May 17, 2020

Green is good for business, by DA Systems

Supply Chain Digital
Supply Chain
supply chain news
Logis
Freddie Pierce
4 min
Opportunity for substantial savings
Written by Dave Upton (pictured, right), Managing Director, DA Systems Ltd Investing in ways to become more environmentally friendly is good for busin...

Written by Dave Upton (pictured, right), Managing Director, DA Systems Ltd

dave upton.JPG

Investing in ways to become more environmentally friendly is good for business. It makes financial sense and helps to differentiate transport providers in an increasingly crowded market.

For instance, image conscious retailers looking for an e-commerce delivery partner are more likely to prefer Provider A, who shares their environmental values, than Provider B who has not yet taken steps to minimise environmental impact. This trend directly mirrors consumer behaviour.

According to a recent Eurobarometer survey, 55 percent of consumers say they take time to understand the environmental impact of the products they buy and 77 percent said they would pay a premium for greener goods. It’s inevitable then that this sentiment would follow through to the supply chain and a retailer’s transportation providers for e-commerce.

Environmental impact has always been discussed, yet it is only now, with the advancement of iPads, smartphones, white boards, cloud technology including skydrives to dropbox, all being able to communicate with each other and existing systems, that a truly sustainable approach can be achieved.

Adopting transport technology and with innovations in the mobile world, greener credentials are more attainable than ever; with the ability of SatNav, job scheduling, signature capture working on new devices with NFC and RFID capabilities encased in a more consumerist look and feel than previous rugged enterprise products means greater user adoption, think Honeywell Dolphin Black to Motorola TC55.

So introducing greener working is now a natural progression for the transport and logistics industry to seriously consider. In addition to improving productivity and cost savings, using an electronic proof of delivery system, mobile field service management or a real-time job scheduling and route optimisationsystem for instance, has been shown to have a significant impact on reducing physical costs i.e. of consumables and labour costs. It also has a significant impact on reducing CO2 emissions and the carbon footprint of logistics operators.

The following results demonstrate the savings achieved by a medium sized delivery company, “XYZ Courier Services Ltd” using actual data. “XYZ” operates a cloud based technology system to manage its fleet of 2,000 full time drivers. Before introducing mobile data to its fleet of drivers, the company had to provide each driver with a 15 page printed manifest showing their daily workload and schedule.

Over the course of a year, this amounted to 7,800,000 individual pages, or 15,600 reams of paper. The cost of purchasing paper equates to £55,000, print toner costs amounted to £110,000, which means that over a three year period the company spent half a million just on paper and toner alone.

Although financial savings are a factor in the decision to adopt mobile data that improves greener credentials, there are also carbon costs to appreciate, due to the energy and environmental impact of the printing process. Taking into account the amount of paper produced over a three year period for the paper manifests equated to 648 tonnes of CO2 emissions, which has now been saved.

The transportation of raw materials and finished products are a significant source of carbon emissions in the supply chain. For some companies, logistics can be the primary component of supply chain carbon emissions. The Department of Transport found road transport accounts for 21.7 percent of the UK’s carbon emissions; of that, 19.8 percent is attributable to heavy goods vehicles (HGVs) and 15.2 percent to vans. The government is aiming to position the UK at the global forefront of ultra-low emission vehicle (ULEV) development, manufacture and use, and has a vision for ‘almost every car and van’ to be zero-emission by 2050. Furthermore, by implementing effective route optimisation that ensures the most optimal route is taken by a driver will result in less driven miles and fuel reduction.

What this analysis highlights is that for a mid-sized delivery company, introducing mobile data technology such as ePOD to the drivers has had a significant impact not just by reducing costs, but also by improving the company’s overall carbon footprint. And these cost savings are relevant to smaller and larger organisations alike.

