Supply & Demand Chain Executive May 2016 by Supply+Demand Chain/Food Logistics

RISKY BUSINESS: SDCE EXAMINES TOP SUPPLY CHAIN RISKS

MAY 2016

DECISION Experts consider 2016 the supply chain impacts of the presidential election As the 2016 election heats up, businesses are paying close attention to how the presidential electionâ&#x20AC;&#x2122;s outcome may affect their global supply chains.

Fresh new content daily at SDCEXEC.COM

SDC0516_01_Cover_v3 CM RG.indd 1

5/20/16 10:45 AM

Logistics keeping you awake at night? Lucky for you, we dream about it. CLX Logistics: We Worry About Logistics, So You Don’t Have To Specializing in reliable logistics services on a global scale, CLX Logistics helps clients attain sustainable economic value associated with their supply chain. We employ a mix of managed services, on-demand global TMS technology, comprehensive transportation management services, consulting, and global and domestic rate benchmarking to deliver exceptional outcomes, risk reduction and cost savings.

•

ON-DEMAND GLOBAL TMS

SDC0516_02-03_TOC RG CM RG2.indd 2

•

INTERMODAL

•

BENCHMARKING & BIDS

•

FREIGHT PAY

•

RAIL MANAGEMENT

•

INTERNATIONAL

•

BROKERAGE

5/17/16 1:31 PM

May 2016 | Volume 17 | Issue 2

CONTENTS SPECIAL REPORTS

14 THE INTERNET

ON THE COVER

TRUMP VS. CLINTON VS. SANDERS:

What Risk Will the Next President’s Policy Bring to Supply Chain? How does each presidential candidate rate on critical supply chain issues, such as the Trans-Pacific Partnership, corporate taxes, immigration, global trade and sanctions?

OF THINGS Insecurity in IoT

Experts report the Internet of Everything (also known as the Internet of Things) opens the door for the hacking of everything. Here’s how companies can remove these security risks.

18 PROCUREMENT

Your Suppliers’ Risk Is Your Risk In today’s global marketplace, your suppliers—whether Tier 1, 2, 3 or more— are an extension of your company and your brand.

22 TRADE

FINANCE An Eye on Incoterms

Short for International Commercial Terms, Incoterms are the foundation for foreign sales transactions.

SDCEXEC.COM

24 T RANSPORTATION

Hands Off My Deck!

Here’s why preparing for a piracy-related attack should be on your radar.

28 WAREHOUSING Omnichannel Fulfillment

Is it a transformational trend or fast-moving fad?

30 SOFTWARE

& TECH Money, Money, Money Companies can keep payment information secure as it travels the information highway.

32 PROFESSIONAL

DEVELOPMENT The Supply Chain’s Weakest Link

Persistent people problems loom as the talent shortage widens across the supply chain.

COLUMNS

04 EXECUTIVE MEMO 10 MADE IN AMERICA 34 WORK HARD, PLAY HARD

Exclusive online features and solutions for successful supply chain operations

2016: The Year of the Business-to-Business Commerce Revolution sdcexec.com/12186024

Five Reasons Why Your Company Needs a Warehouse Management System sdcexec.com/12198895

SDC0516_02-03_TOC RG CM RG2.indd 3

EXECUTIVE FOCUS

Automated Commercial Environment and the Stages of Grief sdcexec.com/12198759

SDCExec.com | May 2016 | SUPPLY & DEMAND CHAIN EXECUTIVE

5/17/16 1:31 PM

EXECUTIVE MEMO By Ronnie Garrett, Editor rgarrett@ACBusinessMedia.com

SPEAK UP AND BE HEARD As the presidential election nears a close, businesses need to make their interests known

n 2014, Senator Elizabeth Warren said, “If you don’t have a seat at the table, you’re probably on the menu.” Though her statement was aimed at 300 donors and supporters of EMILY’s List, a political action committee that has as its mission electing pro-choice Democratic women to office, the sentiment applies to politics today. As Supply & Demand Chain Executive’s editorial team conducted research and interviews for the cover story on Page 6, which eyes the risk the next President’s policy may bring to businesses and their global supply chains, one thought quickly rose to the surface: It’s going to be incredibly important for businesses to make sure their interests are known to members of Congress and the new administration as they debate issues such as the TransPacific Partnership, corporate taxes, immigration, global trade and sanctions. So important that source Scott McCandless, a principal in the Tax Policy Services group of PricewaterhouseCoopers’ Washington National Tax Services, similarly quipped, “If you don’t have a seat at the table, you’re going to be on the menu.” He reminds us that businesses often get complacent in their conversations on Capitol Hill. But in order to get their interests known and keep them top of mind as these measures move through 4

Congress, McCandless stresses businesses need to start talking about how proposed policies, if enacted, may impact them. “Engage, engage, engage,” he says. “Talk to the administration. Talk to folks at the Treasury, in the House, in the Senate, and begin conversations where your operations are strongest ... the Congressmen and women who represent those districts.” He warns businesses not to overlook employees either. “Many times, businesses think CEOs, finance officers or lobbyists are the best people to engage in these conversations, and they overlook their own employees,” he states. According to McCandless, business leaders often fail to tell employees what government policies may mean to the company. These employees work their nine-to-five and go home without ever thinking about what a lack of corporate tax reform or a trade partnership means to them, but these decisions have a very real impact on companies, supply chains, jobs and salaries. “If employers have very open and candid conversations with employees, they can get them engaged and that is a very effective tool,” he says. The reality is that, when companies keep their thoughts to themselves, their interests are not heard. As we near the finish line for Election 2016, get out there, and talk to the candidates and keep that conversation going long after the polls are closed. Ask yourself the question: Do you want to be at lunch or be lunch? The answer is up to you.

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_04-05_ExecMemo RG CM.indd 4

Published by AC Business Media Inc. 201 N. Main Street, Fort Atkinson, WI 53538 (800) 538-5544 • www.ACBusinessMedia.com

www.SDCExec.com PRINT AND DIGITAL STAFF GROUP PUBLISHER Jolene Gulley ASSOCIATE PUBLISHER Judy Welp EDITORIAL DIRECTOR Lara L. Sowinski EDITOR Ronnie Garrett MANAGING EDITOR Elliot Maras ASSOCIATE EDITOR Carrie Mantey WEB EDITOR Eric Sacharski AD PRODUCTION MANAGER Cindy Rusch ART DIRECTOR Kayla Brown AUDIENCE DEVELOPMENT DIRECTOR Wendy Chady AUDIENCE DEVELOPMENT MANAGER Angela Kelty ADVERTISING SALES (800) 538-5544 JOLENE GULLEY, jgulley@ACBusinessMedia.com STEPHANIE PAPP, spapp@ACBusinessMedia.com EDITORIAL ADVISORY BOARD LORA CECERE, Founder and CEO, Supply Chain Insights TIM FEEMSTER, President, Foremost Quality Logistics JOHN M. HILL, Director, St. Onge Company, and Board of Governors, Material Handling Industry of America RORY KING, Analytic and Big Data Advisor, SAS Institute KAREN MASTER, Vice President of Communications, Ariba, an SAP Company WILLIAM L. MICHELS, CEO, Aripart Consulting JULIE MURPHREE, Founding Editor, Supply & Demand Chain Executive ANDREW K. REESE, Senior Portfolio Marketing Manager, IHS, and Former Editor, Supply & Demand Chain Executive BOB RUDZKI, President, Greybeard Advisors CHRIS SAWCHUK, Global Managing Director and Procurement Advisory Practice Leader, The Hackett Group RAJ SHARMA, CEO, Censeo Consulting Group KATE VITASEK, Founder, Supply Chain Visions CIRCULATION & SUBSCRIPTIONS P.O. Box 3605, Northbrook, IL 60065-3605 (877) 201-3915, Fax: (800) 543-5055 Email: circ.sdcexec@omeda.com LIST RENTAL Elizabeth Jackson, Merit Direct LLC (847) 492-1350, ext. 18, Fax: (847) 492-0085 Email: ejackson@meritdirect.com REPRINT SERVICES JOLENE GULLEY, jgulley@ACBusinessMedia.com AC BUSINESS MEDIA INC. CHAIRMAN Anil Narang PRESIDENT AND CEO Carl Wistreich EXECUTIVE VICE PRESIDENT Kris Flitcroft CFO JoAnn Breuchel VP OF CONTENT Greg Udelhofen VP OF MARKETING Debbie George DIGITAL OPERATIONS MANAGER Nick Raether DIGITAL SALES MANAGER Monique Terrazas Published and copyrighted 2016 by AC Business Media Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording or any information storage or retrieval system, without written permission from the publisher. Supply & Demand Chain Executive [USPS #024-012 and ISSN 1548-3142 (print) and ISSN 1948-5654 (online)] is published five times a year: March, May, June, September and December by AC Business Media Inc., 201 N. Main Street, Fort Atkinson, WI 53538. Periodicals postage paid at Fort Atkinson, Wisconsin and additional entry offices. POSTMASTER: Please send all changes of address to Supply & Demand Chain Executive, P.O. Box 3605, Northbrook, IL 60065-3605. Printed in the USA. SUBSCRIPTION POLICY: Individual subscriptions are available without charge in the United States, Canada and Mexico to qualified individuals. Publisher reserves right to reject nonqualified subscribers. One-year subscription to nonqualified individuals: U.S., $30; Canada and Mexico, $50; and $75 for all other countries (payable in U.S. funds, drawn from U.S. bank). Single copies available (prepaid only) for $10 each. Return undeliverable Canadian addresses to: Supply & Demand Chain Executive, P.O. Box 25542, London, ON N6C 6B2. The information presented in this edition of Supply & Demand Chain Executive is believed to be accurate. The p ublisher cannot assume responsibility for the validity of claims or performances of items appearing in editorial presentations or advertisements in the publication. May 2016 / Volume 17 / Issue 2

5/16/16 2:58 PM

$2 million worth of product hits the dock. Without insurance, it’ll take $33 million in new sales to cover it. It’s simple math. At a profit margin of 6%, it would take more than $33 million in additional sales to cover a $2 million loss. Most companies don’t think of that until it happens to them. Before it happens to you, call UPS Capital. UPS Capital Insurance Agency, Inc. can provide a customized policy that covers losses up to their full sales value. Protect yourself before a problem becomes a disaster. upscapital.com

UPS Capital insurance Agency, Inc., and its licensed affiliates are wholly owned subsidiaries of UPS Capital Corporation. Insurance coverage may not be available in all jurisdictions. Insurance is underwritten by an authorized insurance company and issued through licensed insurance producers affiliated with UPS Capital Insurance Agency, Inc., and other affiliated insurance agencies. ©2016 United Parcel Service of America, Inc. UPS, UPS Capital, the UPS brandmark and the color brown are trademarks of United Parcel Service of America, Inc. All rights reserved. *Business Continuity Institute and Zurich Insurance Group, 2014 Supply Chain Resilience Survey

SDC0516_04-05_ExecMemo RG CM.indd 5

5/16/16 2:58 PM

FEATURE

By Editorial Staff, Supply & Demand Chain Executive

WHAT RISK WILL THE NEXT P

POLICY BRING TO SUPPLY CHAIN? How does each presidential candidate rate on critical supply chain issues?

s the 2016 presidential election heats up, and citizens start drawing political lines and affiliations in the sand, businesses are bracing themselves for what the election’s outcome may mean to them and their global supply chains. Supply & Demand Chain Executive talked to experts with Tusk Holdings Group Inc., PricewaterhouseCoopers (PwC), the Reshoring Initiative and Miller & Chevalier Chartered to get their take on the election outcome’s potential impacts on key topics.

