Protocol | Enterprise

Target CIO Mike McNamara makes a cloud declaration of independence

Staying on Amazon Web Services wasn't an option, so the retailer built a multicloud architecture that gives it flexibility across vendors.

​Target CIO Mike McNamara speaks at the Google Cloud Next conference in 2018.

Target CIO Mike McNamara speaks at the Google Cloud Next conference in 2018.

Photo: David Paul Morris/Getty Images

Over the last six years, Target CIO Mike McNamara has guided one of the largest retail operations in the U.S. through a modernization plan that prized independence over convenience.

Target was once all-in on Amazon, hiring it to run its entire ecommerce operation in 2001. That alliance wound down as the cloud heated up, and Target used multiple providers alongside home-built data centers for several years. Then Amazon bought Whole Foods, putting it in direct competition with Target's grocery business. That conflict pushed Target off the leading cloud infrastructure player for good.

Now, Target's operations run on an application layer built around the vanilla cloud-computing services offered by Google Cloud and Microsoft Azure, as well as its own data centers. Composed of several different popular open-source projects like Kubernetes, Docker and Spinnaker, this architecture allows McNamara to run ecommerce and in-store workloads on three different platforms as needed.

In a recent interview with Protocol, McNamara outlined Target's approach to modern infrastructure as well as the importance of open-source software to enterprise computing.

This interview has been edited and condensed for clarity.

What does your current setup look like?

I came here in 2015. And when I came here, I was in a reasonably traditional corporate IT department. We made the decision that technology was important, that we were going to build ourselves all of the things that really matter to a retailer.

I wasn't interested in building a new financial ledger or anything, but all of those things that actually make a retailer different from other retailers. So anything that touches the guest experience — we call our customers our guests — and anything that touches our store team members, because we've got a lot of them, we were going to build those things ourselves, as well as build a lot of the technology that supports our supply chain.

That was a big decision to make: bring all engineering back in-house, and start the journey on building out a new application architecture and a new set of applications to run the business.

We did adopt an enterprise microservices strategy. So we started to decompose our own applications into microservices. We built an API layer between all the legacy stuff and the new stuff that we're building.

Part of that whole journey was around infrastructure as well. The way I describe it is to abstract the infrastructure away from application developers. So instead of an application developer worrying about how many cores they need, how much memory they need, how much heap space they need, anything like that, I wanted them to focus on writing features and functions. Because at the end of the day, it's features and functions that actually make money for Target, either by improving our sales or by improving the productivity of our operations.

We set about creating an infrastructure so that was abstracted away from application engineering. We relied very, very heavily on open-source software to create the whole CI/CD pipeline, which included all the things you would expect: GitHub, Artifactory, Jira, Docker. We actually have run Kubernetes, the open-source version of Kubernetes, everywhere. And then we adapted Spinnaker to give us a single pane of glass through which our application teams could manage all of their applications, manage the whole CI/CD pipeline, and then crucially, be able to manage the deployment pipeline.

Unlike many organizations, a lot of our technology is actually deployed in our stores. We've got about 1,900 stores plus 40 distribution centers. So being able to automate the deployment down to the stores, really, really mattered to us.

At the same time, we moved a lot — certainly all of our digital assets and websites and software — to the cloud. We use Google predominantly for that, and we are multicloud; we do use [Microsoft] Azure as well. The majority of what you would experience as a guest through our website or through the app actually resides for most of the time in Google's cloud, although we do deploy the same binaries in our own data centers as well.

Target is run by a single commerce platform. There is no difference between the technology that sits underneath our website and sits underneath our stores. If you scan a box of cereal in our stores on a cash register, you're hitting the same exact binaries as if you had clicked on it to put it into your online basket.

We achieved that through this application platform that we built ourselves. That gives us huge flexibility in terms of cloud. So I can take a workload and I can choose where I want to deploy it. I can choose to deploy it in [Google Cloud Platform]. I can choose to deploy it on Azure, or as I say, I can choose to deploy it on Target assets.

Just to confirm, are you completely off of AWS at this point?

Yes, we are.

How much of that was a result of the fact that Amazon is Amazon?

All of it was a result of Amazon.

I talk to a lot of people who express interest in doing multicloud and hybrid as well, and then in practice, it tends to not work out so well. Can you explain how that went for Target, in terms of migrating off of one cloud onto another and maintaining your own assets as well?

