Raspberry Pi as a security device, pipe dream or reality?

I have a friend^{[citation needed]} who has been working as an IT System Admin for nearly 20 years. I generally trust their advice on network security matters. However, this friend and I are at an impasse on this matter:

Can a properly configured Raspberry Pi improve network security for a small business?

This all started innocently enough. I was just having fun exploring Pi-hole, marveling at how it filtered out ads, and dabbling with custom blocklists. Having first-hand experience at how easy it was to add new feeds to the blocklist, it was enchanting. Even with just the default configurations, the Pi + PiHole was so effective at blocking ad traffic that it fueled delulu thoughts about what else this device could accomplish.

Any normal friend would have simply patted me on the back and said, "That's cool bud, go for it and find out". But my pragmatic, IT-savvy friend? Oh no, they went straight for the jugular hard truths I needed to hear:

I'm sure I don't need to tell you but a business can't afford to be down with its internet when it uses that internet for its payment processing and stuff.

A little 'roll your own' device that needs IT maintenance, complicates a deployment, (especially in a business that says they refuse to spend money on any IT staff or vendors), and adds a point of failure is not something I would condone.

It stung a little, but they weren’t alone. Others chimed in with concerns about using a DIY DNS server instead of a professional solution within a business. Our own editorial board expressed concerns with using PiHole because of the risky footprint DNS carries with it.

As the CrankySec moderator TheThirdLegion put so eloquently:

To quote some wise sysadmin:
It's not DNS.
It can't be DNS.
It was DNS.

Beyond CrankySec, jfb the moderator of the official PiHole Discourse had this to say about my question about using the PiHole outside of the homelab:

Pi-hole is not a security product and won't secure either your homelab or personal network.

At this point it's fair to say the gods and the mods are against me.

So you're giving up right?

The reality is that there isn't a consensus on using a Raspberry Pi outside of homelabs. In the PiHole Discord it was shared it's not unheard of. In fact, there are Pis in production environments, notably the space industry. Fun fact, there are Raspberry Pis running on the International Space Station (ISS)!

Back here on Earth, the UK company Cyberrock Ltd is building a prototype device to secure small medium enterprises (SMEs) from cyber threats. I spoke briefly with their CEO, Richard Jelbert. I can't disclose much, but let’s just say I’m not the only one seeing the potential for single-board computers (SBCs) like the Raspberry Pi providing security solutions.

So what next then?

I'm currently exploring different Linux builds to find the right OS for my Raspberry Pi 4B network security device concept. I'm smitten with DietPi, a minimalist,"roll your own" build of Linux that doesn't even have a desktop environment installed by default. After that it's on to setting up PiHole, Unbound, and Wireguard.

The mods and gods may be against us, but I still believe it's worth going after the 🔥 of enterprise-grade solutions and giving the spark of progress to the underserved working class.