LET’S TALK THE TPP After more than five years of intense debates and negotiations, the TPP trade deal was signed on February 4. Hailed as a historic achievement for the Asia-Pacific region, officials claim the agreement will create new jobs by opening up foreign markets for the exporting of goods and by leveling the playing field in foreign markets for the United States. Now the 12 countries involved in this agreement begin their domestic ratification process—and have up to two years to complete it —before the agreement goes into effect. As the United States moves this agreement forward, the TPP is an important issue for 2016 presidential candidates. And because the outcome is critical to businesses and their global supply chains, companies are training a close eye on how this agreement pans out. But how such a trade agreement ultimately looks is still subject to debate and, as such, “there is a significant chance that the TPP doesn’t pass,” 6

states Harry Moser, president and founder of the Reshoring Initiative. He goes on to say that he’s against the TPP, explaining that, with almost every trade agreement, the United States had “our imports go up and our exports go down, or at least do not rise as fast as the imports, so our trade deficits almost always get worse with the country we have the trade agreement with.” The apparent front-runners in this election are Democrat Hillary Clinton and Republican Donald Trump, with Democratic Socialist Bernie Sanders as a wild card. Trump stated he will not approve the agreement without modifications. It looks like, Clinton, however, will approve a watered-down version. But there is trouble afoot, says Moser, as “other countries are having second thoughts on it.” An industry spokesperson agrees. “Clinton is most likely to be active in getting a completed agreement. She will be more willing to give up U.S. interests to get the TPP through. Trump is not a fool about

“CLINTON IS MOST LIKELY TO BE ACTIVE IN GETTING A COMPLETED AGREEMENT. SHE WILL BE MORE WILLING TO GIVE UP U.S. INTERESTS TO GET THE TPP THROUGH.”

— Industry Spokesperson

global operations and interests. He will want a fair deal that is good for the United States.” Sanders, meanwhile, is very public with his opinions on the TPP. At a rally in Youngstown, Ohio, he stated, “We should kill this unfettered free-trade agreement, which would cost us nearly a half million jobs.” Even so, a TPP bill may never land on the President’s desk. Moser explains if Republicans

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_06-09_Feature CM RG RG3.indd 6

5/17/16 7:34 AM

T PRESIDENT’S lose both the House and the Senate in the election, then Congress will likely not pass the TPP. “The Democrats are most opposed to the TPP, while the Republicans are traditionally in favor of globalization, free trade and nominally free trade, but are coming to understand the unfair trade we have now,” he states.

CORPORATE TAX REFORM Pressure is mounting for 1986-style corporate tax reform. U.S. companies report that the country’s 35 percent corporate tax rate makes it difficult to compete globally, when their global peers’ corporate tax rates are much lower. And, as an industry spokesperson points out, reducing the rates will also boost companies’ willingness to invest in things like 3D printing, research and development, and more. “Taxes,” he says, “can be a disincentive to invest and grow.” Overhauling corporate taxes to give U.S. companies a leg up is the subject of much debate among presidential candidates. It seems both parties agree corporate tax reform must be a top priority, but differ on the approach. But “taxes matter,” states Scott McCandless, a principal in the Tax Policy Services group of PwC’s Washington National Tax Services. “It can be an eye-rolling topic, but it’s an important part of the policy picture.” He states most of the candidates share one major change in common: full expensing. Their plans would allow businesses to write off capital assets the first year in service as opposed to the depreciation schedule that exists now. “ McCandless predicts we may see a tax reform plan move forward in the first year of the new term, and the primary focus will be on the corporate rate. “It seems there is agreement between Republicans and Democrats to at least make some attempt to lower the corporate rate,” he says. “The crux of it comes down to how low do you lower it and at what cost to other provisions within the tax code?”

SDC0516_06-09_Feature CM RG RG3.indd 7

In most cases, the way corporate taxes are lowered is through base broadening, which McCandless describes as a “fancy way of saying that, to lower the rates, we have to cut existing credits and deductions, and other benefits that flow through the tax code in order to balance the economic books.” An industry spokesperson predicts if Clinton wins, there will be little movement on a tax plan, while if Trump wins, the reforms may be a bit more radical. Bradley Tusk, founder and CEO of Tusk Holdings, has a more pessimistic view of what the future holds. “Odds are nothing will really change,” he says. “If you had a Trump presidency and, therefore, an all Republican Congress and White

“IF YOU HAD A TRUMP PRESIDENCY AND, THEREFORE, AN ALL REPUBLICAN CONGRESS AND WHITE HOUSE, YOU MIGHT SEE SOME SORT OF CORPORATE TAX REFORM. “ — Bradley Tusk, founder and CEO, Tusk Holdings

House, you might see some corporate tax reform. But if Clinton wins, it’s going to be hard, and it will depend on whether there is a Republican or Democratic Congress.”And if Sanders wins, Moser predicts, “Everyone’s taxes are going up. Your taxes, my taxes, business taxes.” McCandless states this is where companies need to make sure they have a seat at the table after the election. “Businesses can get a little complacent in their conversations,” he says. “The good ones will talk about the jobs they have and what the tax code means to them, but the great ones will talk about how low a rate they need to really influence their behavior and what it means to their whole supply chain, both upstream and downstream.”

IMMIGRATION REFORM Immigration is a top issue in the 2016 presidential race, just as it was in previous election years. The voting public is holding candidates’ SDCExec.com | May 2016 | SUPPLY & DEMAND CHAIN EXECUTIVE

5/17/16 7:34 AM

FEATURE feet to the fire and demanding smart policy on immigration. But what does that mean to businesses and their supply chains? Moser calls the immigration issue “complicated,” but suggests the following will happen if candidates just leave things largely alone: “I think the Mexican economy is growing nicely, wages are rising, and there is a net migration of Mexicans back to Mexico. I think the problem will solve itself as the Mexican economy continues to improve.” Moser believes Clinton will not take a strong stance on immigration. He says, “She won’t be as tough as Trump, but I don’t think she’ll change the trajectory all that much.” And while Trump made promises to build a wall and other extreme measures, Moser says “He’s not going to spend that kind of money. But he will make it’s tougher to stay here and an illegal immigrant that commits the slightest crime will be out of —Harry Moser, president, Reshoring Initiative the country in a day.” Tusk says an H-1B bill may get through Congress, and if Clinton is in office, whether or not she vetoes it will be a tossup. “She will have a massive amount of pressure from the left to veto it, and a huge amount of pressure from businesses, the public and the media to pass it. It will be a tough call.” If nothing happens, businesses will continue to be negatively impacted by a lack of reform. H-1B legislation would exempt foreign nationals who graduate from American universities with a master’s or doctorate degree in a science, technology, engineering or math (STEM) field to apply for a green card and remain in the United States. Currently, these students are forced to leave after graduation, and thus, the United States loses the talent it trained to businesses in other countries.

“EVERYONE’S TAXES ARE GOING UP. YOUR TAXES, MY TAXES, BUSINESS TAXES.”

GLOBAL TRADE, ECONOMIC SANCTIONS In regard to global trade agreements, Timothy P. O’Toole, member of Miller & Chevalier, a law firm specializing in taxes, international law and business, government affairs and more, opines, “Trump and Sanders seem very skeptical ... of trade agreements. 8

I’m not sure whether that’s anti-free trade (as maybe the critics would call it) or pro-fair trade (as they would probably label it). Clinton is more in favor of the status quo on trade, although ... she’s a little critical of some of the trade deals that the administration was in favor of, so maybe a little less pro-trade than the current administration.” Because O’Toole classifies Clinton as the status quo candidate, he thinks her policy on sanctions will reflect the current administration’s position. He thinks her mirroring the current administration’s sanction policy is notable: “The current administration is probably the most bullish on sanctions of perhaps any administration in history. It uses sanctions aggressively throughout the world as an important mechanism in foreign policy. And I think it use sanctions, in many ways, as an alternative to troops on the ground.” In contrast, O’Toole believes Trump will be less aggressive with economic sanctions and Sanders may incorporate more, espousing a similar business case to that of the current administration, “as a way of furthering the country’s strategic interests.” Trump is very vocal about global trade, according to O’Toole and, while he supports loosening the Cuba embargo, he is critical of the details. He says, “His criticism of the administration [and its handling of the embargo] is more along the lines of he doesn’t think we got a good enough deal in terms of what we exchanged for the loosening of sanctions.” On the contrary, O’Toole believes that Clinton would represent the status quo on trade issues with respect to Cuba, “continuing the administration’s policy, which is one of increasing engagement, dialog and trade with Cuba.” He says Sanders is in the same camp, although he estimates that both Clinton and Sanders may be in favor of loosening the embargoes on Cuba even more quickly. According to O’Toole, in terms of the Iran sanctions, “I think you’re going to see a real split between Democrats and Republicans. Both Clinton and Sanders praised the Iran deal, the Joint Comprehensive Plan of Action, which really didn’t loosen the U.S. sanctions against Iran very much from a U.S. perspective; it loosened them with respect to the way the U.S. sanctions applied to the rest of the world. Trump was very critical of that deal and would probably try to revisit it if he becomes President.”

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_06-09_Feature CM RG RG3.indd 8

5/17/16 7:34 AM

De-Risk & Transform Your Supply Chain

Building the connections that build the world Avetta delivers a SaaS-based platform that mitigates the unseen risks of outsourcing, fostering sustainable growth throughout the supply chain. Through a proven vetting and evaluation process, Avetta is able to create dependable connections between clients, suppliers and contractors. For we believe industry and commerce are built on trust. When you believe in the people you work with, amazing things transpire. Industries grow. New technologies are born. And progress becomes inevitable.

Avetta is an evolution of the company Formerly known as PICS Auditing.

Letâ&#x20AC;&#x2122;s connect at avetta.com | 800-506-7427

SDC0516_06-09_Feature CM RG RG3.indd 9

5/17/16 7:34 AM

MADE IN AMERICA By Ronnie Garrett

HEEDING THE

CALL OF THE W

Hyperlite Mountain Gear locates its U.S.based ultra-light outdoor gear manufacturing facility in the heart of Maine’s wilderness

fter soaring with the Eagles as the band’s sound engineer and sizzling as a chef in one of New York City’s top kitchens, Mike St. Pierre responded to the call of the wild. The avid outdoors enthusiast, who hiked more than 30 miles a weekend to escape the hustle and bustle of the city, found he couldn’t purchase necessary gear because it simply didn’t exist. It was out of this dissatisfaction that Hyperlite Mountain Gear was born. “I was looking for ways to lighten my load, especially with the limited time I had on weekends to get out there. Everything I found was overbuilt and simply too heavy,” he says. St. Pierre stresses that, when you carry everything you need for three days on your back, every ounce matters. This wilderness man found himself modifying children’s book bags and other pint-sized products to shave weight from his pack. Then he discovered Dyneema Composite Fabrics (formerly known as Cuben Fiber), a super-strong material used in sailcloth and manufactured in the United States by Cubic Tech Corporation, which is now owned by DSM Dyneema. “The material is basically a sheet of plastic created out of the strongest fibers in the world,” he says. “These fibers are 15 times stronger than steel by weight, are stronger and lighter than Kevlar, and don’t lose their 10

the Pacific Northwest, Asia, Europe and New Zealand. “We double in size every year,” St. Pierre says.