We've created this thing — TAP, or Target Application Platform — and that is our deployment toolset.

We are using both Google and Microsoft [just] as infrastructure as a service. And I think that that's important, because that means that we can maintain that flexibility of placing workloads where we want.

If you actually use the toolsets provided by the provider — you know, their proprietary databases, their proprietary cluster management — then you do get locked in and it becomes much more difficult to move from cloud to cloud. For some companies, that's a reasonable strategy to pursue. We just chose to pursue a more independent strategy.

A lot of the people I've talked to understand the lock-in problem, but prefer the managed service just for ease of use. [Your strategy] requires you to build all that expertise in house. How long did that take? And how did that go?

This is a scale thing. At Target we've got over 4,000 engineers. We are a scale operation. If I was a much, much smaller operation, there's no way I could build all of these tools.

Are you finding it easier to hire those folks? For a long time, it seemed like a lot of that great engineering capability was sort of constrained within the tech industry itself, in that it was harder to find those folks to work on retail or insurance or consumer goods or whatever. Has that changed a lot or are you just finding it easier because these skills are a little bit more widespread?

We have hired a lot from the tech industry. We've got people on this team who came from, you know, name that great West Coast company, right?

What's attractive about retail is that the problems you get to solve are fun, and they're interesting. And they're immediate; you're not a million miles removed from the guests. It's very, very easy to understand the connection between the work you do and what happens when one of our guests walks into our stores.

Now we're reasonably well known for our technology prowess and for the kind of work that you get to do if you come here. I remember back in the day when I used to do programming, that was the thing that got me the most excited, the quality of the work that I had to do. Once you have great quality work for people to do, then recruitment becomes less of an issue.

I wanted to circle back to the data center question. A lot of people who have been moving to the cloud are doing it as a way to get rid of data centers, but it sounds like you still want to keep that flexibility for yourself, at least to some extent. Can you give me a sense of what you use data centers for? And how you think about that going forward?

If we didn't have them, I don't know if I ever would have built them, but we have them. And they are a sunk cost. They are a sophisticated asset that costs a lot of money, so given that we have them, we're going to use them.

The reality is, when you look at one of the great advantages of cloud to us as a retailer is the elasticity of the infrastructure. Most of the year long, our workload is reasonably predictable. And we can run that very, very efficiently within our own data centers.

But it is very seasonal, particularly when you get into the period around Thanksgiving and Cyber Monday. Typically you can be looking at workloads 20 times the normal volume. That elasticity in the cloud is an enormously useful tool for us to manage those periods.

And they're not the only peaks within the retail year. So the infrastructure elasticity is really, really valuable for us. But we have our own existing assets and want to continue to use them because we can run them very, very efficiently.

Is there anything that you're looking at pretty closely that you think will be interesting for you and your needs?

I've always been excited by open source, I think it is probably the most underrated technology advancement in my lifetime.

I won't say how old I am, but you go back through the course of my life, there's the 8086 chip from Intel, then there was the PC, and give [Bill] Gates his due with the creation of DOS. Then there was the internet, and then probably the iPhone, but then in the last decade, it's been open source.

It's been engineers creating technology for engineers. The speed of delivery today in comparison to what I faced throughout the most of my career is extraordinary. I've been in retail a long, long time. And for most of that time, you would plan to upgrade the software on your cash registers four times a year. We always failed; you usually made it about three times, by the fourth time you're getting too close to the holiday season so you call that one off.

Now we upgrade that software on a weekly basis. It's amazing the speed with which we can produce and deploy software. And that is because we have the tools to do that. And those tools are generally known open-source tools.

So I think it is very much underrated. And the more people who can embrace open source, the larger the community gets it, the more contributors, I think the better you do.

It's a very interesting time for open source, with respect to some of the vendors and the way that they have been thinking about licensing and monetizing these open source projects. As a user, and maybe as a customer of some of these things, how do you think about that evolution?

Well, I think people have to make money, right? So I'm OK with, you know, with Docker making money out of their invention. I actually quite liked the way they've gone about it, in that mostly they are still taking a lot of the ideas in from the open-source community to incorporate into their supported products.

