An agile storage space is an efficient one
Warehouse environments, typically known as ‘storage cubes’, can help improve supplier service levels if available space is used efficiently. This requires a balance to be struck between storing a large amount of products while ensuring that they can be retrieved quickly. The fast-moving demands of modern buyers require speedy delivery so it is essential that warehouse efforts meet this need head on by incorporating inventive layout and storage methods.
One size does not fit all
Investing time into devising customised space management solutions that match product types and the rate at which they’re required, is important. Simply cramming all available space with stock can be counterproductive as this can create access problems. Instead, suppliers should ensure the most popular items can be quickly accessed, as well as maintaining the volumes of stock required to meet demand.
Take a process-driven approach
Achieving this balance requires suppliers to understand the specific mix of inventory that is housed within the space, as well as the expected level of activity. This allows for products to be stored within specific aisles on the basis of order frequency. The approach works by using wider aisles for popular product lines – as this allows for quicker access – and very narrow aisles (VNAs) for items that are only purchased from time to time. For faster moving items, mechanised or automated picking systems can help further increase order turnaround times.
Although this approach brings obvious benefits in terms of driving efficiencies and servicing customers, a well-ordered and optimised warehouse can also help vendors to develop additional revenue streams. For example, banks and other large corporates often use parts of their suppliers’ warehouse spaces as stockrooms for their own inventory, that are then delivered to their branches or sites at regular intervals. However, this kind of value-added service only becomes possible where the wider warehouse space has been used resourcefully.
Remodeling the space
There are a number of ways in which an existing storage space can be optimised to improve efficiencies and output. Creating mezzanine floors adds much-needed floor space without having to overcrowd existing areas. However, where new floors have been created, it is important to manage this new space with the same level of efficiency as other areas of the warehouse, for example, by using the aisle-specific approach outlined above.
Technology can help create a vision
Although individual requirements throughout the storage cube may seem difficult to co-ordinate at first sight, CAD and 3D modeling can bring all these together into one seamless design. It does this by overlaying possible solutions to the existing warehouse and allowing amendments or manipulations to be made electronically, before committing to any kind of physical renovation of the space. In this way, the most effective layout can be closely analysed and decided on without making a full commitment.
It is crucial to see the warehouse as a strategic tool that can directly benefit service levels if it is planned in the right way. Subsequently, if the need for change and improvement is not recognised, investigated and actioned, there is a real risk of this stage of the customer journey dragging overall service levels down and losing out to the competition in the process. By seeing the warehouse as a USP that facilitates excellent customer service from the outset, suppliers are much more likely to continuously improve both the space and their long-term prospects.
Mike McCreesh is VP supply chain UK & Ireland at Office Depot
Google and NIST Address Supply Chain Cybersecurity
As high-level supply chain attacks hit the news, Google and the U.S. National Institute of Standards and Technology (NIST) have both developed proposals for how to address software supply chain security. This isn’t a new field, unfortunately. Since supply chains are a critical part of business resilience, criminals have no qualms about targeting its software. That’s why identifying, assessing, and mitigating cyber supply chain risks (C-SCRM) is at the top of Google and NIST’s respective agendas.
High-Profile Supply Chain Attacks
According to Google, no comprehensive end-to-end framework exists to mitigate threats across the software supply chain. [Yet] ‘there is an urgent need for a solution in the face of the eye-opening, multi-billion-dollar attacks in recent months...some of which could have been prevented or made more difficult’.
Here are several of the largest cybersecurity failures in recent months:
- SolarWinds. Alleged Russian hackers slipped malicious code into a routine software update, which they then used as a Trojan horse for a massive cyberattack.
- Codecov. Attackers used automation to collect credentials and raid ‘additional resources’, such as data from other software development vendors.
- Malicious attacks on open-source repositories. Out of 1,000 GitHub accounts, more than one in five contained at least one dependency confusion-related misconfiguration.
As a result of these attacks and Biden’s recent cybersecurity mandate, NIST and Google took action. NIST held a 1,400-person workshop and published 150 papers worth of recommendations from Microsoft, Synopsys, The Linux Foundation, and other software experts; Google will work with popular source, build, and packaging platforms to help companies implement and excel at their SLSA framework.
What Are Their Recommendations?
Here’s a quick recap: NIST has grouped together recommendations to create federal standards; Google has developed an end-to-end framework called Supply Chain Levels for Software Artifacts (SLSA)—pronounced “Salsa”. Both address software procurement and security.
Now, here’s the slightly more in-depth version:
- NIST. The organisation wants more ‘rigorous and predictable’ ways to secure critical software. They suggest that firms use vulnerability disclosure programmes (VDP) and software bills of materials (SBOM), consider simplifying their software and give at least one developer per project security training.
- Google. The company thinks that SLSA will encompass the source-build-publish software workflow. Essentially, the four-level framework helps businesses make informed choices about the security of the software they use, with SLSA 4 representing an ideal end state.
If this all sounds very abstract, consider the recent SolarWinds attack. The attacker compromised the build platform, installed an implant, and injected malicious behaviour during each build. According to Google, higher SLSA levels would have required stronger security controls for the build platform, making it more difficult for the attacker to succeed.
How Do The Proposals Differ?
As Brian Fox, the co-founder and CTO at Sonatype, sees it, NIST and Google have created proposals that complement each other. ‘The NIST [version] is focused on defining minimum requirements for software sold to the government’, he explained, while Google ‘goes [further] and proposes a specific model for scoring the supply chain. NIST is currently focused on the “what”. Google, along with other industry leaders, is grappling with the “how”’.