Category Archives: Technology

The Best Supply Chain Security in the World is Useless …

… if you forget to lock the digital back door!

As Tim Garcia pointed out in a recent article over on Manufacturing Business Technology, “In Securing Your Supply Chain, Don’t Forget To Lock The Back Door”, because up to half of all reported company data breaches slip in through unguarded digital back doors. Just because you take all of the security precautions that are possible with your own network, this doesn’t mean that you can account for the practices of other companies your enterprise interacts with on a daily basis though digital backdoors that could be contained in every piece of enterprise technology that you use.

So what should you do? For starters, follow the advice in Tim’s article.

  1. Use up-to-date anti-virus and monitoring systems on all inbound and outbound connections.
    Whether it is between business systems at different locations, your SaaS and cloud providers, or third parties — protect all data links.
  2. Restrict all sensitive digital communications and transactions to secure, monitored, channels.
    Don’t allow sensitive data or monetary transactions to flow over unapproved, unsecured channels for any reason.
  3. Analyze every nook and cranny in your digital supply chain for vulnerability.
    Thieves and competitors will find the one digital pathway you miss or ignore in your vulnerability assessment.
  4. Communicate the Security Procedures and Protocols
    Make sure the entire C-Suite is aware, approves, and communicates them downward.
  5. Have a Recovery Plan
    Despite you best efforts, it only takes one newly discovered zero-day exploit or one employee who forgets to encrypt some critical data for thieves and spies to break into your network, steal your data (and your customers’ data), and put you in a bind. Have a plan to deal with the worst-case scenario as soon as it happens to minimize the losses to your bank account and your corporate reputation.

In addition, SI recommends

  1. Have harsh penalties for (repeat) offenders who do not follow the procedures.
    Just like some employees will continue to buy off-contract unless you have harsh penalties in place to curb this behaviour (such as no reimbursement without an approved PO signed by their supervisor and a Procurement executive, write-ups that negatively impact their performance review and maximum bonus, etc.), some employees will take shortcuts if they think its easier or quicker to do so or the security procedures are overkill.
  2. Look for systems where you can control the distribution of data seen by your suppliers.
    If the only way to restrict the data that is viewable by a user logged into one of your systems is to export it to Excel or PDF, and this is the primary mechanism used to share data with your suppliers, even if it’s sent encrypted, once the supplier decrypts it – you have no control. If, on the other hand, the system implements fine-grained security and you can create customized supplier views and restrict data exports, this limits what the supplier sees and its options for sharing that data. It’s even better if the supplier can create customized sub-views for the data it needs to share with one of its suppliers working on a part of the component it is building for you. Even though the military often goes crazy with its security measures (as anything on the public internet is not “protected” just because you print it off and put it in a binder), they have the right idea — sensitive data that is sent outside the four walls of the organization should be restricted to what is need to know.

Happy Birthday, John von Neumann

One hundred and ten years ago today, John von Neumann is born in Budapest, Hungary. von Neumann was the first to design a computer architecture in which the program and the data it operated on were both stored in the computer’s memory in the same address space, which to this day is the basis of computer design.

Without von Neumann, computers may not be so powerful, you might not have your iPads, and the sophistication of today’s enterprise technology could still be quite crude.

Good SaaS vs. Bad SaaS

A recent post over on Richard Anson’s blog on “11 Crucial Tactics for SaaS Pricing”, while written for new SaaS vendors who need to know how to price their solutions, did a great job of helping to point out some of the key elements of a good SaaS solution sales process vs. a bad SaaS solution sales process as well as some key elements of a good SaaS solution from a customer’s perspective vs. a bad SaaS solution from a customer’s perspective.

In particular, it focusses in on some of the key non-functional characteristics that should be examined in your SaaS purchase process. These non-functional characteristics can easily be summarized in a quick side-by-side comparison of good SaaS vs. bad SaaS.

 

Good SaaS Bad SaaS
Value-based Cost-based
ROI-justification Process Improvement
Business Case Justification Potential Manpower Reduction
Priced According to Company Size and Utilization One Price Fits All
Competitively Priced Priced Out of the Ballpark

 

In other words, if the SaaS solution is good, it will be competitively priced, and priced according to your company size and intended utilization, come with a business case justification, deliver a proven ROI, and clearly deliver ongoing value.

And if a SaaS solution is bad (for you), it will be priced out of the ball-park with respect to its competition (and be either too expensive to deliver value or too cheap for the company to sustain over the long term, which will lead either to the provider’s failure or substantial price increases at contract renewal time), have little in the way of a solid business case justification, or have a poor ROI over the short and/or long term. SaaS is more than features, functionality, hands-off management, and a cool web experience — it’s about delivering value to your bottom line.