Not only will changing to transportation and logistics partners with greener credentials help meet a company’s corporate social responsibility and environmental policies, by utilising transport technology allows a company to get a clearer picture of deliveries, scheduling, managing peak times; reviewing carbon emissions, driver behaviour -in readable, legible reports based on date and time driven events. This means more power through real-time knowledge transference, without having to sift through volumes of paperwork.

A business can never entirely eliminate its environmental impact, but that should not be a reason to not take advantage of the technology available to reduce it. By having a green approach to your transport fleet helps to achieve positive environmental and financial goals.

About the author

 

David Upton is a software and technology entrepreneur. He founded DA Systems in January 1999 after identifying a need amongst transport and logistics companies for real-time proof of delivery software to support the growing e-commerce delivery business. 

Share article

Jun 21, 2021

Google and NIST Address Supply Chain Cybersecurity

Google
NIST
SLSA4
Sonatype
Elise Leise
3 min
The SolarWinds and Codecov cyberattacks reminded companies that software security poses a critical risk. How do we mitigate it?

As high-level supply chain attacks hit the news, Google and the U.S. National Institute of Standards and Technology (NIST) have both developed proposals for how to address software supply chain security. This isn’t a new field, unfortunately. Since supply chains are a critical part of business resilience, criminals have no qualms about targeting its software. That’s why identifying, assessing, and mitigating cyber supply chain risks (C-SCRM) is at the top of Google and NIST’s respective agendas. 

 

High-Profile Supply Chain Attacks 

According to Google, no comprehensive end-to-end framework exists to mitigate threats across the software supply chain. [Yet] ‘there is an urgent need for a solution in the face of the eye-opening, multi-billion-dollar attacks in recent months...some of which could have been prevented or made more difficult’. 

 

Here are several of the largest cybersecurity failures in recent months: 

 

  • SolarWinds. Alleged Russian hackers slipped malicious code into a routine software update, which they then used as a Trojan horse for a massive cyberattack. 
  • Codecov. Attackers used automation to collect credentials and raid ‘additional resources’, such as data from other software development vendors. 
  • Malicious attacks on open-source repositories. Out of 1,000 GitHub accounts, more than one in five contained at least one dependency confusion-related misconfiguration. 

 

As a result of these attacks and Biden’s recent cybersecurity mandate, NIST and Google took action. NIST held a 1,400-person workshop and published 150 papers worth of recommendations from Microsoft, Synopsys, The Linux Foundation, and other software experts; Google will work with popular source, build, and packaging platforms to help companies implement and excel at their SLSA framework

 

What Are Their Recommendations? 

Here’s a quick recap: NIST has grouped together recommendations to create federal standards; Google has developed an end-to-end framework called Supply Chain Levels for Software Artifacts (SLSA)—pronounced “Salsa”. Both address software procurement and security. 

 

Now, here’s the slightly more in-depth version: 

 

  • NIST. The organisation wants more ‘rigorous and predictable’ ways to secure critical software. They suggest that firms use vulnerability disclosure programmes (VDP) and software bills of materials (SBOM), consider simplifying their software and give at least one developer per project security training.
  • Google. The company thinks that SLSA will encompass the source-build-publish software workflow. Essentially, the four-level framework helps businesses make informed choices about the security of the software they use, with SLSA 4 representing an ideal end state. 

 

If this all sounds very abstract, consider the recent SolarWinds attack. The attacker compromised the build platform, installed an implant, and injected malicious behaviour during each build. According to Google, higher SLSA levels would have required stronger security controls for the build platform, making it more difficult for the attacker to succeed. 

 

How Do The Proposals Differ? 

As Brian Fox, the co-founder and CTO at Sonatype, sees it, NIST and Google have created proposals that complement each other. ‘The NIST [version] is focused on defining minimum requirements for software sold to the government’, he explained, while Google ‘goes [further] and proposes a specific model for scoring the supply chain. NIST is currently focused on the “what”. Google, along with other industry leaders, is grappling with the “how”’. 

 

Share article