Vendor Management

The Latest

23 November 2021: SoftIron is developing an Australian facility to manufacture it’s high-performance data processing appliance. This is the company’s second facility after its California factory and they have plans to develop another centre in Berlin in the coming years. The planned edge manufacturing facility is expected to be the first component level computer manufacturing hub in Australia for several decades.

SoftIron’s New South Wales manufacturing facility is supported by a AU$1.5 million grant from the Department of Defence. The hardware provided by SoftIron will include open-source appliances for high performance data processing.

The vendor will leverage smaller-scale, automated ‘edge manufacturing’ systems and effectively side-step global supply chain bottlenecks.  

SoftIron claims that security-minded clients, such as the Australian Government, are increasingly concerned about the risks of supply chains that include foriegn entities suspected to have inserted spyware. Governments are already applying bans on foreign providers of communications and data processing hardware that power modern data centres. SoftIron claims the ability for clients to verify every aspect of a product - from the open source code to the supply chain of components and manufacturing cycle - is critical for trust in data centre appliance.

Why it’s Important

SoftIron’s entry into Australian tech manufacturing is welcome. Australia’s technology tech manufacturing was decimated by large-scale overseas production capabilities in the mid to late 80s, despite having some extraordinary world-leading products. For example, the world’s first battery-powered laptop, the Dulmont Magnum (aka the Kookaburra) designed and manufactured in Australia in 1984. Hartley Computers developed hardware and software locally in the same decade, before concentrating on supporting imported Wang minicomputers.

The SoftIron announcement raises several important considerations:

Supply Chain Risk

Procuring hardware from an foriegn manufacturing plants (such as POS and telecommunication systems) is now being flagged as a possible point of exposure to business espionage and spying. The complexity of international supply chains combined with the opaqueness of the firmware and code running on tech products, opens up many avenues for criminal and state actors to inject malware into products sold overseas. While China is a target of US suspicions, it should be noted that Australia's allies have engaged in similar activities in the past: in particular the US and Germany with encryption technologies, and the recent use of the ANoM phone app used to ensnare criminals.  

For Australian enterprises, the lack of visibility into the supply chain should be a growing concern. The only way to address this concern is to adopt a risk assessment policy that includes verifiability of the supply chain, and the firmware and code of products.

Support Chain

Edge manufacturing (aka micro-manufacturing) leverages the ever lowering costs of robotic manufacturing systems and (importantly) the lowering cost of programming such robots, to compete against the cost-efficiencies of huge factories in lower labor-cost countries. 

Technology manufacturing firms have traditionally driven costs down through economies of scale and labor savings. However, the global supply chain crunch due to the pandemic and slow-moving trade wars, coupled with rising labor costs globally, is causing a change in the equilibrium of manufacturing. 

Edge manufacturing employs robotic technologies and short-run production automation to deliver specialised products at a faster rate, at costs that are within the realm of those offered by large scale manufacturing, when transport, warehousing and related global supply chain costs are considered.  Edge manufacturing is less susceptible (though not immune) to global supply chain disruptions. 

Most importantly, edge manufacturing is highly agile and their entire manufacturing process is verifiable, making the model attractive for security conscious buyers. Finally, firms that locate their facilities here are covered by Australian laws and are therefore required to be certified to a compliance standard to ensure the level of data security is being met.

Who’s impacted

  • CIO
  • CFO
  • Procurement managers

What’s Next?

IBRS believes that the national economy has a solid potential to benefit from edge manufacturing.  Recent economic modelling by IBRS and Insight Economics noted a 10% increase in organisations buying Australian software (as opposed to US and European solutions) would return close to a $1.5 billion uplift in the economy within a decade. This economic benefit would be significantly magnified if hardware was added.

Organisations can examine the premium put on closer collaboration with suppliers and vendors through this business model by:

  • Running a hypothetical stress tests on their current supply chain to understand how it affects their financial standing
  • Utilising local vendors while considering a third party risk assessment and compliance program that will fit their cyber security strategy
  • Assessing a vendor’s governance framework using the IBRS Vendor Governance Maturity Model

Related IBRS Advisory

  1. How does your organisation manage cyber supply chain risk?
  2. Vendor governance framework (VGF): Evaluate maturity to manage growth and risks
  3. Strategic vendor management in government
  4. Challenges when conducting business impact analysis