Risk Mitigation 2012: Technology

In the last six posts we covered the World Economic Forum‘s recently released 6th annual Global Risks report, 2011 edition. The report was filled with risk, thirty-seven types of risk divided into five categories to be precise. In the last five posts, we covered the top five risks in each category — Technology, Society, Environment, Geopolitics, and the Economy — from Sourcing Innovation’s perspective.

However, just knowing that your supply chain is fraught with risk is not very useful. That’s a given in these trying and troublesome times. What’s more useful is knowing what you can do about it. In the next five posts we will cover some ideas for planning and preparing for each risk Sourcing Innovation identified as a top three category risk to your supply chain, starting with Technology.

03: Threats from New Technology

As per our last post on technology, if a competitor latches onto, and implements a new technology before your company, it may be able to lower its production and operating costs well below your production and operating costs. Should this happen, the competitor may also be able to increase its revenue at the expense of yours. Then your organization will face declining revenues with higher costs. Profits will disappear. And bankruptcy could follow. But it does not have to be this way.

Instead, your supply management organization can keep up with technological advancement and stay on the leading edge. It can identify new technologies as they are brought to market, follow them, and, as soon as they show maturity and promise, bring them into the organization. Then it can be the company that lowers its production and operating costs, and increases its revenues, before the competition.

02: Online Data and Information Security

Average hackers may want consumer credit card data for quick, easy, illicit gain, but hackers employed by corporations for purposes of corporate espionage want your data — and your supply management data in particular. What are you making? What are the specifications? Where? With who? When are you shipping? From Where? With what carrier? If any of this data finds its way to your competition before you’re ready to release a new product, the losses could be crippling. What if your competitor is able to use your plans to jump-start their development of a better version and beat you to market? What if thieves intercept your critical shipments and sell your product on the black market?

Fortunately, you can protect your data. There are some very simple things you can do. First of all, you can encrypt all of your data with an industrial strength encryption algorithm using industrial strength encryption programs tested and proven secure, to the degree possible, by third party security firms. Secondly, you can secure your systems from penetration by using industrial strength firewalls and anti-malware software. Virtually unbreakable encryption is good. But hackers not even having your encrypted data is even better. Thirdly, you can avoid third-party multi-tenant cloud solutions that you have no control over. First of all, you have no idea where you data is. Maybe it’s on a hardened server behind two firewalls in a guarded secure-access retina-scan and thumb-print facility that is designed to withstand bombs, and maybe it is on a back-up server in the open back-room of the managing company’s offices. You don’t know. Secondly, even if the server is guarded by firewalls and “locked-down” to installed applications only, if even one database on the server is broken by a hacker, whether or not it is your system, that can be used as an entry point to gain access to the entire system. Unless its your virtual Fort Knox, it’s not as secure as you think it is.

01: Critical Information Infrastructure Breakdown

Make sure all critical data is stored on secure servers in secure facilities that are geographically remote and accessible 24/7. Also have a third data centre location that can be brought online, with a complete copy of backed-up data, within 24 hours if the primary or secondary facility goes down (and make sure incremental backups are performed at least hourly). Make sure these facilities have redundant fibre channels, from redundant providers, inbound and outbound, and make sure that there is a satellite link for retrieving critical data should all channels suddenly go dark. Also make sure these facilities have UPS and at least 24 hours of backup power to insure that all necessary data can be extracted should the wire-lines go down or the facility need to be abandoned (due to geopolitical unrest in the region or a long-term power or line failure; and if this is the case, be sure there are auto-destruct programs in place that will wipe all data via multiple, random, writes). Make sure that you have a disaster response plan in place that has identified the location of a back-up operations centre that can be brought on-line in case your main operations centre goes dark. Make sure each satellite office knows where the back-up operations centre will be and how to contact that location should the head office or one or more satellite locations become unreachable. It might not be possible to plan for every contingency, but it is possible to devise a plan that would cover most contingencies and allow operations to resume, at least minimally, within 24 hours.