Layered defense: a definition
So what does layered defense mean? The idea as it applies to IT security is simple: When an entity is trying to execute a cyber attack, they do it by breaking through the defense system put in place. If there’s only one defense system, it’s easier to get in. But if there are a series of defenses, the shields will be harder to penetrate. (It’s the same idea as multiple locks on your busy city apartment door—the more locks, the safer you are.) In IT security, a layered defense might include—for example—an antivirus application, a firewall application, an anti-spam application and personalized privacy controls.
This idea is referred to as the Swiss cheese concept of security. You get it, right? Swiss cheese has a lot of holes—but because it also has layers, no single hole goes all the way through the cheese. In other words: Even if the cheese has vulnerabilities, it isn’t actually penetrable. The same should be true of your IT security system, and—here’s the real point—of your supply network. Yes, your supply network should be designed like a chunk of Swiss cheese—so that any vulnerabilities don’t weaken the entire system.
How do I make my supply chain more like Swiss cheese?
Okay, I’m sticking with the Swiss cheese analogy because it paints a nice picture. But really, all this Swiss cheese talk actually translates into one simple question: How can you make your supply chain resilient? One way: Make sure your network is structured such that, when a risk event threatens you with disruption, you can protect yourself against it. One of the steps in building up your supply chain’s layered defense is to identify where your vulnerabilities lie. For example: Which of your suppliers are most critical to your supply base? Taking into account spend volume, number of parts they supply, whether you have alternative suppliers and more, you should have a general idea of how the downfall of any supplier might affect your entire network. Then, once you understand this, you can start building your layered defense—for example, by multiple sourcing for parts currently supplied by critical single-source suppliers.
When you do take actions like this, make sure you’re being wise in your choices—so you’re not choosing suppliers that have holes in all the same places. Let me put it another way: If you have two suppliers for a critical part but they’re both located in the same geographic region—has your multiple sourcing strategy really reduced the risk of disruption in the event of a hurricane or earthquake?
Making your supply chain resilient isn’t necessarily easy, but it is crucial to the health of your company. At Rutgers University, where I work, we’re committed to research that will help all companies understand supply chain disruptions better—and, hopefully, how to avoid them more easily. You can learn more about our work here.