Layered Defense: Why Your Supply Chain Should Be Like Swiss Cheese

THE RESILIENT ENTERPRISE | THE RISKMETHODS BLOG
supply-chain-swiss-cheese
Davidmack [CC BY-SA 3.0 (https://creativecommons.org/licenses/by-sa/3.0)]

Risk events that threaten supply chain disruptions are difficult to avoid entirely, but mitigating their effects is possible—if you have the right supply chain structure in place. In this blog post, learn why a supply chain that looks like Swiss cheese is going to make your company more resilient.

by Arash Azadegan

The IT security world has a key phrase that every company with a supply chain needs to add to their vocabulary. That key phrase is layered defense.

Layered defense: a definition

So what does layered defense mean? The idea as it applies to IT security is simple: When an entity is trying to execute a cyber attack, they do it by breaking through the defense system put in place. If there’s only one defense system, it’s easier to get in. But if there are a series of defenses, the shields will be harder to penetrate. (It’s the same idea as multiple locks on your busy city apartment door—the more locks, the safer you are.) In IT security, a layered defense might include—for example—an antivirus application, a firewall application, an anti-spam application and personalized privacy controls.

This idea is referred to as the Swiss cheese concept of security. You get it, right? Swiss cheese has a lot of holes—but because it also has layers, no single hole goes all the way through the cheese. In other words: Even if the cheese has vulnerabilities, it isn’t actually penetrable. The same should be true of your IT security system, and—here’s the real point—of your supply network. Yes, your supply network should be designed like a chunk of Swiss cheese—so that any vulnerabilities don’t weaken the entire system.

How do I make my supply chain more like Swiss cheese?

Okay, I’m sticking with the Swiss cheese analogy because it paints a nice picture. But really, all this Swiss cheese talk actually translates into one simple question: How can you make your supply chain resilient? One way: Make sure your network is structured such that, when a risk event threatens you with disruption, you can protect yourself against it. One of the steps in building up your supply chain’s layered defense is to identify where your vulnerabilities lie. For example: Which of your suppliers are most critical to your supply base? Taking into account spend volume, number of parts they supply, whether you have alternative suppliers and more, you should have a general idea of how the downfall of any supplier might affect your entire network. Then, once you understand this, you can start building your layered defense—for example, by multiple sourcing for parts currently supplied by critical single-source suppliers.

When you do take actions like this, make sure you’re being wise in your choices—so you’re not choosing suppliers that have holes in all the same places. Let me put it another way: If you have two suppliers for a critical part but they’re both located in the same geographic region—has your multiple sourcing strategy really reduced the risk of disruption in the event of a hurricane or earthquake?

Making your supply chain resilient isn’t necessarily easy, but it is crucial to the health of your company. At Rutgers University, where I work, we’re committed to research that will help all companies understand supply chain disruptions better—and, hopefully, how to avoid them more easily. You can learn more about our work here.

Download Free E-Book: A Beginner's Guide to Supply Chain Risk Management

Supply chain risk management may seem like a complex topic, but the basic elements of it can be boiled down into three steps: identify risk, assess risk and mitigate risk.
arash-azadegan

About the author

Dr. Arash Azadegan is a professor at Rutgers University, where he teaches classes on supply chain management. He is also the director of Rutgers' Supply Chain Disruption Laboratory, which focuses on research related to supply chain disruptions and response and recovery from supply chain disruptions.

Back to top