OPPORTUNITIES ONSHORE

Exploding growth, along with a technical integrity when folded.” commitment to keep its manufacturing St. Pierre ordered $500 worth of the in America, created a few challenges plastic laminate, commandeered every for the outdoor gear manufacturer. St. sewing machine his family owned, and Pierre, the company’s CEO, explains converted his NYC apartment into a that besides the need to design and sewing room. Here he created a shelter, develop products fitting outdoor tarp and lightweight backpack for his enthusiasts’ exacting needs, the personal use. It was on his first trip company also had to find and train the into the Adirondack Mountains that next generation of textile employees, a he discovered he had crafted something group of workers that is in short supply. others might want, too. A park ranger concerned that St. Pierre lacked enough supplies for a 60mile weekend asked to see the contents of his pack. “I had to empty all my gear on the trailhead to prove I had the supplies I needed,” he says. “That’s when I knew I was on to something.” With a head full of innovation and a heart full of passion, St. Pierre quit his job and headed back to Maine, where he and his brother, Dan St. Pierre, the — MIKE ST. PIERRE, CEO, HYPERLITE MOUNTAIN GEAR company’s cofounder and “There’s a generation gap created by CFO, began hammering out a business the overseas outsourcing of American plan, financial models and eventually manufacturing over the last 20 to 30 building products. years,” he explains. The shortage of That was in 2009. Today, business skilled labor impacted this start-up is booming. The Biddeford, Maine adventure from the get-go. manufacturer now employs 30 At one time, the textile mills along employees and has products in some the banks of the Saco River bustled of the most rugged outdoor settings with activity, weaving a livelihood for across the globe, including Colorado,

“WE DEVELOPED ALL THESE TECHNIQUES, SO WHY WOULD WE WANT TO GIVE ALL THAT UP TO A CONTRACT MANUFACTURER OVERSEAS?”

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_10-11_MadeInAmerica RG CM.indd 10

5/17/16 1:37 PM

E WILD those who lived there and crafting a community of workers known for their strong work ethic and innovative production skills. St. Pierre knew of this history and felt it made Biddeford a logical place to locate. “We knew we were going to need sewers and assemblers,” he says. “I thought I might find the remnants of some of the [old] sewers in the area. That wasn’t quite the case.” While the historic mill district did offer approximately 5 million square feet of manufacturing space, the sewing workforce had long since unraveled. “Nowadays, we have to train new hires to work with these materials and it takes about three months to get people up to speed,” according to St. Pierre. He explains that stitching or bonding together Cuben Fiber is a vast departure from working with woven fabrics. Using straight sewing techniques on this material creates what he calls a postage-stamp effect along the stitching lines, which can lead to premature wear patterns along high stress areas in the products. “Early on, we had to find better bonding techniques,” he says. “We looked at the sailing industry to see how they handled this issue, and we came across special tapes and adhesives that allowed us to build these products with seams that were stronger than traditionally sewn seams.” Solving these challenges built the case to keep this company’s manufacturing onshore. St. Pierre explains moving manufacturing to an overseas cut-and-sew shop put the quality of their products and

their proprietary knowledge into the hands of others. “We developed these techniques. Why would we want to give that information to a contract manufacturer overseas?” he asks. “We believe Made in the USA is a worthwhile endeavor that benefits our customers, our company and the community where we do business,” he continues. “Our employees are highly skilled craftspeople who care deeply about the quality of their work”

THE WILD SIDE Siting the company in the heart of Maine’s wilderness vs. overseas also keeps quality high. It allows Hyperlite Mountain Gear to fulfill its mission of delivering quality, durable and ultra-lightweight products to outdoor enthusiasts. “We believe it is critical that our gear be designed and built in a place that is relevant to its end use,” states St. Pierre. “Maine is full of mountains,

SDC0516_10-11_MadeInAmerica RG CM.indd 11

forests, trails and rivers … it’s the kind of place that inspired us to found this company … the kind of place that now serves as our test lab.” The company’s location allows Hyperlite Mountain Gear to engage in real-world product testing to fulfill quality requirements. St. Pierre is the first to test every new product, which he brings out on the trail, then modifies and takes out again and again until he’s satisfied with the design. At that point, every product goes to a team of quality control ambassadors, which includes notable mountaineers, nature photographers, hikers, climate scientists and more across the globe, for rigorous testing in other uses and other climates. “The ambassador team uses our products for weeks to months at a time,” according to St. Pierre. “When we get the products back, we look at how the product held up overall and modify it further.”

SDCExec.com | May 2016 | SUPPLY & DEMAND CHAIN EXECUTIVE

5/17/16 1:37 PM

ADVERTORIAL

By Bryan Nella

The 2016 Manufacturing Supply Chain Outlook:

UNCERTAIN Four ways risk and uncertainty are impacting supply chain operations

n December 2015, GT Nexus and YouGov surveyed 250 senior manufacturing executives to gauge their outlooks on supply chain in 2016. We set out to learn their top concerns, challenges, goals and opportunities. One message was consistent across the study results: uncertainty. Ranging from technology to disruptions to external factors beyond their control, uncertainty and risk clearly loom overhead in the manufacturing supply chain. Challenges arise from every direction. Customer demands. Political issues. Currency fluctuations. Labor strikes. Raw material costs. Regulations. Risk and uncertainty bare their heads throughout the study. Here are four major ways it is impacting operations, execution and strategy.

THE DISRUPTION FACTOR Manufacturing continues to be increasingly outsourced. Pressures relating to materials, capacity, compliance, strikes and weather conditions, to name a few, are top concerns for manufacturers and their supply chains.

outlook study by the

numbers Percentage of manufacturers impacted by a supply chain disruption in the last 12 months

41% Respondents who believed their supply chain will not be impacted by technology

40% 38% 12

The 2016 outlook study showed 40 percent of manufacturers were impacted by a supply chain disruption in the last 12 months. In other research, the numbers are even higher. As manufacturers rely more heavily on outsourced manufacturing and supply chains, the potential of disruption grows, along with the impact. For example, in 2015, the West Coast port slowdown had an estimated $7 billion impact on commerce. Manufacturers are faced with a trifecta of challenges here: rising risk of disruption, growing impacts of a delay and increasingly demanding customers. Factor in current economic conditions where growth is minimal and the challenge is further magnified. Manufacturers are forced to move even further beyond their comfort zones to deliver products in new markets and regions to capture growth. As a result of these dynamics, manufacturers are forced to redesign their supply networks in new ways that minimize disruptions and related risk, while enabling profitable demand fulfillment. For example, there’s a movement in many industries to “produce locally, sell locally” to serve overseas markets while keeping costs low. Expect to see more innovative moves in supply network design to address the disruption factor and challenges around fulfilling demand profitably.

Manufacturing executives reporting their most important supply chain goal is reducing costs

76% The percentage of manufacturers operating without a chief supply chain officer

LACK OF LEADERSHIP Immense focus is being placed on supply chain today from investors, analysts, customers and other constituents. A supply chain disruption or disaster, such as a factory collapse or explosion, brings massive impact to revenue and the brand. Consider other variables, such as currency fluctuations, geopolitical crises, changing laws and regulations, or costs of materials and labor, and the quagmire grows more daunting. So much is at stake in a complex environment filled with pitfalls.

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_12-13_GTNexus RG CM.indd 12

5/16/16 10:23 AM

This being the case, it’s surprising to see so few companies placing supply chain at the C level. The study shows 76 percent of manufacturers operate without a chief supply chain officer. Consider how many parts of an organization the supply chain touches directly or indirectly. Basically, all of them. The supply chain is an extension of the business. It’s the extra enterprise that has no boundaries. Yet, it has to be managed and controlled. Visibility, transparency and collaboration are essential to making this

Consider the increasingly dispersed nature of supply chain networks today, and the challenges that arise from parties operating on different systems with different workflows and processes. Data and visibility are extremely fragmented. To put it another way, supply chain data that resides in a silo provides no value to the network. When manufacturers can collect and share data across the network, and use it for greater visibility and execution, risk is mitigated and opportunities to drive growth spike. Supply chains and Manufacturers are faced with a trifecta of their leaders have to be tech-savvy visionaries in 2016.

challenges here: rising risk of disruption, growing impacts of a delay and increasingly demanding customers.

happen. Unfortunately, without a strategic C-level leader, supply chain strategies are short-handed or misguided. Without a champion of end-to-end visibility or a visionary who can move the enterprise toward a supply network approach, many initiatives collapse. As more manufacturers evolve upward in the supply chain maturity curve, the need for chief supply chain officers will become clearer.

TECH DEFICIENCY In the study, we asked manufacturers which technology they believed would most heavily impact their supply chain in 2016. The top three technologies were: ❯❯ Advanced analytics (13 percent). ❯❯ Internet of Things (11 percent). ❯❯ 3D printing (9 percent). Radio frequency identification (RFID) came in at 3 percent and drones at 2 percent. Given these results, technology doesn’t appear to be top of mind for manufacturers. Seventeen percent said they don’t know what technology will impact their supply chain and over one-third (38 percent) of respondents believe their supply chain will not be impacted by technology. This is problematic and disappointing. There is clearly a need for clarity and education around supply chain technology. If supply chain executives aren’t tracking the latest innovations in collaboration and execution, their ability to evolve and transform to mitigate risk is greatly marginalized.

SDC0516_12-13_GTNexus RG CM.indd 13

CONSERVATIVE APPROACH: COST CUTTING

Forty-one percent of manufacturing executives in this study said their most important supply chain goal for the near future is reducing costs. Consider the plethora of proactive supply chain strategies being written about and discussed by the Gartners of the world. We hear about visibility, traceability, collaboration, agility, resiliency or a networked environment to align supply and demand. Yet the top response is to cut costs. The clear indication is that uncertainty is driving strategy. As a result, plans are centered on conservative moves to carve out savings and reduce costs, instead of innovating and transforming to drive growth. Many will say that cutting costs is what you do in a bear market. You pull back, carve out efficiencies. This may be true. But it can’t be at the expense of long-term vision and growth. Investments in supply chain visibility provide the foundation for long-term innovation and growth, while setting up new possibilities for removing costs. Moves that reduce inventory. Remove days from cycle times. Extract capital costs from transactions. Or eliminate distribution centers or domestic handling costs. Cost cutting in 2016 may help the bottom line in the short term. But it’s the strategic supply chain programs that look long term at innovation, network agility and end-to-end visibility—driven by a C-level executive—that will deliver the winning formula in 2016 and beyond.

ABOUT THE AUTHOR BRYAN NELLA is the director of corporate communications at GT Nexus.

