Lowe’s Companies is one of the largest home improvement retailers in the world, a top Fortune 50 company, which employs over 300,000 people. Lowe's and its related businesses serve approximately 18 million customers a week at hardware and home improvement stores across North America. For an organization at this scale, Lowe’s must ensure the systems powering over 2,000 retail locations and online platforms are reliable, maintainable, scalable, and secure.

Building and maintaining the technology that supports Lowe’s complex operations is no simple task. The company’s custom-built point-of-sale and e-commerce applications depend on a robust infrastructure, such as smart architecture, smooth back-end transactions, and secure database storage. Lowe’s IT personnel focus on developing new features to drive sales on its customer-facing online and in-store platforms, but rarely have the time or facility to deal with digital initiatives with less certain ROI, such as risk management procedures and proactive software architecture. Recognizing this gap, Lowe’s looked externally for expert guidance on best practices for enhancing the robustness, reliability, performance, and security of its enterprise systems. 

Quoin’s collaboration with Lowe’s began in 2004, when the retail giant first engaged Quoin to lead the re-engineering of several key systems, as part of a long-term strategy to position its IT operations for sustainable growth. Impressed with our expertise and commitment to software quality, Lowe’s increasingly turned to Quoin on technology challenges that neither their IT team nor other vendors were able to resolve. Quoin’s deep understanding of the development tools needed for Lowe’s large-scale systems, combined with our adept problem-solving, broadened Lowe’s trust in us into the productive long-term client relationship that it is today.

Quoin’s onsite software engineers have contributed to Lowe’s productivity and efficiency as consultants on development, system optimization, and project management. Several co-teams under the direction of Quoin CTO Jean Pierre LeJacq have taken on some of the most challenging and innovative projects, including critical point-of-sale, distribution, and technology infrastructure initiatives. These include various projects for the migration to Linux for all store systems and the ongoing enforcement of comprehensive security standards. Ultimately, our value to Lowe’s lies in the fact that our developers not only build great software; we anticipate and forestall problems others simply hope to avoid.

System Optimization

On any given day, Quoin is involved in the analysis, solution design, and implementation of a project to enhance Lowe’s core technology infrastructure - from authoring component-based methodologies, to implementation of a continuous integration toolset, to leading the migration from AIX to Linux.

Security Enhancement 

When our cybersecurity experts detect vulnerabilities that threaten the security of Lowe’s encrypted information, Quoin takes the initiative to suggest and construct changes to protect the enterprise systems. Our team also tracks industry announcements to help Lowe’s stay ahead of the competition and advises Lowe’s on compliance with important security guidelines and standards, such as CERT and CFI, among others.

Code and Backend Maintenance 

Quoin’s software engineers are experts in the tools for C/C++ development and IBM databases such as DB2 and IBM MQ middleware. We conduct regular code reviews in order to ferret out problems before they grow larger, and train Lowe’s IT team, on best practices for applying these technologies. Such diligence has helped detect and correct numerous key system errors that could have led to computer crashes over the years.

Process Improvement

Quoin has improved the productivity of Lowe’s own IT staff, introducing such key processes as agile planning and requirements analysis, continuous integration practices, and CMMI/ITIL-based quality metrics to assess source code quality.

Facilitating Migration from AIX to Linux

For years, Lowe’s enterprise systems relied on AIX, a venerable operating system known in the industry for its good performance and reliability. However, using AIX also meant being resigned to vendor lock-in, which enforced high IT costs and delayed new innovations. Faced with these challenges, Lowe’s chose to switch to a new operating system. Their main alternative, Linux, was platform-independent and offered a significantly larger choice of products and tools than AIX, thus freeing Lowe’s from the burden of expensive proprietary hardware and software. Quoin conducted a comprehensive ROI analysis for Lowe’s, helping them understand the full implications of this change. 

The migration to Linux was a massive undertaking, requiring an enormous overhaul of Lowe’s software codebase in order to take advantage of its strengths. But Lowe’s confidence in Quoin’s technical mastery and leadership was not misplaced. Our engineers supervised the project in accordance with best practices and worked hard to clean up the code and resolve portability issues in advance of the conversion. We worked closely with Lowe’s team throughout, facilitating skills transfer and training on Linux support and processes. 

