Manufacturers: You need greater security for operational resilience
- Posted on September 8, 2021
- Estimated reading time 5 minutes
Operational resiliency for manufacturing companies is an ongoing challenge. Most recently, that challenge has been heightened by COVID-19’s impact on supply chain interruptions, impacts on workforce safety and support in a hybrid work environment. These factors have led to reduced production capacity, as well as poor customer sales, service and engagement.
Around 94% of Fortune 1,000 companies experienced supply chain disruptions due to COVID-19 and, by 2027, half of all S&P 500 companies may no longer exist. Nine out of 10 executives say that to be more resilient, they need to fast-forward their enablement with digital tools, becoming data-driven with cloud at their core. Organizations that were digitally prepared for the pandemic had an advantage in navigating the unprecedented terrain; those that were not are either emerging much curtailed or are not emerging at all.
What disruptive events are next?
Resilient companies are those whose supply chains offer both global and local choices, those who are open to fast supply of fresh talent, those who share data and information with customers and suppliers, and those who offer their customers a range of choices for sales and service. None of these are one-time choices or implementation projects. They must be based on a state of digital maturity, continually updated, to diversify operations and revenue streams across multiple ecosystems. In this way, whatever the next “black swan” event is – force majeure, cyber-warfare, ransomware, physical attack – the digitally mature company can pivot and keep delivering in order to survive and thrive.
This very openness is precisely why manufacturers need to rethink every aspect of their core operations for security – confidentiality, integrity and availability (CIA) are all essential for resilience. In fact, governments around the world are demanding manufacturers of all types adhere to additional levels of compliance in all these areas to keep their countries buoyant during crises.
However, many manufacturers lack the in-house security expertise and resources to deal with constantly growing, evolving and fast-moving threats. Manufacturers also must meet a large and increasingly complex set of global compliance requirements. And as if that weren’t enough, manufacturers who’ve avoided systemic testing of their mission-critical, money-making and emerging digital systems for fear of what they might find, now find themselves playing catch-up, big time.
Nor can these companies relax after transforming to secure their enterprises. As manufacturers become increasingly engaged with their customers (to deliver personalized and “always-on” product-as-a-service offerings) supply chains and partners (to enable those more-complex offerings at peak efficiency), the source of threats extends across the entire third-party ecosystem and their revised hybrid-location workforce. Transformation is no longer enough – manufacturers need to ensure they can continually change if they are to remain resilient.
Governance and culture in a world of continuous change
Big-bang projects or lengthy transformation programs won’t do it, potentially taking years to implement, becoming out of date upon implementation and often being treated as a reaction or one-time event. Instead, resilience implementation should be a shift in culture through a process of continual improvement and innovation. It should be based on short iterations with clear direction, addressing issues and building out capabilities in turn, with due consideration for threats as they arise.
Strong steering and governance should guide those steps, ensuring that the manufacturer’s journey toward greater resilience and security moves in a consistent direction. It should include processes, systems and data within the end-to-end supply chain from sourcing to production, delivery and service and include all third-party risk. It is a great opportunity to remove final barriers to IT/OT convergence as new threats emerge across both domains.
Cultural change is also required to embed the idea that it is now everyone’s responsibility, not solely security professionals, to secure the enterprise, ensure data integrity, confidentiality and build trusted operations.
Organizational change management and training are needed to ensure that the technology and digital enablement shifts, cultural change and new procedures are activated in a newly motivated and aware workforce.
Getting from here to there
With so many dimensions to keep track of, and so many differing C-suite perspectives to accommodate, manufacturers might have a hard time knowing how to get from here to there. Here are four starting steps that we often find appropriate:
- Conduct a thorough assessment of current safeguards and risks around your operations – and an audit against new compliance requirements. Work collaboratively with partners and vendors to include them in your assessment. Identify emerging threats and needs from new manufacturing technologies, decentralized manufacturing facilities, contract manufacturing, and more.
- Plan for the convergence of IT and OT to align manufacturing and product-as-a-service requirements and goals with your security strategy. Ensure top-to-bottom convergence by bringing together your CISO, CIO and COO (or Chief Manufacturing or Production Officer) with their differing perspectives. Factor in customer and supplier contractual obligations and compliance requirements.
- Consider your implementation strategy. Can you carry out your complex assessments, planning, and implementation projects with the staffing and skills you already have or will you require additional expertise? If the latter, confirm that your outside resource will work collaboratively with you, minimizing the need for expensive and time-consuming re-work.
- Governance. Governance. Governance. Your all-important governance program must span IT and OT, internal operations and the end-to-end supply chain, centralized facilities and remote operations.
Most manufacturers will benefit from most or all of these steps, but you need a plan and implementation program that’s customized for you. Avanade can help. Avanade has a massive knowledgebase, a distinctive approach based on our years of collaboration with manufacturers worldwide and more than 3,000 manufacturing specialists. This year, Avanade and Accenture were named the 2021 Microsoft Global Alliance SI Partner of the Year for the 16th time, as well as the Automotive Partner of the Year, a finalist for Manufacturing Partner of the Year, and Microsoft Security 20/20 Winner for Zero Trust champion – SI.