SDCExec.com | May 2016 | SUPPLY & DEMAND CHAIN EXECUTIVE

5/16/16 10:23 AM

SPECIAL REPORT THE INTERNET OF THINGS

By Ronnie Garrett

INSECURITY in IoT Experts report the Internet of Everything (or Internet of Things) opens the door for the hacking of everything: Here’s how companies can remove this security risk

emember the Jetsons? The futuristic family, living in Orbit City, with completely automated homes, hover transportation and holograms for communication? In 1962, when this fictional family made their television debut, their highly mobile and interconnected life seemed unrealistic. Today, it is reality. By employing the Internet of Things (IoT) in our homes, the lights turn on and the temperature adjusts automatically when we walk through the door, our refrigerators inform us when we need milk, and hightech washers and dryers notify us via smartphone when our clothes are done. But the IoT is transforming more than just how we live; it’s also revolutionizing the global supply chain. Shippers are deploying active tracking devices on cargo containers to monitor shipments in real time. IoT sensors are making sure packages arrive on time and without damage. Factories are employing the IoT to regulate temperature, improve 14

security systems and control robotic equipment. And manufacturers are adding the IoT to products so they can update and trouble check systems on the fly. “The IoT provides a completely transformational set of capabilities and business models for companies that embrace it, think creatively, and understand the power of what connectivity and the resulting data can do for them,” says Neil Hampshire, chief information officer of ModusLink Global Solutions, a supply chain management services provider. The Jetsons shine a spotlight on technology’s lighter side, but there is also a darker side. Glen Gilmore, an instructor with Rutgers Business School, where he created instruction in supply chain management, stresses, “Regulatory and law enforcement authorities are issuing new warnings about the vulnerabilities of such technologies to hacking.” As the use of the IoT flows throughout the supply chain, it opens up a flood of security risks;

vulnerabilities many companies fail to consider beforehand. “It’s very easy to get swept up in the hype and get into the IoT without really thinking it through,” emphasizes Hampshire. Sean Valcamp, chief information security officer for Avnet Inc., a global technology distributor, agrees, noting that incorporating the IoT without considering cybersecurity is “like jumping into the deep end of the pool before learning to swim.” As IoT devices and applications evolve, so must cybersecurity policies and practices. “We must recognize that the Internet of Everything [another term for the IoT] introduces the potential for the hacking of everything,” Gilmore stresses. “The IoT may be the weakest link in breaking into an enterprise digitally because businesses fail to recognize the risks of using smart devices.”

RISKY BUSINESS According to Daniel Miessler, director of advisory services at IOActive Inc., a cybersecurity consultancy, the fundamental idea behind the IoT is taking devices that, until now, operated in an analog world or offline, and enabling them to collect and offer data about their functionality online. With this technology deployed, companies computerized tens of thousands of devices and they are all part of an IoT talking to each other through application programming interfaces (APIs), which act as the remote control for IoT devices. The insecure backdoor to a company’s data lies in these APIs. Hampshire explains that adding billions of data collection and transmission points across the global

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_14-17_IoT RG CM.indd 14

5/16/16 10:26 AM

SPECIAL REPORT THE INTERNET OF THINGS

IoT by the

Business opportunity expected to be generated by the IoT over the next 30 years

numbers

(Source: McKinsey & Company)

The number of connected things worldwide by 2020

BILLION (Source: Gartner Inc.)

$11 TRILLION

70%

The percentage of businesses planning to or already conducting IoT projects

(Source: Hewlett-Packard Company)

(Source: Forrester Research Inc.)

of the most commonly used IoT devices contain security vulnerabilities

supply chain creates billions of backdoors that, when left “unlocked,” leave organizations unprotected. If cyber criminals breach just one of these backdoors, it may be possible to access the networks of multiple companies across the supply chain. In a scenario in which many companies are already swimming in the IoT sea, cybersecurity may be the life raft they need before drowning in security risks. “It will be critical as IoT applications are developed and perfected that concerns about security are properly addressed,” emphasizes author Gregory Braun, senior vice president of sales and marketing for C3 Solutions, in a white paper titled,

33%

“The Internet of Things and the Modern Supply Chain.”

SHUT THE DOOR The first step toward minimizing IoT-related cybersecurity risks is closing backdoor access by understanding every device’s inherent vulnerabilities, and their outgoing and incoming links to other systems. The IoT has four major building blocks, according to a white paper titled “IoT Platforms: The Central Backbone for the Internet of Things.” These include: hardware (physical devices with the IoT installed); communication (where the data are transported); the software backend

(where data are managed); and applications (where data are turned into value). “Security is a must-have element for all of these building blocks,” states the white paper sponsored by IoT Analytics, a provider of market insights for the IoT. A security breach can happen in any of these areas. “It can happen at the device level if the device didn’t lock it down, in the software itself, as the device is transmitting data into the cloud and as the device receives data, so every connection that comes in and out of that platform needs to be secure,” Hampshire says. Kevin Bromber, CEO of myDevices, a connected device and IoT platform company, stresses companies should be aware of all IoT entry points and touchpoints in their systems. “You need to look at anywhere data enters and leaves your system, and map out these locations,” he says. A thorough security audit can identify the IoT on the network. This assessment can show where devices are and how they communicate with the network to pinpoint potential security vulnerabilities. But Bromber cautions this map must be updated regularly. “You could take a snapshot in time and

IoT Security for Products, Too Daniel Miessler, director of advisory services at IOActive Inc., warns of an overlooked area of IoT security—the devices companies manufacture. Often manufacturers fail to consider where the components in their products come from. Miessler stresses they need to consider whether their suppliers have a vested interest in purposely putting an insecure backdoor into their products. “Manufacturers are shipping products that have backdoors in them because they didn’t look at all the software, firmware and hardware in that product, and validate that every single one of these components was trustworthy and secure,” he says. IOActive helps manufacturers with this daunting task. The company aids its clients in integrating security early in the procurement and production cycle to avoid introducing IoT-related security vulnerabilities into a product. “We lay out a company’s entire supply chain and look at the sourcing for critical components, then we look at the source code in these systems and assess the companies providing them to ensure backdoors are closed,” he says.

SDC0516_14-17_IoT RG CM.indd 15

SDCExec.com | May 2016 | SUPPLY & DEMAND CHAIN EXECUTIVE

5/16/16 10:26 AM

SPECIAL REPORT THE INTERNET OF THINGS

“IOT MAY BE THE WEAKEST LINK IN BREAKING INTO AN ENTERPRISE DIGITALLY BECAUSE BUSINESSES FAIL TO RECOGNIZE THE RISKS OF USING SMART DEVICES.” —GLEN GILMORE, INSTRUCTOR, RUTGERS BUSINESS SCHOOL

SDC0516_14-17_IoT RG CM.indd 16

say we are secure, but a month from now, your system may be open again,” he says. Avnet, which has had a security awareness program for more than six years, regularly scans its network for vulnerabilities. This assessment looks at managed devices (those devices the company knows about) and unmanaged devices (those devices it didn’t know existed). “If someone deployed an IoT device on our network [without authorization], we would see that and be able to respond,” Valcamp says. Securing the IoT also requires companies to employ good security patching and monitoring practices. Valcamp cites Blu-ray players as an example. Consumers connect these devices to their home Wi-Fi networks,

but most forget to update their security patches. “Companies must keep IoT devices current in terms of identified vulnerabilities, and make sure they are monitoring activity on those devices to identify and close backdoors,” he says.

PEOPLE, PROCESSES, TOOLS “Businesses using the IoT to automate processes or collect real-time data must have strong cybersecurity policies and procedures in place so that the processes being automated or data being shared is not hacked,” says Gilmore, who is recognized as a top IoT influencer by Inc. and Onalytica. Before Avnet deploys new IoT, its IT experts make sure its security platforms, networking tools and software can see it. “We have processes

5/20/16 10:38 AM

SPECIAL REPORT THE INTERNET OF THINGS and response plans in place if we start to see malicious activity at any of those endpoints,” Valcamp says. He recommends assigning an employee or team to track IoT cybersecurity, then designating which employees are authorized to use smart devices. Once devices on the network are known, these employees should use unique keys to access them. This ensures access is limited to authorized users and the device is approved for use on a company’s network. Software such as ModusLink’s Poetic helps companies provide unique keys for users, control access to downloadable assets, record usage data from devices, and control and manage features and functions of thousands of devices at once. Valcamp also suggests adding

SDC0516_14-17_IoT RG CM.indd 17

technology that helps secure company networks. At the very least, he recommends a vulnerability scanner, which continuously scans the network for potential vulnerabilities; a security risk management platform, which takes information from these scans and other sources, and correlates the data to generate security intelligence; an integration platform, which can enhance the visibility of the security practice; and technology that monitors traffic between devices inside and outside the company network. “You need to make sure you have appropriate penetration testing and detection capabilities, intrusion detection methodologies and tools, and the management processes in place to audit and oversee that environment,”

says Hampshire. All communication with devices outside the company’s four walls or in the cloud should be encrypted. This includes the data at rest and in transmission, residing on internal and external servers. “We use Transport Security Layer (TSL) and X.509 certificates to make sure we have a secure handshake and encryption between devices,” Hampshire says. “It’s important to look at device-to-device and device-to-cloud types of security.” While the risks are real, keeping the IoT secure isn’t rocket science. As Hampshire points out: “The basic [cybersecurity] principles remain the same whether you have a couple points of access or millions of points of access around the globe.”

5/20/16 10:38 AM

SPECIAL REPORT PROCUREMENT

By Carrie Mantey

YOUR SUPPLIERS’ RISK IS

YOUR RISK

In today’s global marketplace, your suppliers—whether Tier 1, 2, 3 or more— are an extension of your company and your brand

By rijans - Flickr: Dhaka Savar Building Collapse, CC BY-SA 2.0

Pictured is the aerial view of the Rana Plaza building collapse in Bangladesh.

n today’s day and age, in which outsourcing can be the norm, and not only major global corporations stretch across the globe, but also potentially mid-market and mom-and-pop suppliers, supply chains are no longer insulated from external or environmental risk events. These risks can range from a natural disaster, such as the Japan earthquake and tsunami, to lax safety policies, in the case of the Bangladesh garment factory collapse, to the regular ebb and flow of business, including when a supplier is acquired or goes out of business. These risks are not new to the supply chain, but as the supply chain grows more complex, so do the risks

to supply, especially when visibility is blurred, suppliers are far-flung and there is no backup plan in sight. According to Charles Dominick, SPSM3, president and CPO at Next Level Purchasing Association, the reality is “an organization doesn’t own its supply chain. It chooses its Tier 1 supplier, who chooses its supplier [Tier 2], who chooses its supplier [Tier 3] and so on. In those cases, the failure of a Tier 1 supplier may necessitate its replacement, which replaces the entire supply chain for the purchased product or service. Every organization should have a contingency plan covering every tier of the supply chain that answers the question: If this company drops off the face of the Earth tomorrow, who can step in? Of course, any good supply chain contingency plan goes deeper than just answering that question. It addresses lower tiers as well.” Dominick elaborates on the escalating chance of encountering risk in the supply chain, saying every business has a percentage of a chance to face operational disruption. That percentage is compounded by the chance that each of the business’ suppliers have to encounter risk as well. With every supplier, and suppliers’ supplier, the chance of risk grows exponentially. He reinforces, “Knowing the risks of a disruption to supply continuity, knowing the likelihood

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_18-21_Procurement CM RG.indd 18

5/17/16 7:53 AM

SPECIAL REPORT PROCUREMENT of those risks and developing an appropriate plan for mitigating those risks are the foundational aspects of supply risk management.”

Six Steps to Prepare for the Trade Facilitation and Trade Enforcement Act

FALLOUT FROM THE SUPPLY CHAIN IGNORANCE BOMB

President Obama signed a new trade law that bans imported goods made with slave labor. Now companies all over the world have to dig deeper into their supply chains to ensure slavery and human trafficking does not exist.

