember to freeze the hackers out cold.


— Ian Eyberg, CEO of San Francisco-based NanoVMs, is a self-taught expert in computer science, specifically in operating systems and mainstream security. He is dedicated to initiating a revolution and mass-upgrading of global software infrastructure, which for the most part is based on 40-year-old tired technology. For more information, visit


Tagged under