Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, Palo Alto Networks’ security platform safely enables business operations and delivers protection for applications, users, and content.
Arena recently spoke with Rachel Yabut, Supply Chain Risk Manager at Palo Alto Networks, and discussed keys to ensuring a risk-free strong supply chain. In this two-part blog post series, Rachel shares her thoughts on the solutions and best practices that support successful end-to-end supply chain management.
Arena: What innovation has Palo Alto Networks implemented to manage risk with respect to your supply chain partners?
Yabut: When I took over the department, we needed to look at what the problem was and what the appropriate solutions would be. We needed to integrate risk into supply chain process. Our goal was to integrate the procedures into day-to-day activities. It needs to be ingrained in the “DNA” of our supply chain processes. It must be natural, not just an afterthought.
Arena: What is one of the pre-emptive ways you handle risk?
Yabut: Just like with RoHS, if something is high-risk, it shouldn’t be in the design at all. The further upstream you put processes in place, the better. I call it “Design for Risk” and while everyone has done this, drive it more from a manufacturing perspective. We start with design. We look at every part, at the first level of bill of material (BOM), as well as before supply chain or operations. We do risk analysis for all elements and question if we can find it in a standard database when it goes end of life (EOL). We try to uncover unknown risk factors in advance. It is important to implement these risk management mitigation practices while we’re a relatively young flexible company instead of waiting until we’re larger, more complex and brittle, where it would then be more challenging to incorporate overall risk management practices. Bringing in risk mitigation early in a company’s evolution allows it to become part of the corporate culture or “DNA”.
Proactive crisis response involves being prepared for as many scenarios as you can think of. So that should you have a crisis, you would have responses and tools in place to respond appropriately. The key is to identify what is more likely to happen, when—and understand the probability. When everyone understands what is happening real time globally — that’s when the proactive differences are made. It will cost less to prevent the problem ahead of time instead of having to react without a plan to an unexpected crisis.
Arena: Do your supply chain partners propose changes to your products or processes that reduce current or anticipated risk?
Yabut: Yes, there is a collaborative effort between our manufacturing engineering group (under operations) and our partner’s ME group. It’s more of a team approach. We don’t dictate. We’re open and flexible regarding our CM’s suggestions or recommendations. When we run into a problem, we work very well together to resolve the problem or put corrective actions in place. We also go back later and ask, “What can we do to improve design?” especially with new products, even when there aren’t any known issues. Then, manufacturing will, in turn, let us know if there is a way to reduce cost from a manufacturing perspective.
Arena: What’s the story behind your credo “design it in, don’t wait until something goes wrong”?
Yabut: For example, we might adjust our product design a little in advance so they assemble it in a different way to achieve cost, quality and/or efficiency benefits. Normally once design is done, you’re realistically not going to redesign immediately after it’s released.
Tune in for next week’s blog post to learn more from Yabut.