May 17, 2020

Expert advice: addressing the shift to e-fulfilment

CEVA Logistics
Ecommerce
e-fulfilment
supply chain agilit
Freddie Pierce
4 min
CEVA offer an e-solution
Written by: Inna Kuznetsova, Chief Commercial Officer, CEVA Logistics Here is a scenario: You order your goods, pay and get information on when your pa...

Written by: Inna Kuznetsova, Chief Commercial Officer, CEVA Logistics

Here is a scenario: You order your goods, pay and get information on when your package will be delivered. A day or more later your package arrives, perfectly on time, not only on the right day but also within your chosen time slot. After opening, everything that you ordered is there, properly packed and in perfect condition.  Perhaps you change your mind, or the clothes you’ve picked don’t fit properly, so you want to return something; you find a return label is enclosed.

This is exactly how execution of an online purchase should be. The customer is happy and the supplier is too. After such a smooth purchasing experience there is a good chance that the customer decides to re-order from the same e-shop in the future or recommends it to his or her friends. An ultimately positive end-consumer experience.   

The world’s largest companies now rely more than ever on the agility of their supply chain. In today’s competitive markets the expectations of returns on marketing campaigns spending ride high, the shift in consumer preferences elevates e-commerce as a preferred channel and the spread of social media makes any flaws in customer service highly visible. Supply chain planning and execution becomes a critical component of a successful business selling over the internet.

The rise of e-commerce

In 2012, B2C global e-commerce sales grew 21.1% to top US$1 trillion for the first time, according to new global estimates by eMarketer. This figure was driven by consumers shifting spending from physical stores to retail and travel websites thanks to lower prices, greater convenience, broader selection and richer product information.

Although mail, express and logistics companies are benefitting from the growth of e-commerce, few have developed the sophisticated integrated services which e-retailers demand. Therefore, a large proportion of logistics functions are still performed by a combination of several vendors and in-house coordination, driving up the risks.

This is where a tailored and focused e-fulfilment solution makes an impact. At CEVA, we don’t believe in the one-size-fits-all model and have been working with a range of multinational companies across all sectors from technology to FMCG companies providing tailored e-commerce and e-fulfilment solutions.

Tailoring your fulfilment infrastructure

For example, millions of people all over the world enjoy the art of bodybuilding and a fitness lifestyle to improve their body and health. With over 10 million customers, Bodybuilding.com is the largest internet health supplement wholesaler. We worked with them to rapidly provide the fulfilment infrastructure to meet the needs of their expanding international customer base.

Through our collaboration with Bodybuilding.com we were able to streamline their supply chain management and gained full visibility and control to realize more efficient international order fulfilment for their online retail store.

But as the market constantly changes, the amount of online transactions around the world has been growing exponentially (40% on average per year since 2003) and companies have more complex and specific requirements.

Following this market development, we have newly designed our e-solution and have introduced a new standardised solution that will increase end-consumer satisfaction and create a highly positive online shopping experience.

Forward planning

What we have seen as potentially the biggest progressive shift in creating logistics solutions is forward planning; developing long and short-term strategies and plans that keep your products moving, while keeping the costs down. This means that you’re not just reacting to demand, but also carefully planning all of the elements within your supply chain in advance, especially difficult due to the insatiable demand and accessibility of e-commerce.

In China, we were tasked with improving time-to-market for one of the world’s top three sports apparel manufacturers. With over 300 stores and regional wholesaler distribution centres, we had to develop a solution that would speed up delivery of over 5,000 cartons and 2,000 orders per day.

By implementing a dedicated road linehaul network with fully controlled road fleet, negotiating block space agreements on major commercial airlines’ routes to ensure uplift and devising a professional cross dock operation model within the hub-spoke country-wide transportation system, we were able to increase the desired service level. In this case, time was saved, while also significantly reducing costs.