Target is in a very fortunate position that we have the engineering capability to support ourselves. If I were in a much smaller organization, I might choose to purchase the enterprise support because I don't have that engineering capability. So actually, it's not a bad compromise. These companies get to make money out of their inventions, which I think is fair. But also they keep alive the open-source versions, and the open-source community can continue to contribute to them, and use them and use those free versions.

Power

How the creators of Spligate built gaming’s newest unicorn

1047 Games is now valued at $1.5 billion after three rounds of funding since May.

1047 Games' Splitgate amassed 13 million downloads when its beta launched in July.

Image: 1047 Games

The creators of Splitgate had a problem. Their new free-to-play video game, a take on the legendary arena shooter Halo with a teleportation twist borrowed from Valve's Portal, was gaining steam during its open beta period in July. But it was happening too quickly.

Splitgate was growing so fast and unexpectedly that the entire game was starting to break, as the servers supporting the game began to, figuratively speaking, melt down. The game went from fewer than 1,000 people playing it at any given moment in time to suddenly having tens of thousands of concurrent players. Then it grew to hundreds of thousands of players, all trying to log in and play at once across PlayStation, Xbox and PC.

Keep Reading Show less
Nick Statt
Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.

While it's easy to get lost in the operational and technical side of a transaction, it's important to remember the third component of a payment. That is, the human behind the screen.

Over the last two years, many retailers have seen the benefit of investing in new, flexible payments. Ones that reflect the changing lifestyles of younger spenders, who are increasingly holding onto their cash — despite reports to the contrary. This means it's more important than ever for merchants to take note of the latest payment innovations so they can tap into the savings of the COVID-19 generation.

Keep Reading Show less
Antoine Nougue,Checkout.com

Antoine Nougue is Head of Europe at Checkout.com. He works with ambitious enterprise businesses to help them scale and grow their operations through payment processing services. He is responsible for leading the European sales, customer success, engineering & implementation teams and is based out of London, U.K.

Protocol | Policy

Why Twitch’s 'hate raid' lawsuit isn’t just about Twitch

When is it OK for tech companies to unmask their anonymous users? And when should a violation of terms of service get someone sued?

The case Twitch is bringing against two hate raiders is hardly black and white.

Photo: Caspar Camille Rubin/Unsplash

It isn't hard to figure out who the bad guys are in Twitch's latest lawsuit against two of its users. On one side are two anonymous "hate raiders" who have been allegedly bombarding the gaming platform with abhorrent attacks on Black and LGBTQ+ users, using armies of bots to do it. On the other side is Twitch, a company that, for all the lumps it's taken for ignoring harassment on its platform, is finally standing up to protect its users against persistent violators whom it's been unable to stop any other way.

But the case Twitch is bringing against these hate raiders is hardly black and white. For starters, the plaintiff here isn't an aggrieved user suing another user for defamation on the platform. The plaintiff is the platform itself. Complicating matters more is the fact that, according to a spokesperson, at least part of Twitch's goal in the case is to "shed light on the identity of the individuals behind these attacks," raising complicated questions about when tech companies should be able to use the courts to unmask their own anonymous users and, just as critically, when they should be able to actually sue them for violating their speech policies.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Protocol | Workplace

Remote work is here to stay. Here are the cybersecurity risks.

Phishing and ransomware are on the rise. Is your remote workforce prepared?

Before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

Photo: Stefan Wermuth/Bloomberg via Getty Images

The delta variant continues to dash or delay return-to-work plans, but before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

So far in 2021, CrowdStrike has already observed over 1,400 "big game hunting" ransomware incidents and $180 million in ransom demands averaging over $5 million each. That's due in part to the "expanded attack surface that work-from-home creates," according to CTO Michael Sentonas.

Keep Reading Show less
Michelle Ma
Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.
Protocol | Fintech

When COVID rocked the insurance market, this startup saw opportunity

Ethos has outraised and outmarketed the competition in selling life insurance directly online — but there's still an $887 billion industry to transform.

Life insurance has been slow to change.

Image: courtneyk/Getty Images

Peter Colis cited a striking statistic that he said led him to launch a life insurance startup: One in twenty children will lose a parent before they turn 15.

"No one ever thinks that will happen to them, but that's the statistics," the co-CEO and co-founder of Ethos told Protocol. "If it's a breadwinning parent, the majority of those families will go bankrupt immediately, within three months. Life insurance elegantly solves this problem."

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

Latest Stories