The benefits of the migration became clear soon after the new system went live in 2019. For example, Lowe’s used to having issues replacing some of the harder-to-find IBM hardware. Unable to purchase from another vendor, they stockpiled many of these tools, but still had to implement backup systems for the eventual moment that they ran out. Switching to Linux freed the retailer from the specter of such a technological doomsday. Further, as Linux is a better-supported platform and offers more up-to-date technologies, Lowe’s has been able to add new features and take their systems in an innovative direction. These changes have helped Lowe’s make more than a return on the initial investment, saving tens of millions of dollars on software and tools by not being tied to IBM’s platform monopoly. 

Continuous Integration Implementation

Quoin engineers were instrumental in building the implementation continuous integration toolset for Lowe’s, for which our responsibilities included specification and implementation of the complete environment and development process. The development environment includes a full range of source control, build management, test automation, and quality assurance tools for C++ development. 

Security Compliance: CFI Guidelines and Government Regulations

A system-wide audit that Quoin conducted revealed that there were security gaps in Lowe's system that could have allowed attackers to exploit the machine-code execution. To prevent this type of vulnerability, the Quoin team adhered to Control Flow Integrity (CFI) guidelines and worked with Lowe’s IT personnel to secure the Linux kernel in an automated way. The combination of CFI compliance and automation was an efficient solution for Lowe’s, requiring few changes to the source code yet ensuring that such audits and protection measures could easily be repeated in the future. Both the CFI compliance and the security automation were new innovations at Lowe’s and provided a strong foundation for enforcing its security policies as the business continues to grow. 

Quoin was also instrumental in securing Lowe’s financial data in compliance with the provisions of the Sarbanes-Oxley Act, and their healthcare information with the Health Insurance Portability and Accountability Act. We also developed solutions so that Lowe’s management could effectively monitor store-level compliance with new labeling requirements demanded by California Weights and Measures.

Malware & Risk Management

Early in our partnership with Lowe’s, Quoin did a standard security scan and found hundreds of overlooked Trojan viruses in their core systems, making the machines highly vulnerable to digital attacks. Lowe’s was content to sideline their removal as they did not present an immediate threat, but Quoin - as specialists in cybersecurity and risk management - recognized the danger and quickly arrived at an effective strategy for immediate action. We made it our mission to not only manage the risk but also to take measures to prevent it in the future. 

Using our deep knowledge of security issues and how to fix them, our team took the lead in implementing a process to remove the malware without taking resources from other project budgets. Working diligently in the background, between larger initiatives, we successfully closed the Trojans one by one. Meanwhile, we worked with Lowe’s team to prevent the recurrence of such vulnerabilities. We accomplished this by implementing new development processes grounded in security guidelines. Then we ensured that all IT personnel were taught and understood best industry practices, insisting on them as the standard for all future development efforts. In this way, we eliminated similar security oversights through effective engineering, savvy risk management, and preventative planning.

Securing User Data: OAuth 2.0 

Every company needs to make the safety of their users’ data a top priority. Therefore, Lowe’s requested that Quoin develop an authentication service for apps, as their current system was not in line with password security guidelines and needed to be refreshed. Working from this abstract start, Quoin advocated to replace their other use cases and led our co-teams to implement a new authentication system based on OAuth guidelines, the industry-standard authorization protocol for access delegation. Essentially, OAuth 2.0 is intended to be a simple, secure way to authenticate users without releasing their credentials to anyone who shouldn't have access to them. 

The Quoin team’s strengths at securing Linux servers were extremely applicable to this project, which required extensive expertise in security risks and compliance standards. Quoin built the authorization server in Java, using the Spring framework, while the websites requiring authentication were written in PHP using the CodeIgniter framework. Guided by Quoin, Lowe’s was able to trust that they had chosen the right development tool for the challenge; the implementation of OAuth 2.0 ultimately eased access, mitigated security risks, and gave Lowe’s employees and customers control over where their data is shared. 

Security Scanner

The Quoin team played an integral role in implementing automated verification at stores, thus ensuring that they were all in adherence to security standards. After an audit conducted by Quoin revealed some security vulnerabilities, our software engineers implemented CFEngine, an open-source configuration management tool, to help fix these violations. An automated compliance enforcement solution, CFEngine enabled Lowe’s to manage hundreds of servers without having to log in manually. It also prevents future issues by facilitating remote troubleshooting. The success of this project significantly streamlined the formerly arduous and resource-heavy tasks of manual configuration and maintenance of Lowe’s large-scale computer systems.