An organization can’t prevent or avoid risk if it doesn’t know whom its suppliers are, where they are located, and therefore, what its risks are. Because we live in a global economy that’s connected by the Internet, it’s easy to spot the numerous instances of supply chain vulnerability. Brian Winshall, executive vice president of business development at AFN Logistics, concurs, “As supply chains become leaner and markets more competitive, the supply chain impact of [risk] events can be profound. Basic mitigation strategies like safety inventory and excess capacity are inadequate. There’s a critical need for businesses to proactively collaborate with suppliers to avoid, or respond to, disruption in a quick and efficient manner. This creates a competitive advantage, increased speed to market, cost reductions and brand protection.” Diane Palmquist, vice president of manufacturing industry solutions at GT Nexus, warns if you don’t know your supply chain, you’re not only unprepared for the big disruptions, but also the small ones that can quickly escalate into a major bottleneck, especially if you’re singlesourcing materials, which means there is no backup supply. She offers an example: Peugeot lost billions of dollars one year because an Italian Tier 2 fastener supplier’s operations were disrupted, resulting in this tiny component stalling vehicle production. Alternatively, sometimes it takes a major event for a company to sit up and take notice of suppliers of all tiers. She mentions that, when the Japanese tsunami happened in 2011,

The new provisions affect companies doing business internationally and with foreign supply partners. Ramifications for noncompliance include trade restrictions and barriers, and negative public perception. With parent companies legally responsible for the actions of their supply base, they need to take proactive measures so their entire supply chain is slave and child labor-free. Step 1: Understand the law and where you’re at risk. Step 2: Work with the C-suite to ensure alignment.

A group of children work near Siem Reap, Cambodia, where child labor is still common.

Step 3: Preparedness is the best form of risk management. Step 4: Leverage technology for enhanced visibility and tracking. Step 5: Set up a regular auditing program. Step 6: Stay on top of the laws. MICKEY NORTH RIZZA IS VICE PRESIDENT OF STRATEGIC SERVICES AT BRAVOSOLUTION. TO READ THE FULL ARTICLE, PLEASE VISIT WWW.SDCEXEC.COM/12206066.

it was a wake-up call. There was even a New York Times story about General Motors (GM) going into a war room for months to determine its Tier 1 and 2 suppliers. Palmquist notes, “A big tsunami exacerbates the issue, but that issue already existed. It means that [GM] already didn’t know where it was getting its supply. It doesn’t have to be a big disruption that causes pain. That’s why, for just regular business continuity, day-to-day operations and execution, you have to know whom your suppliers are and whom your backups are.” Winshall agrees, listing the fallout that can accompany not familiarizing yourself with your supply chain: expensive supply loss, delayed reaction times, depleted quality control and

SDC0516_18-21_Procurement CM RG.indd 19

photocredit: istockphoto.com aluxum

By Mickey North Rizza

increased costs. H says the more an organization collaborates with its suppliers, the more it can avoid and prevent risk since it knows what’s coming down the pipeline. It’s also important to stress that, to many consumers, there is no difference between a brand and its suppliers, therefore, your suppliers are an extension of your brand. That’s why organizations need to collaborate with suppliers to ensure their corporate social responsibilities are in line with what the organization preaches. “A landmark example of such risk was the 2013 Rana Plaza factory collapse in Bangladesh where rescuers found over 1,000 dead workers and apparel that was made for large, householdname retailers,” says Dominick. “Those

SDCExec.com | May 2016 | SUPPLY & DEMAND CHAIN EXECUTIVE

5/17/16 7:54 AM

SPECIAL REPORT PROCUREMENT retailers denied they authorized production of their garments at that unsafe facility, yet the production was done there regardless. Though it dwarfs the pain experienced by the families of the victims, those retailers incurred damage to their brands.” Dominick notes unsafe supplier facilities are just the beginning of the kinds of indiscretions that can be exposed. There is also slave and child labor, environmental hazards and financial support for conflict minerals, to name a few.

DOWN TO THE NITTY GRITTY OF YOUR SUPPLY CHAIN Palmquist suggests organizations map out their supply chain networks to determine Tier 1, 2, 3, etc. suppliers, but acknowledges that it’s not easy. One reason is an organization’s supply chain network can change rapidly, but even with the ever-increasing pace of the changing supply chain, most companies know their Tier 1 suppliers. The caveat, she admits, is determining the other tiers of supply; many organizations don’t know every single supplier of every single

component, but they need to know what those are and where they come from. She says that once businesses map out their supply chain networks electronically, the task becomes far easier. They can link suppliers involved with specific product lines and SKUs, and better visualize the supply chain network overall to facilitate decisionmaking and analysis. Furthermore, she suggests tying these maps in with risk management software, which can be predictive in locating political unrest, weather issues and the like. This helps businesses notice where they may need to take action. This requires operating the supply chain as a network, with all suppliers and trading partners connected in a cloud environment, and a single version of the truth at the core. Sonal Sinha, vice president of industry solutions at MetricStream, confirms that analyzing what an organization’s supply chain universe

contains can be a very daunting task. Not only are companies growing organically, but also inorganically through a deluge of mergers and acquisitions. Add to that the global nature of commerce and supply chains, and the increasing participation of suppliers from less advanced countries that may not have sophisticated tracking mechanisms or systems, and the once-clear waters muddy quickly. Sinha recommends using a riskbased approach, whether based on payment history or the highest revenue product, to identify suppliers, “There’s a good chance that, if you paid a supplier in the last couple of years, they’re active. A second step would also be to take a look at the highest revenue product you’re selling. If you have 200 products in your portfolio, but 10 of those 200 make up 80 percent of your revenue, then focusing on those 10 products and the suppliers supplying

Supply Chain Risk Intelligence BSI provides geographic risk intelligence for over 200 countries to help organizations increase transparency and mitigate global supply chain threats · Piracy, Cargo Theft, Counterfeiting and Unmanifested Cargo · Supply Chain Corruption and Terrorism · Forced and Child Labor, Human Rights and Working Conditions · Natural Disasters, Man-Made Disruptions and Political Stability

480.421.5099 supplychainsolutions@bsigroup.com bsi-supplychainsolutions.com

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_18-21_Procurement CM RG.indd 20

5/17/16 7:54 AM

SPECIAL REPORT

INDUSTRIAL REAL ESTATE PROCUREMENT

components for those products can be a really great way to start gathering information on your highest risk suppliers.” Biju Mohan, vice president of consulting at GEP, agrees that organizations should identify high-risk suppliers based on financial impact to the business, but he also advises that companies use the metric for time to recover in case of a disruption. “There needs to be a constant assessment of strategies—including backup options, inventory management, rapid response manufacturing, etc.—that can be put in place to manage any risks with these suppliers. Increasingly, it is important to start evaluating the risk impact of a supplier change as part of this process,” he says. “Familiarize yourself with suppliers. Knowing and measuring the potential financial impact and time to recover from risks driven by suppliers can help an organization manage their risk profile and take corrective/predictive actions as needed.”

An organization can’t prevent or avoid risk if it doesn’t know whom its suppliers are, where they are located, and therefore, what its risks are.

RISK-RANKING YOUR SUPPLY CHAIN UNIVERSE

Many organizations are getting into the habit of assigning risk profiles to suppliers, based on different metrics, because of the complexity of the supply chain network. These risk indicators vary by company, goals, supplier geography, etc. In this case, there is not necessarily a one-size-fits-all methodology. Sinha says, when it comes to business continuity risk, some companies may assess factory location, export markets, geopolitical forces, and finance and credit ratings, to name a few. According to Winshall, organizations can take supply chain mapping a step even further to incorporate risk, “Companies can geo-code suppliers utilizing servicearea mapping technology, and can then apply risk indices for things like corruption, political instability, logistics performance, climate risk and more. In doing this, businesses know how a commodity or product may be impacted at the time of an event, like a natural disaster or a labor strike. Organizations that don’t have this technology may not be alerted for days or weeks, and a slow reaction can cause irreversible damage and financial loss.” Dominick concludes that the best way to achieve end-toend, multi-tier transparency into an organization’s supply chain universe is by creating a collaborative culture between the C-suite and its strategic suppliers, and by replicating it at each tier.

SDC0516_18-21_Procurement CM RG.indd 21

THAT MAKES CENTS FOR YOUR SUPPLY CHAIN!

CenterPoint reduces your logistics expenses, creating a better bottom line.

CHICAGO | HOUSTON | KANSAS CITY LOS ANGELES | MILWAUKEE NEW YORK/NEW JERSEY | NORFOLK

5/17/16 7:54 AM

SPECIAL REPORT TRADE FINANCE

By Lara L. Sowinski

INCOTERMS

Short for International Commercial Terms, Incoterms are the foundation for foreign sales transactions

he latest version of Incoterms (short for International Commercial Terms) 2010 became effective in January 2011. Simply put, Incoterms are rules that define the responsibilities of sellers (exporters) and buyers (importers) for the delivery of goods under sales contracts. According to the Export.gov website, Incoterms 2010 has 11 predefined terms subdivided into two categories based on the method of delivery. The seven rules in the largest group can be used for any method of transport, whereas the four rules in the smaller group are used only for sales that are transported by water when the condition of the goods can be verified at the point of loading onboard ship.

ANY MODE OF TRANSPORT Ex Works (EXW): The seller fulfills obligations by having the goods available for the buyer to pick up at his premises or another named place. The buyer bears all risk and costs, starting when he picks up the products at the seller’s location until the products are delivered to his location. The seller has no obligation to load the goods or clear them for export. Free Carrier (FCA): The seller delivers the goods export-cleared to the carrier stipulated by the buyer or another party authorized to pick up the goods at the seller’s premises or another named 22

place. The buyer assumes all risks and costs associated with delivery of goods to the final destination. Carriage Paid To (CPT): The seller clears the goods for export, and delivers them to the carrier or another person stipulated by the seller at a named place of shipment. The seller is responsible for the transportation costs associated with delivering goods to the named place of destination, but is not responsible for procuring insurance. Carriage and Insurance Paid To (CIP): The seller clears the goods for export, and delivers them to the carrier or another person stipulated by the seller at a named place of shipment. The seller is responsible for the transportation costs associated with delivering goods and procuring minimum insurance coverage to the named place of destination. Delivered at Terminal (DAT): The seller clears the goods for export, and bears all risks and costs associated with delivering the goods and unloading them at the terminal at the named port or place of destination. The buyer is responsible for all costs and risks from this point forward. Delivered at Place (DAP): The seller clears the goods for export, and bears all risks and costs associated with delivering the goods to the named place of destination not unloaded. The buyer is responsible for all costs and risks associated with unloading the goods and clearing customs to import the goods into the named country of destination. Delivered Duty Paid (DDP): The seller bears all risks and costs associated

with delivering the goods to the named place of destination ready for unloading and cleared for import.

