Dr Martens boots are trusted. Their owners know these iconic boots with their yellow stitching and opaque soles will always be comfortable, enduring and stylish. Having gone through an initial public offering (IPO) in 2021, and with market expansion plans, the IT at Dr Martens needed to be as trusted as the boots being crafted by the shoemakers. A cloud strategy, with managed service provision to keep the cybersecurity and data retention tightly laced, is keeping Dr Martens in step.
Dr Martens was listed on the London Stock Exchange in early 2021 following seven years of ownership by private equity business Permira. Under Permira, Dr Martens moved from being a business where manufacturing thinking led the organization, to a global brand with a CEO from the fashion industry.
The lessons and strategies of the Permira years remain in place and are directing the next steps in the technology direction. Dan Morgan, Global Head of Cloud & Infrastructure, says of the initial public offering (IPO):
That brings with it a host of responsibilities and requirements, particularly in cybersecurity. We have 158 stores in 60 countries and in 2021 revenue was £908 million.
Those responsibilities have led to IT expanding as a department and in importance to the bootmaker, Morgan says:
There are now as many people in IT as there were in the entire company when IT started 18 years ago. There are 4000 employees in total and 270 people in IT.
Way back when, we were a small manufacturing business with one factory and one office hanging off the back of that factory. Now we are a global retail business. So technology is only going to become more and more important.
Originally a family-owned business, Griggs, the founders launched the iconic Dr Martens boot in 1960 and ever since it has been an fashion item for punks and dependable footwear for trades people. The family sold a majority stake to Permira in 2014, who invested in the firm’s global retail outlets and online stores, the latter increasing sales during the pandemic. All of this has led to the technology estate and, in particular, security of customer details being a high priority.
Walking on clouds
The expansion of a network of physical and online stores led to Dr Martens investing in its technology estate and moving the role of technology to the center of the business. As Morgan says:
Because we are on an ambitious growth plan, then we needed a scalable stack and an operating model that would grow with the business.
Inevitably that scalable stack is enterprise cloud computing based, and Morgan’s team was mid-way through the modernization programme when he shared his story with diginomica. He says:
We have got a lot of legacy applications in the estate and a lot of bespoke applications that are not necessarily architected in the most modern fashion. As part of our growth curve over the next couple of years, we plan to modernize the application and infrastructure of the organization. We want to reduce our on-premise computing and move to software-as-a-service (SaaS).
The core of the business is now on Microsoft Azure. Morgan says:
The foundations are in place in our Azure estate, and we want to make sure that we are set up in the right way for the years to come. Once that is done, we can then look at enhancing the services piece, so in terms of the migration to the cloud, what we don’t want to do is an old-fashioned move of taking our virtual machines out of VMware and popping them into Azure.
Like many companies, we are moving to a more Agile-based approach with product teams. In my team, we are doing a lot of work on the fundamentals of DevOps with the creation of a framework. The secure framework means that the product teams can work within it and be as self-sufficient as possible, and that way they can move quicker, and there is less hand off.
This move to product teams and DevOps is titled Technology Remastered, which Morgan says is a nod towards Dr Martens’ historical connection to the music business. The online arm of the business has been the first to adopt DevOps, and Dr Martens has created a test-and-learn approach so that each following area of the business learns from the steps taken by others.
Business growth also increases the likelihood of threats to an organization, something Morgan is tackling as part of the infrastructure modernization at Dr Martens, he says:
We are not immune from cybersecurity threats; we are a world-famous brand; on the upside, people think our brand image is very positive, but we have to plan for the worst. We can’t just think no one will attack us because they like our boots. In addition, we have always had our own stores, so we have always held PII data and the growth we are expecting in direct to consumer, that unavoidably increases the amount of data that we are storing.
In addition, as a PLC, there is an increased level of governance:
Once we floated, there was a whole host of extra audit requirements, and it is vital that we are doing the right thing. The secret sauce that makes Dr Martens boots Dr Martens, for example. So there are certain things that are just good governance, and we have to make sure we have all of those nailed down.
Morgan says Dr Martens needed a backup system that would scale to the increasing levels of enterprise cloud computing and business growth but also work with the existing legacy estate. As a result, Dr Martens has chosen a managed services data backup strategy in partnership with 11:11 Systems.
As a managed service, Dr. Martens uses the 11:11 Cloud Backup for Veeam Cloud Connect and the Microsoft 365 backup offering. These provide data protection and retention capabilities for the 4,000 Exchange, SharePoint Online, and OneDrive global users at Dr Martens. Morgan added the Microsoft 365 tool to the service as Microsoft’s own backup abilities are too short term for the business. He says:
Microsoft works well for general keeping the mailbox alive but typically the Microsoft retention is short term – 30/90 days. We wanted and have permanent storage and retention which is end-to-end encrypted and the benefit to us is that the typical length of time from compromise to discovery is 140 days. So we have that longer term security and as a PLC it is emently likely we will have to go back and get emails from contracts for example.
In addition Morgan was looking for increased cybersecurity protection, he says:
The air gap storage protects against ransomware, which is a big concern.The air gap is only accessible by 11:11 Systems staff, so the inside threat is covered too.
On managed services, Morgan says:
It is a simple per-user cost basis, so it scales as the business grows. One thing for me was that every vendor talks of a single pane of glass; we wanted to make the management of this stuff as light as possible. I don’t want my guys sitting there looking at backup logs and consoles; we needed something that just works. You spend a lot of time managing backups hoping that you will never use it, so the as-a-service model works a treat. For me, it is looking at how the IT team is focused on adding value.
And does Morgan wear Dr Martens? He says:
I’ve got five pairs.