Starbucks' Security Strategy

Protect people. Secure assets. Enable Mission.

When he describes the security function's goals at Starbucks Coffee, Francis D'Addario shares a 13-syllable mantra: Protect people. Secure assets. Enable mission.

Those six words inform everything the Starbucks security team does, from keeping coffee buyers safe on hot zone trips to Indonesia and Ethiopia, to helping coffee baristas understand what to do if there's an attempted robbery, to monitoring coffee shipments from farm to roasting plant to corner store.

D'Addario, vice president at Starbucks, along with members of the security team—Elizabeth King, vice president, information management services; Sean Dettloff, manager of partner and asset protection; and Rick Gipson, director of U.S. partner and asset protection—gave an overview of the company's asset protection strategies to about 200 attendees at the recent CSO Perspectives conference. Among the points the Starbucks team made:

  • Their challenges increase because the $7.8 billion company with 13,000 stores in 40 countries is growing so fast—about 20 percent annually, opening up, on average, six new retail outlets daily. D'Addario said Starbucks security focuses on three main tasks: identifying risk and investing in risk mitigation measures that show return on investments; authenticating partners, trusted agents and goods providers; and building a global view of operations that reports exceptions.
  • The security team has built what it calls the Enterprise Security Platform, a central security facility that "converges enterprise and physical security" by monitoring critical facilities such as roasting plants, container loading sites and retail stores. The center also watches risk management conditions for travelers and facilities around the globe.
  • Container security is a key part of supply chain management. Starbucks uses video monitoring of loading facilities to capture images of loading and sealing containers with "container security devices"—a magnetic device that tracks the closing of the container doors, its opening, and temperature and humidity along its journey. The device also is capable of uploading data from third-party logistics providers. And it detects tampering. (Starbucks rejected using RFID or GPS devices as not worth the cost, Dettloff said.)
  • A cross-functional governance council sets security policies for the company. Starbucks has built an electronic policy library to help employees know what to do and how to do it.
  • Security provides in-store training to help employees understand how to handle risky situations, from customers who turn violent to criminal activity. Design elements also provide for lighting and clear visibility into stores. Future enhancements call for furniture designed to help consumers protect their handbags and laptops, Gipson said.

This story, "Starbucks' Security Strategy " was originally published by CSO.


Copyright © 2007 IDG Communications, Inc.

7 secrets of successful remote IT teams