SEA AND INLAND WATERWAY TRANSPORT Free Alongside Ship (FAS): The seller clears the goods for export and delivers them when they are placed alongside the vessel at the named port of shipment. The buyer assumes all risks/ costs for goods from this point forward. Free on Board (FOB): The seller clears the goods for export and delivers them when they are onboard the vessel at the named port of shipment. The buyer assumes all risks and cost for goods from this moment forward. Cost and Freight (CFR): Seller clears the goods for export and delivers them when onboard the vessel at the port of shipment. The seller bears freight cost to the named port of destination. The buyer assumes all risk for goods from the time they are delivered onboard the vessel at the port of shipment. Cost, Insurance and Freight (CIF): The seller clears the goods for export and delivers them when they are onboard the vessel at the port of shipment. The seller bears the cost of freight and insurance to the named port of destination. The seller’s insurance requirement is for minimum cover. The buyer is responsible for all costs associated with unloading the goods at the named port of destination and clearing goods for import. Risk passes from seller to buyer once the goods are onboard the vessel at shipment port.

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_22-23_TradeFinance RG CM.indd 22

5/16/16 10:46 AM

SUCCESS REQUIRES

KNOWLEDGE BE SUCCESSFUL. BOOKMARK SDCExec.com THE OFFICIAL WEBSITE OF SUPPLY & DEMAND CHAIN EXECUTIVE

Channels dedicated to the major supply chain topics: -DEMAND MANAGEMENT -WMS/LOGISTICS -GLOBAL SCM -INTEGRATION/ERP -PAYMENT -SOURCING/PROCUREMENT -RISK MANAGEMENT -INDUSTRY RESOURCE

Access to subscriptions for Supply & Demand Chain Executive magazine and our e-newsletter, Headline News Upcoming live and on-demand webinars at SDCExec.com/webinars

News, analysis, products and innovations across the entire end-to-end global supply chain in every vertical

THE WEBSITE FOR SENIOR-LEVEL SUPPLY CHAIN PROFESSIONALS.

SDC0516_22-23_TradeFinance RG CM.indd 23

5/16/16 10:46 AM

EXECUTIVE FOCUS

{ TRANSPORTATION}

By Carrie Mantey

Hands Off MY DECK!

While the risk of getting hijacked by pirates is low, it remains a real threat to the supply chain. Here’s why preparing for a piracyrelated attack should be on your radar …

ave you seen Captain at the time, thus part of the crisis Phillips? While we aren’t communications team tackling the here to spoil the film, situation and witnessing the behindit narrates the 2009 the-scenes turmoil. He can tell you hijacking of the U.S. Maersk Alabama piracy is all too real. So what can you container ship by Somali pirates. The do to protect your cargo, crew and true story focuses on Captain Richard other assets to avoid being the next Phillips and the pirates who take him victim—or worse yet—a hostage? hostage after targeting his unarmed ship. Dana Magliola, director of the Supply Chain Resource Cooperative at North Carolina State University, was the manager of Laura A. Moore, U.S. Navy - http://www.defenseimagery.mil corporate communications at A.P. Moller-Maersk The Maersk Alabama leaves Kenya after spending time in port after a pirate attack. Group/Maersk Line 24

WELCOME TO THE DANGER ZONE One way to prevent piracy risk is to know where it most frequently occurs. Magliola says that the shipping routes most prone to global piracy and related cargo loss are the Gulf of Aden leading into the Suez Canal, which is between Somalia and Yemen; the Gulf of Guinea near western Africa; and the Strait of Malacca near Indonesia and Malaysia. He attributes the recent spate of piracy attacks to pirates being able to take advantage of geographies where there is a lack of regional governmental control. “In Somalia, for example, you have an internationally recognized failed state. In West Africa, you have a very poorly governed or corrupt government for several nations in that area. Without regional governmental stability, you see a rise in piracy.” Geographical piracy risks, including cargo loss, are starkly different. A Somali pirate does not necessarily use the same techniques or have the same goals as a West African pirate. In the Somali business model, pirates typically capture the vessel, cargo and crew for ransom, but once the ransom is paid, the cargo is released and cargo losses are mitigated. Pirates in western Africa, however, prefer robbery and siphoning oil from oil tankers, essentially stealing fuel, which contributes to the rise in cargo losses. The world’s busiest shipping lane, the 500-mile Strait of Malacca, is prone to piracy attacks and cargo loss due to the sheer concentration of ships in the small proximity. Magliola says this presents more of an opportunity than unstable or corrupt governments. He elaborates that the piracy model in Asia is not like that in West Africa with cargo loss; it’s more about kidnapping for ransom.

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_24-27_Trans CM RG.indd 24

5/17/16 1:25 PM

TRANSPORTATION STRAIT OF MALACCA

GULF OF GUINEA

GULF OF ADEN

The shipping routes most prone to global piracy and related cargo loss are the Gulf of Aden leading into the Suez Canal, the Gulf of Guinea near western Africa, and the Strait of Malacca near Indonesia and Malaysia.

HOW CAN YOU AVOID WALKING THE PIRACY PLANK? One effective way to prevent or avoid piracy-related cargo loss is to travel shipping routes with armed guards, or international and/or military patrols. When it comes to relying on international and/or military patrols, however, Magliola warns, “Both the Strait of Malacca and the Gulf of Aden are strategic routes that are relevant to global trade. Unfortunately, for the shipper and commerce in the Gulf of Guinea, it’s not necessarily a strategically important area so you don’t see as many international patrols. You don’t see the kind of coherent cooperation of different nations to protect that area.” Another difference between pirate hotspots is, when a geographic location is of utmost strategic importance for global trade, the United Nations (U.N.) can be bolder about getting involved. For example, Somalia is a strategic location because it contains the Suez Canal, but the fact that it’s a failed state still makes it vulnerable to piracy, whereas western Africa is a “perfect storm,” meaning it’s not particularly strategically important, so there’s less likelihood of U.N. involvement. In addition, some governments have no control over piracy-prone areas, even if they have jurisdiction. If the U.N. did consider taking

SDC0516_24-27_Trans CM RG.indd 25

SDCExec.com | May 2016 | SUPPLY & DEMAND CHAIN EXECUTIVE

5/17/16 1:25 PM

TRANSPORTATION

SO YOU’RE ABOUT TO BE

ATTACKED BY PIRATES … By Donna Nincic Best management practices (BMP4) were developed for Somali piracy, and they are the gold standard of what to do before, during and after a pirate attack. The goal is threefold:

. SET UP YOUR VESSEL SO THAT IT IS LESS LIKELY TO BE ATTACKED SUCCESSFULLY. A lot of this comes down to standing a good watch when you are in known pirate waters and transiting during daylight. Ideally, you can see the pirates far enough in the distance that you can outrun them.

. IF YOU ARE UNDER ATTACK, THE GOAL IS TO PREVENT THE PIRATES FROM BOARDING if it can be done without danger to the crew, such as implementing razor wire on deck or sailing a zigzag course to create a wake that makes it difficult for small boats to approach.

. IF PIRATES BOARD YOUR VESSEL, THE FIRST IMPERATIVE IS THE SAFETY OF THE CREW. The crew should head to the safe room on the ship and lock themselves in. If there is no safe room, do not attempt to fight back—do as the pirates direct. Most safe rooms are equipped so that the crew can communicate with the ship owners, which can help ensure a rescue or at least spur negotiations.

Some of the BMP4 do not work for narrow channels. For instance, in Malacca, you can’t steer zigzag courses or outrun pirates; similarly, a number of attacks in Nigeria happen when ships are at anchor. But the imperative is the same—non-lethal anti-piracy measures (including training and good watch-keeping to avoid the attacks in the first place, as well as keen attention to the International Maritime Bureau and International Maritime Organization piracy warnings for the area, as well as warnings from local authorities) to make it difficult for pirates to take over the ship and protection of the crew in the event of a successful boarding. Donna Nincic is the director of the ABS School of Maritime Policy and Management at the California State University Maritime Academy.

FOR MORE INFORMATION on how pirates are hacking shipping data, and targeting specific ship and cargo locations, please visit SDCExec.com/12208486 26

unilateral action, “it would, on some level, be stepping on the toes of local government, which is why the international community is reluctant to get involved,” Magliola suggests. “I think the maritime industry has to consider being a part of the business landscape, but make smart decisions about vessel and route planning, and be aware of the risks,” which are important ways to be prepared in the event of a piracy risk. If an organization is willing to pay for peace of mind for its high value cargo, “Armed guards are going to

be, right now, the first line of defense against piracy,” says Magliola. One caveat of using armed guards, though, is legality. “Armed guards were very successful in Somalia where most attacks are in international waters. However, armed guards are illegal in the domestic waters of many nations, which is where a large number of Nigerian and Malacca attacks occur. Ships carrying armed guards have been arrested and detained in Nigeria and India,” forewarns Donna Nincic, director of the ABS School of Maritime Policy and Management at the California State University Maritime Academy.

AVOIDING RISKY WATERS In some cases, shippers avoid the piracy danger zone altogether by circumnavigating risky routes, but even this strategy has its drawbacks, such as fuel and labor costs, not to mention on-time delivery, which comes with its own set of problems, such as brand reputation and customer loyalty. While this technique does work depending on the import geography, Magliola says, “There’s no way to avoid the Strait of Malacca because, if you’re going to do trade from the Middle East to Asia (the main trade route for oil coming out of the Middle East to markets like China), there’s no way around the strait.” He offers another example: “In 2009 and 2010, following the Maersk Alabama [hijacking], shippers were actually going around the Cape of Good Hope to avoid going through the Suez Canal and, of course, that created extensive costs and delays in cargo delivery. It was a short-term solution until a more viable alternative could be agreed upon, which made the Suez passage possible again.” With these tips to protect your cargo, crew and assets, you are armed to avoid being the next Captain Phillips.

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_24-27_Trans CM RG.indd 26

5/17/16 1:25 PM

By Donna Nincic, Professor, California Maritime Academy

SUPPLY CHAIN LEARNING CENTER

™

A DIVISION OF THE

LEARNING HUB

REQUEST A COURSE CATALOG TODAY!

ON-SITE TRAINING Learn how affordable, on-site training through the Supply Chain Learning Center can help your business be profitable and competitive. Course categories include: • Business Process Management

• Category Management

• Contract Management

• Total Cost of Ownership Approach

• Fact-Base Development

• Engage & Influence

• Legal Issues in Supply Chain Management

• Leadership

• Negotiation Skills • Public Purchasing • Strategic Application in Management

Offer good through June 30, 2016.

• Market Intelligence • Procurement & Supply Chain Management • Soft Skills & Communications • Supplier Relationship Management

For more information or course catalog, visit SupplyChainLearningCenter.com or contact Jolene at jgulley@ACBusinessMedia.com. Brought to you by:

For more information, contact: Jolene Gulley, Group Publisher Supply & Demand Chain Executive Food Logistics Phone: 480.413.0354 Mobile: 262.473.9285 jgulley@ACBusinessMedia.com SupplyChainLearningCenter.com

Class size: Up to 18 people Training Duration: 1-3 days

Food Logistics

SDC0516_24-27_Trans CM RG.indd 27

Schedule today and SAVE 10% off your first training class!