For insights on how to cost out the TCO of a SaaS solution, and compare that TCO to an installed solution, see SI’s classic post on Uncovering the True Cost of On-Premise Sourcing & Procurement Software. For insights on what constitutes a good SaaS contract, see SI’s classic posts on SaaS Contractual Considerations (Part I and Part II). And remember, as per SI’s recent post on Maximizing ROI from Technology, it doesn’t matter how strategic the IT Vendor is, it only matters how strategic the solution they offer is.

Intengo – Mastering the e-Procurement Tango in Turkey

When we last covered Intengo back in 2010, they were doing the e-Sourcing Tango in Turkey. At that time, they provided an on-demand e-Negotiation platform built around (multi-round) e-RFX and e-Auction with a sprinkling of Supplier Information Management (SIM) and early stage catalog management thrown in. A project-oriented system, it was a breeze to set up a new RFX or e-Auction event in the system and get a new sourcing event going. One of the unique features of the platform was the calendar view, which integrated with Microsoft Outlook and hot-linked to all of the relevant screens in the relevant projects, and which allowed a buyer to get a quick summary of where they were and what they needed to do at any given time. Other cool features were item-level currency support, smart unit support, and bulk-updates on (filtered) lots or items.

Since then they have been dancing up a storm and they are now the leading e-Sourcing and e-Procurement provider in Turkey, with over 100 clients, including a few notable international clients with operations throughout Europe and Asia. That’s right, they have migrated from a basic e-Sourcing application to an end-to-end e-Procurement solution in an effort to serve their clients better. Since 2010, they have added requisition and purchase order support, price lists and full catalog support, delivery notification and tracking, and integration with the big ERPs (Oracle and SAP) for master data management, invoice management, and e-Payment / Accounts Payable integration. In addition, they have also integrated budget management into the e-Procurement process.

A user can begin a requisition from a catalog or from a free-form request. The request can be sent straight to a (preferred) supplier if it is within the user’s spending limit (as defined by the budget), turned into a Purchase Order (after being approved, if necessary), or turned into an RFX or e-Auction. If the request is turned into an RFX or e-Auction sourcing event, the RFX or Auction is pre-populated with pricing from the most recent supplier price list (at the volume level) or catalog if pricing is available. If the request is sent straight to the supplier, the supplier can accept the request and provide delivery information, reject the request, or decline due to incorrect or insufficient information. In the last case, the buyer is notified and corrections can be made. In the case of an RFX, after the event has been configured, the request is sent to the selected suppliers who can bid on the whole or part, decline to bid on the whole or part, or decline to bid because of incorrect or incomplete specifications on one or more line items. In the last case, the buyer is notified, and if the buyer agrees, he can suspend the RFX or e-Auction until corrections are made, and all suppliers are immediately notified of the event suspension. A supplier who accepts a purchase order, who is awarded an RFX, or who wins an auction is able to immediately enter delivery information into the system (which can generate e-invoice data for submission to the organization’s ERP) and when the product is received, a buyer can mark the product as received in the mini delivery module.

The catalog functionality is pretty much what you would expect and is comparable to most other e-Procurement platforms out there and the budget capability can be used to define budgets by user, project, and department and track them against requisitions and awards project-to-date and year-to-date. The built-in reporting is good, and Intengo even has canned reports by brands (which are great for retailers). Furthermore, Intengo can create and customize any report on any platform data that you want, but note that the platform is still missing a custom report builder. However, realizing this weakness, Intengo gives you the ability to export any and all data to Excel or to your ERP (so you can build your own reports using reporting tools you already have). So if you do full ERP integration (and use it for your Master Data), and you already have a best-of-breed reporting product sitting on top of that (and chances are you do), you can use that to build custom reports on your sourcing and procurement projects.

They have also made enhancements to their e-Sourcing platform. One of the most significant enhancements is their formulaic auction capability. This weighted auction capability allows a user to define an arbitrary weighting, composed of one or more factors, to every bid, on a lot and line-item level, that is used in determining the rankings. The user can define one-or-more weighting factors based upon quality, warranty, shipping, associated duties, etc. The categories can be (optionally) displayed to the suppliers who can choose the ones relevant to their bids (such as shipping, warranty included, etc.) and the weighting factors can then be applied behind the scene. In addition, during an auction, suppliers can also suggest substitutions for each line-item and lot, which a buyer can accept. (And, if necessary, the buyer can pause the auction, define appropriate formulae, and provide additional information to other suppliers who might also be capable of offering substitutions on different terms.)

Intengo is definitely an up-and-coming contender on the end-to-end Procurement scene in the European mid-market and another European e-Procurement provider to watch, especially since, like other European players, they have been internationalized and multi-language since day one on their integrated, single-solution, SaaS platform that allows them to create new instances virtually on-demand. While SI doesn’t expect them to cross the Atlantic for another couple of years, it does expect that the North America companies competing across the pond are going to be seeing a lot more of them on mainland Europe in the coming years.