Switching from a "Just in Time" delivery system should include planning ahead

Switching from a “Just in Time” delivery system should include planning ahead

As it becomes clear that some things will never again be the same after the global coronavirus pandemic, it is time to prepare for the future. The cybersecurity implications of upcoming changes will be most noticeable in organizations that rely on security models like the software defined perimeter.

The software defined perimeter is a model closely related to the zero trust framework, in which users must authenticate themselves first before accessing any company-sensitive documents or on-site information. Connectivity in the software defined perimeter is based on the premise that each device and identity must be verified before being granted access to the network.

Below, we explore why unexpected demand spikes may force organizations to reconsider their “Just in Time” delivery networks. But remember, a switch from one system brings questions about any new one.

Just in time delivery

As an example of the changes we can expect, let’s assume that after the coronavirus pandemic, some organizations will transition away from the Just In Time (JIT) delivery system they used when their supply lines began diminishing.

Just In Time delivery systems provide goods as orders come in, allowing for a lean, at-need production process with little to no surplus. But as we’ve recently seen, these types of systems are vulnerable to sudden peaks in demand, as depleting supply chains have already hit several industries, with the most poignant victim being healthcare. Hospitals, clinics, and medical centers around the world have quickly run of masks, hand sanitizer, and ventilators in the months since COVID-19 struck.

Many stores, both brick-and-mortar and web shops, have already faced the same problem. Soon after China applied its regional quarantine, global supply chains took a hit, with some businesses impacted sooner than others. It makes a big difference whether your goods come per container or air freight in terms of how soon your line could dry up.

How we need a constant stream of goods

To western economies, a continuous flow of goods and components is of the utmost importance. We regard transport and logistics as vital infrastructure for compelling reasons. Many of our factories depend on components made on the other side of the globe, and consumers recently learned just how many of their daily products originate from Asia. It’s not just electronics, toys, and clothing being made elsewhere, but also a lot of car parts, tools, and condoms.

One way to solve this problem for the next lock-down (which is a possibility, depending on how local governments decide to “open up” their economies) is to decentralize the origin of products that we can’t afford to miss. But by market standards, goods are often produced wherever labor is cheapest, and spreading production would increase price. In some cases, consumers might be willing to pay a higher price for locally produced goods. In other cases, trade restrictions could drive up the price for goods produced abroad. In both cases, the supply lines would get shorter and gain stronger defenses to interruption.

Just in Time inventory management saves money by minimizing the necessary amount of storage room and by limiting goods going to waste because they go over the expiration date. What you need to realize is that you are not solving this problem, you are just moving it to your logistics partner, who may be better equipped to handle it as they probably do it for many others. And in turn they rely on other shipping and production companies to keep their stocks at a level which allows them to satisfy the needs of their customers.

Now that organizations have learned that a broken link in the supply chain can have drastic results for those at the end of the line, the question is whether this system can be used for every type of good, or whether we need to prioritize between essential goods and those we can afford to miss for a while.

Different software

Switching to another inventory system requires another type of software. Where JIT inventory management may be as simple as sending out an order to the logistics partner—whether it’s yours or the one of your supplier is not really relevant—keeping your own inventory requires a different approach. Countless goods have expiration dates, and not just food and drugs. Some other products also lose their usefulness over time. Others may even lose their value, or the cost to produce them may drop rapidly compared to other products.

Different software comes with a bunch of question, mainly related to security:

  • Who needs access?
  • What will be the permissions of the software itself?
  • How are we going to manage (remote) accessibility?
  • Do we anticipate any compliance issues?
  • How did the software perform during security testing?
  • What will be the procedure during transition?
  • How will this influence my software defined perimeter?

Most of the time, simple stock-keeping software should be less complicated than Just-In-Time inventory management, so it may be a good time to rethink some of the settings you have chosen while you were still using JIT. Even when you end up using a mix of both systems (as many organizations do) the time of change is typically a good time to reconsider choices made in the past. Nobody may have reviewed them because they simply worked. But that doesn’t necessarily mean that they were the optimal choices.

Most of the questions above speak for themselves but will need to be answered on a case by case basis.


Recommended reading: Explained: the strengths and weaknesses of the Zero Trust model


Software defined perimeter

As you may have expected, the software defined perimeter is a security model which is often used in combination with cloud-based software or when remote access to on-premise applications is needed. The software defined perimeter finds its base in the Zero Trust model and divides network access into small segments by establishing direct connections between users and the resources they access.

Logic dictates that when you switch from JIT to a more local inventory this will impact the software defined perimeter. In the JIT system you can expect outbound connections to be established that control the flow of needed goods into the organization. In a system based on local storage, you may see more requests from remote workers to check up on the state of the inventory.

If you this type of change will not affect your organization, there are many other changes that might be caused or ramped up by this crisis. So, it might be beneficial to try and plan ahead. A prepared organization doesn’t get caught by surprise.

Stay safe!

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.