Cost: Varies - choose from set program modules or customize to meet your needs

5/17/16 1:25 PM

EXECUTIVE FOCUS

{ WAREHOUSING}

By Brooks Bentz

Omnichannel Fulfillment:

TRANSFORMATIONAL TREND OR F

aying omnichannel fulfillment is all the rage may be something of an understatement. The 900-pound gorilla wearing the Amazon T-shirt is rampaging across the landscape, leaving traditional supply chains gasping for breath. Amazon is transforming the way we think about shopping and gratifying our acquisitive nature. The enormity of the impact continues to be felt and to influence strategy in order to mount an effective competitive response. If you concede we are living in an era of permanent volatility, with higher customer expectations and shorter product lifecycles, then you probably also concede that traditional supply chains simply arenâ&#x20AC;&#x2122;t nimble or agile

enough to respond to rapidly changing market signals and consumer demand. The art and science of figuring this out and getting it right is not for the faint of heart. The multi-echelon supply chain is conceptually simple, but its realization and execution is challenging and difficult. So, what is omnichannel fulfillment anyway? Definitions vary and are certainly customizable, depending on whoâ&#x20AC;&#x2122;s making the case. The below diagram presents a simplified vision of one version. The basic objective is to both reach the end-user most effectively and improve the customer experience by whatever means works best for your given market. Few mastered the art, although many are trying. There is fairly

compelling and clear evidence that the traditional brick-and-mortar retailer faces an uphill battle in the wake of an onslaught from multiple dimensions. On the other hand, there are those who believe pure-play online retailing is unsustainable over the long haul. That suggests that some form of hybrid model may win out, but what would it look like? Clearly, the model for grocery looks quite a bit different from the model for auto parts or apparel. Probably the biggest single challenge grocers face that is unique to them is approximately 50 percent of their sales revenue stems from produce. Perishable product does not lend itself to the same sort of handling that works for bedding, shoes, TVs or furniture.

The Agile, Nimble, Multi-Echelon Supply Chain:

OMNI-CHANNEL FULFILLMENT Transload/ X-Dock

What is the optimum flow-path blend to achieve peak performance? Store DC

Store

Supplier

Customer

Direct-Ship Vendor Supplier 28

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_28-29_Warehousing CM RG.indd 28

RDC

5/17/16 11:01 AM

WAREHOUSING

R FAST-MOVING FAD? One of the key advantages grocery operators do have over other retailers is their density in large metropolitan areas. One of the reasons Amazon is looking to establish warehousing capabilities in densely populated areas

management, and supply chain planning and execution technology to pull it off. It also requires comprehensive connectivity with all trading partners up and down the line, from growers to packers to canners and distributors to

CRITICAL TO SUCCESS IS DEVELOPING THE PROPER STRATEGY AND ROADMAP FOR EXECUTION, AND THEN TESTING IT IN A KEY MARKET OR TWO BEFORE INTRODUCING A MAJOR LAUNCH. is so it can readily offer same-day delivery. This requires an intimacy and closeness with the target market that simply isn’t possible from national and regional fulfillment centers. Where there may be one or two Macy’s or Nordstroms, a Metroplex like Boston lists 20 Stop & Shop stores. So the physical presence lends itself to a different fulfillment model, which—in addition to the common in-store pickup—may include home delivery, and a hybrid model of online ordering and drive-through pickup. The delivery model, though, is the easier equation to solve. Supporting a multi-channel delivery model requires a nimble, agile supply chain, and the attendant order

transportation companies and all of the in-house distribution centers, stores and delivery fleets. Solving the produce challenge is probably obstacle No. 1 for most grocery retailers. Multiple handlings and time in transit are the enemies of freshness. And, while people may blame the cookie, cereal or dairy producer for stale or out-of-date product, they almost always blame the store for failures in the produce department. This is critical to get right all the time. Network modeling, using very sophisticated analytical tools employed by skilled and experienced modelers, usually third-party consultants, is frequently deployed to determine how a service network should be

Where competitors meet

structured to optimize results from both a cost and customer impact standpoint. Combining network modeling capabilities with data gleaned from customer surveys to determine key preferences in terms of buying behaviors, attractive product assortment, delivery preferences, and drive-time limits can help inform the strategic approach to the scope and scale of multi-channel fulfillment. Critical to success is developing the proper strategy and roadmap for execution, and then testing it in a key market or two before introducing a major launch. This requires an informed and data-driven understanding of the customer base, buying habits and preferences, which are not the same in every market. Taking the first step requires those basic elements, and a vision of what the to-be model may look like and the gaps that need to be closed from the current as-is state to achieve the objective. Properly planned and executed, flexible fulfillment models can help transform an organization from an also-ran or one-of-the-pack into an industry leader. In the final analysis, it’s all about finding the right model and then executing flawlessly. ABOUT THE AUTHOR BROOKS BENTZ is the president of Transplace Consulting Services.

We Sell Surplus Assets

Building New Markets | Competitive Bidding Events | Increase Revenue Contact us now for a no obligation consultation on what COMPETIBID and our competitive bidding process can do for you.

SDC0516_28-29_Warehousing CM RG.indd 29

www.COMPETIBID.com | 314.591.5678

5/17/16 11:01 AM

EXECUTIVE FOCUS

{ SOFTWARE & TECH}

By Ronnie Garrett

MONEY, MONEY, MONEY Companies can keep payment information secure as it travels the information highway

iza Minnelli once crooned, “Money makes the world go ‘round.” But did you ever think about what it takes to get money around the world? On the surface, the payment ecosystem seems simple; it’s a system of hardware and software that transfers money from payer to payee. But dig in a little deeper and this simplicity erodes to expose a more complicated journey that moves money from one party to another across the information highway. Every company operates a payment system, whether it exists for general financial transactions or for consumer

purchases. And, in every case, several entities are involved in processing payments from start to finish. It begins with cardholders and their credit cards, then moves to merchants and point-ofsale (POS) systems, card brands, issuing banks and card processors. All of the systems connect to the Internet, making them an attractive target to hackers. With IBM’s 10th annual “Cost of a Data Breach Study” finding that the average consolidated total cost of a data breach is $3.8 million, it behooves all companies to invest in properly protecting payment processing.

data breaches by the

According to the Payment Card Industry (PCI) Security Standards Council, companies cannot not store cardholder data without encrypting it, and must protect card readers, POS systems, networks and wireless access routers, payment card data storage and transmission, payment card data stored in paper records, and online payment applications and shopping carts from hackers. The PCI standard then details how companies can harden these systems to cyberattacks. “Adhering to PCI standards, if nothing else, is a great start to protect your business,” states Paul Hirschorn, chief technology officer of PEX Card, a firm that offers prepaid debit cards to businesses seeking to control spend. On the flip side, Sam Kassoumeh, COO and cofounder of SecurityScorecard, a security rating platform, cautions that companies engaging in compliance-driven security

numbers

$52,000 to $87,000 The average cost of 1,000 records of breach

49%

Percentage of breaches caused by a malicious attack

The percentage of breaches that take several days to contain

38%

69%

The percentage of consumers saying an organization’s security breach would make them less inclined to shop there (Source: “The Real Cost of a Data Breach” by Heartland Payment Systems Inc.)

AN EYE ON PCI

and little else put themselves at risk. “A company should never ... [solely] use PCI controls to govern how they do business across the industry and in their organization,” he says. He suggests companies engage in security-driven compliance. That is, do whatever it takes to secure data, even if it goes beyond what PCI requires. When companies engage in security-driven compliance and have a mature security program, they can generally meet PCI guidelines because they’re already doing more than the standard requires. There are several nationally recognized security standards provided by the National Institute of Standards and Technology and the International Standards Organization that also provide best practices for mature security programs.

STEPS TO SECURITY The first step is designating an employee or team to oversee payment card information. “This is a key function that every company must have,” Kassoumeh says. “It always starts with the people who have the expertise to ensure the security; if you don’t have the people, there is no system you can buy, and no amount of money you can spend, that can keep the data secure.” This security team must fully understand the company’s payment ecosystem. When credit card numbers are swiped, where do they go? What data centers do they pass through? Is the information encrypted or decrypted on its journey? This knowledge helps guide the level of encryption the data requires. PCI Standard Section 3.5 provides guidance on protecting credit card and cardholder data. Kassoumeh explains this section talks about encrypting data

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_30-31_SoftTech RG CM.indd 30

5/16/16 10:57 AM

SUPPLY CHAIN SECURITY SCORES While most cybersecurity experts know the security posture within the four walls of their own organization, they often lack knowledge of their vendors, third-party partners or supply chain partners’ security systems. To gauge the security of their business partners, many companies employ a pen-and-paper questionnaire that asks things like: Do you have antivirus software? Do you have firewalls? Do you train employees on security awareness? “All of these questions are important to ask, but it’s hard to validate that information because you don’t have insight into your partner’s security,” states Sam Kassoumeh, COO and cofounder of SecurityScorecard.

at rest, and giving only a few employees (called custodians in the standard) the ability to encrypt and decrypt the information. It also recommends that companies segregate this data. “If a credit card number transits through my corporate office, then my satellite offices, then to a payment center and finally the payment card processor, that’s a pretty large footprint, and I have to ensure that entire footprint meets PCI standards,” he says. “The companies that do it best have a small data center that is segregated and has higher, more restrictive security controls than the rest of the company’s network.” He also recommends placing data in an area that is less obvious to hackers. For example, if Data Center A is a firm’s usual data center, the company may elect to store information in another location. “Segregate it, ensure it’s encrypted, and have a short list of administrators that protect and monitor the data, and that’s just for data at rest,” he says. When in transit, encryption methods must be stronger; at minimum, companies need to use Transport Layer Security (TLS) 1.1 or greater. “There are various encryption strengths that you can be using. Advanced Encryption Standard (AES)-256 is on the strong end of the spectrum, but you can do better than that,” says Hirschorn. PCI council and other security firms recommend TLS 1.2, and cutover to TLS 1.1 or 1.2 is required by June 30. Keeping security patches updated is also critical. If a card processor uses software to encrypt and protect credit card data, but runs version 4.0 when 5.0 is available and has additional security controls, then the system is vulnerable. “If a system is using an old cryptographic library, that’s when we start seeing problems,” Kassoumeh says. Periodic third-party penetration

He explains traditional security tests are intensive and invasive because they simulate a hacker attack. “Companies can continuously run them on their own networks, but they can’t run them on their partner’s infrastructure,” he says. Kassoumeh, who has led security compliance teams in the automotive, manufacturing, retail, technology and payment card industries, formed SecurityScorecard, a company that assesses an organization’s security risk and security hygiene, to solve this problem. SecurityScorecard noninvasively ssesses a company’s cybersecurity posture by using proprietary sensors to crawl the Internet looking for cybersecurity risks. Some risk are easy to identify, such as a leaked employee password or negative tweets from employees. SecurityScorecard also identifies more sophisticated vulnerabilities by reverse engineering malware and building servers to see if malicious actors are attacking a company’s networks. The compilation of SecurityScorecard’s efforts is a security rating for a company. This rating benchmarks companies performance to their industry—to understand how their security performance ranks to similar-sized peers. SecurityScorecard shares these ratings with subscribers hoping to learn more about the cybersecurity risk of their business partners.

testing comes next. In other words, hire white-hat hackers to exploit the system. “PCI mandates it for companies processing 20,000+ credit cards a year, but it’s a worthwhile endeavor for any company. It’s important to know what your weaknesses are before hackers figure them out,” states Kassoumeh. Regular and continuous monitoring should occur between penetration tests. Employ intrusion detection systems to look for unusual activity and notify network administrators when such events occur.