According to a recent report by Transport Intelligence, Europe’s e-commerce market grew by 12% in 2012, while overall retail sales declined over the same period. The 2012 holiday season in the U.S. may have been the worst for retailers since the 2008 financial crisis, with sales growth was far below expectations. But not for online sales, which continue to grow at a faster pace. According to IBM Digital Analytics Benchmark, on Christmas Day, online sales jumped 22.4 % on YoY basis, which is even higher than in 2011 (16.4%) (Source: Reuters).

This demonstrates that e-commerce is here to stay and that ‘bricks and mortar’ retailers will need to embrace e-commerce and e-fulfilment, and integrate these elements into their supply chain if they are to provide a positive brand and shopping experience for their consumers.

About the Author

Inna Kuznetsova sits on the Executive Board at CEVA Logistics. She is focused on leveraging CEVA’s advanced capabilities in solution design and global account management to build long-term partnerships with customers – jointly driving innovation and helping to achieve long-term goals in costs reductions in Supply Chains. 

Share article

Jun 21, 2021

Google and NIST Address Supply Chain Cybersecurity

Google
NIST
SLSA4
Sonatype
Elise Leise
3 min
The SolarWinds and Codecov cyberattacks reminded companies that software security poses a critical risk. How do we mitigate it?

As high-level supply chain attacks hit the news, Google and the U.S. National Institute of Standards and Technology (NIST) have both developed proposals for how to address software supply chain security. This isn’t a new field, unfortunately. Since supply chains are a critical part of business resilience, criminals have no qualms about targeting its software. That’s why identifying, assessing, and mitigating cyber supply chain risks (C-SCRM) is at the top of Google and NIST’s respective agendas. 

 

High-Profile Supply Chain Attacks 

According to Google, no comprehensive end-to-end framework exists to mitigate threats across the software supply chain. [Yet] ‘there is an urgent need for a solution in the face of the eye-opening, multi-billion-dollar attacks in recent months...some of which could have been prevented or made more difficult’. 

 

Here are several of the largest cybersecurity failures in recent months: 

 

  • SolarWinds. Alleged Russian hackers slipped malicious code into a routine software update, which they then used as a Trojan horse for a massive cyberattack. 
  • Codecov. Attackers used automation to collect credentials and raid ‘additional resources’, such as data from other software development vendors. 
  • Malicious attacks on open-source repositories. Out of 1,000 GitHub accounts, more than one in five contained at least one dependency confusion-related misconfiguration. 

 

As a result of these attacks and Biden’s recent cybersecurity mandate, NIST and Google took action. NIST held a 1,400-person workshop and published 150 papers worth of recommendations from Microsoft, Synopsys, The Linux Foundation, and other software experts; Google will work with popular source, build, and packaging platforms to help companies implement and excel at their SLSA framework

 

What Are Their Recommendations? 

Here’s a quick recap: NIST has grouped together recommendations to create federal standards; Google has developed an end-to-end framework called Supply Chain Levels for Software Artifacts (SLSA)—pronounced “Salsa”. Both address software procurement and security. 

 

Now, here’s the slightly more in-depth version: 

 

  • NIST. The organisation wants more ‘rigorous and predictable’ ways to secure critical software. They suggest that firms use vulnerability disclosure programmes (VDP) and software bills of materials (SBOM), consider simplifying their software and give at least one developer per project security training.
  • Google. The company thinks that SLSA will encompass the source-build-publish software workflow. Essentially, the four-level framework helps businesses make informed choices about the security of the software they use, with SLSA 4 representing an ideal end state. 

 

If this all sounds very abstract, consider the recent SolarWinds attack. The attacker compromised the build platform, installed an implant, and injected malicious behaviour during each build. According to Google, higher SLSA levels would have required stronger security controls for the build platform, making it more difficult for the attacker to succeed. 

 

How Do The Proposals Differ? 

As Brian Fox, the co-founder and CTO at Sonatype, sees it, NIST and Google have created proposals that complement each other. ‘The NIST [version] is focused on defining minimum requirements for software sold to the government’, he explained, while Google ‘goes [further] and proposes a specific model for scoring the supply chain. NIST is currently focused on the “what”. Google, along with other industry leaders, is grappling with the “how”’. 

 

Share article