PREVENT PEOPLE PROBLEMS The final step in securing the payment ecosystem is educating employees, who must be familiar with the whys and hows of protecting payment information to meet PCI

SDC0516_30-31_SoftTech RG CM.indd 31

requirements. Kassoumeh stresses that meeting PCI guidelines without educating employees has little impact on cybersecurity. He recommends classifying company data and assigning it risk ratings, then communicating these ratings to all employees so they know the classification of the information they work with and the level of care required to keep it secure. Employee education makes it easier for IT professionals to show executives why there must be an adequate budget for PCI compliance. “It becomes a frictionless conversation because the entire team is unified,” Kassoumeh says. “Executives handle sensitive information, too. When you educate them, it puts security on their radar in a way they can understand it.”

SDCExec.com | May 2016 | SUPPLY & DEMAND CHAIN EXECUTIVE

5/16/16 10:57 AM

EXECUTIVE FOCUS

{ PROFESSIONAL DEVELOPMENT}

By Ronnie Garrett

THE SUPPLY CHAIN’S

WEAKEST LINK

Persistent people problems loom as supply chain’s talent shortage widens

f the definition of great divide is “a distinction regarded as significant and very difficult to ignore,” then the supply chain is facing one of epic proportions. There is a looming people problem that may aptly be described as supply chain’s weakest link. Two years ago, the Material Handling Institute (MHI) logistics trade group reported the supply chain would need to fill 1.4 million new jobs by 2018. That number inflates further when openings created by retiring baby boomers are factored in. “It’s important to note that there is not a skills shortage, however, but a

by the

numbers Respondents reporting a need for strategic thinking and problem-solving skills in supply chain managers

74%

Respondents who reported being extremely or very confident that their supply chain organization has the competencies it needs today

38%

Respondents reporting difficulty recruiting senior leadership for supply chains

71%

Source: Deloitte’s third annual supply chain survey

talent shortage,” stresses Tania Seary, founder of Procurious, a business network for procurement and supply chain professionals. “We need people who can walk and chew gum—that is, they need to be able to fulfill the technical aspects of the role while also being able to engage stakeholders.” Seary adds that supply chain management requires a “dynamic professional with a commitment to innovation who challenges the norm; plans for the future; thinks strategically; and understands corporate social responsibility and political issues like trade, taxation and customs; and builds and manages relationships.” Without supply chain leaders, company innovation runs the risk of moving from running to a slow crawl. “Companies … need to infuse new ideas and different approaches into the status quo with rising talent who have been exposed to future trends like Big Data, the Internet of Things and other technological breakthroughs,” reports Sue Steele, senior vice president of global supply management for Jacobs, a provider of industrial maintenance, fabrication, construction and maintenance management technology. As the chasm widens, another issue comes to light—the supply chain has an image problem. While there is a wide breadth and depth of opportunities, college grads seek out opportunities in other areas, viewing supply chain management as just the math behind shipping and receiving.

Nancy Nix, executive director of AWESOME, which stands for Advancing Women Leaders in Supply Chain Operations, Management and Education, agrees: “They see careers in marketing and finance as sexy, and tend to equate careers in supply chain as ‘get your hands dirty, operational kinds of stuff.’ ” But Nix stresses, “It’s so much more.” As AWESOME executive director and a former professor of supply chain practice at Texas Christian University’s Neeley School of Business, Nix says she used to tell students the following to attract them to supply chain careers: “If you love to work with people instead of just at a computer, think about supply chain. If you want to see outside the four walls of a company and really understand how a business operates, think about supply chain. If you want to see the results of what you do every day and know you’re making a difference, think about supply chain. If you want to learn about different countries and cultures, think about supply chain.”

CAMP OUT ON CAMPUS Some companies are ahead of the pending labor crunch. Take Mattel Inc. This toy manufacturer, which does 50 percent of its manufacturing in house, made national headlines recently with its method of attracting people to the supply chain. Mattel Chief Supply Chain Officer Peter Gibbons told The Wall Street Journal, “Finding really good people who’ve been there and done it before is a challenge.” To clear this hurdle,

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_32-33_ProfDev RG CM.indd 32

5/16/16 11:04 AM

PROFESSIONAL DEVELOPMENT

the company began hiring workers directly from supply chain and business programs, then providing training and opportunities designed to mold them into supply chain leaders. The company diversifies worker experience by shifting employees around to different roles and departments early in their careers. The idea behind Mattel’s program is that familiarity with the supply chain helps drive interest in its work. Nix advises companies to follow Mattel’s lead and attract students to the supply chain long before graduation. They need to identify with the supply chain “early in their academic careers before they are too far down the pipeline of courses they need to take,” she says.

degree programs and connect with the rising stars within them. Internships can also build supply chain’s reputation. “We are doing more recruiting, and offering internships to women and men before they graduate so they can see what it’s like to work in a supply chain role,” says Steele.

or a role managing relationships with external suppliers,” Nix says. “Many skills are transferable; you just need the right process in place to give them the training they need to understand the context within you want them to operate.”

THE TALENT WITHIN

To win the talent war, companies need to attract potential employees by engaging with future candidates on the platform they use most: social media. Seary says many companies need to upgrade their online presence to improve supply chain’s image. “By creating and maintaining fresh and dynamic Facebook, Twitter and Google+ company profiles, we can open the door for new recruits to our profession,” says Seary, adding that potential employees base their opinions on word of mouth, social groups and online presence. Creating and maintaining a fresh social media presence attracts new employees by giving them an opportunity to easily get to know the company, its products and its services. It also gives potential employees a way to interact and network with current employees. “You have to be there [in social media], and be responsive and engaging,” Seary says. “If you want to win the war for talent tomorrow, you need to be looking at how you use social media today.”

ADVERTISER INDEX

CenterPoint Properties........................ 21 www.centerpoint.com CLX Logistics LLC.................................... 2 www.clxlogistics.com CompetiBid............................................ 29 www.competibid.com Emirates SkyCargo............................... 36 www.skycargo.com

Other company departments and competing firms also offer a plentiful talent pool. Sometimes potential supply chain leaders already exist within a company in a different role. “We need to tap into the hidden market—those employees who are happily engaged in their day job rising up through the ranks of their existing employer … We want the stars, “[College students] see careers in the people whose marketing and finance as sexy, and tend to bosses stay awake equate careers in supply chain as ‘get your at night worrying about them hands dirty, operational kinds of stuff.’”— leaving,” says Seary. Nix advises being NANCY NIX, EXECUTIVE DIRECTOR, AWESOME open to looking Steele sees hope on the horizon as at candidates with skillsets outside the more U.S. colleges and universities supply chain function. Companies can begin to offer supply management hire these individuals and train them undergraduate and graduate programs. in supply chain skills. If a candidate’s The time is ripe for companies experience is in marketing, for example, to partner with these burgeoning he or she has strengths in managing programs, adds Nix. Companies can relationships, collaborating, negotiating collaborate with local universities to and networking. “[He or she] might be further the success of supply chain a great candidate for a purchasing role

ADVERTISER........................PAGE NUMBER Avetta, formerly PICS Auditing............ 9 www.avetta.com BSI Supply Chain Solutions................ 20 www.bsi-supplychainsolutions.com

SDC0516_32-33_ProfDev RG CM.indd 33

SEEK OUT SOCIAL MEDIA

GT Nexus..........................................12, 13 www.gtnexus.com LeanLogistics Inc.................................. 25 www.leanlogistics.com Old Dominion Freight Line Inc....16, 17 www.odfl.com UPS Capital®............................................ 5 www.upscapital.com

SDCExec.com | May 2016 | SUPPLY & DEMAND CHAIN EXECUTIVE

5/16/16 11:04 AM

WORK HARD, By Carrie Mantey

A BIRD’S EYE VIEW

Mike Derge flocks to the sky as a canopy pilot (or skydiver) after a long, hard day’s work in the supply chain

s the vice president of information technology (IT) at West Chester Protective Gear—a protective gear provider for industrial, retail and welding markets—Mike Derge is very involved in the supply chain. But that doesn’t mean he never gets out from behind the screen. While he takes his career seriously, being in charge of the company’s SAP enterprise-level solution, which handles the majority of its inbound and outbound supply chain, you could say he is winging it in his off hours. That is, he skydives in his free time, admittedly being a bit of a thrill-seeker. Derge did a tandem jump (which means he was harnessed to a licensed instructor) in college in 1978; his second jump was in 2012. All it took was seeing an ad for a drop zone opening up within proximity and he realized it was kismet to skydive again postcollege. “For the last four years, I’ve been jumping actively almost every week. I accumulated over 530 jumps. I’m at a D license-level coach rating [one of the higher licenses you can get] and doing a lot of fun activities,” including formation skydiving, which consists of a group of skydivers connecting mid-freefall to create stunning sky arrangements with their bodies. While Derge started skydiving for the adrenaline rush, he continues to do so because of the people. “Skydivers are typically successful Type A people who are fun, outgoing, honest and trustworthy. You get the feeling they have your back, you have their back, 34

and it’s very teamdriven. It’s getting better, but I wish the supply chain was as teamdriven and collaborative as skydiving. You get so much more accomplished with teamwork, but it’s awfully hard. I have no way of artificially creating teamwork. It’s one of the more difficult parts of the supply chain.” So, what’s it like? “The first five seconds is sensory overload,” according to Derge. “Your body kind of shuts

down, but after that, you’re just conscious of floating in the air. I was a scuba instructor for about 15 years and enjoy floating in the water. When you’re in the water, you kind of feel like you’re flying, and when you’re flying, you kind of feel like you’re floating. It’s very relaxing once you get over the fact that you’re plummeting to your death.”

WHERE SKYDIVING AND SUPPLY CHAIN CONVERGE “Skydiving involves paying attention to detail, as does my profession, because a simple oversight can cause a major mistake. [West Chester] participates in electronic data interchange (EDI) with many of our customers. A simple mistake can cost tens of thousands of dollars in a single day for noncompliance chargebacks from our customers,” which include the likes of The Home Depot, Lowe’s, Kmart and Walmart. In both skydiving and IT, “You have to pay attention to detail and make sure it’s right 100 percent of the time,” he continues. “You can’t take anything for granted, and you have to check and double-check, and make sure that everything works exactly as it should. That’s very true in the IT part of the supply chain. A simple mistake in skydiving can have even worse effects.”

SUPPLY & DEMAND CHAIN EXECUTIVE | May 2016 | SDCExec.com

SDC0516_34-36_WorkHard CM RG.indd 34

5/17/16 1:15 PM

expert tip:

2016 Educational Webinar Series DETAILS & REGISTRATION: S D C E X E C . C O M / W E B I N A R S T I M E : 1 :0 0 P M E T / N O O N C T / 11:00 A M MT / 10:00 A M P T

AT T E N D F O R F R E E T H A N K S T O O U R S P O N S O R S

June 22 May 26

Automating the Warehouse _________________ Sponsored by:

The Sharing Economy Meets the B2B World _________________

August 10

September 14

Predictive Cargo Theft Analytics for and Security Demand Planning _________________ Sponsored by: _________________ Sponsored by:

Some are calling it the â&#x20AC;&#x153;Uberizationâ&#x20AC;? of supply chain. It can be a moneysaver and game-changer, especially for warehouses and transportation. This webinar will discuss the plusses and minuses of this trend.

ON-DEMAND WEBINARS

SDCEXEC.COM/ WEBINARS

December 14

New Trends in Global Trade Yard Management Finance _________________

_________________

Procurement and the Business Network