Category Archives: Technology

Risk Management Is Your Top Priority – But Are You Prepared for the Billion Dollar Threat?

As per this recent article over on Chief Executive that asks [if] your company is vulnerable to cyber-sabotage, if your company gets hacked, like Sony had its PlayStation Game Network hacked, then you too could be looking at about $1 Billion in tangible damages and an incalculable toll in lost customer goodwill, tarnished brand equity and sleepless nights for the corporate brain trust. Especially if you are in the Financial, Retail, Restaurant, or Hospitality sectors.

Cyber-Sabotage is on the rise. According to IBM, more than 8,000 new cyber-sabotage “vulnerabilities” were identified last year, up 27% from 2009.

But what can you do? The article recommends that you:

  • Become the Security Champion
    And put cyber-security at the top of corporate priority lists.
  • Beware of “Social-Engineering”
    Make upper managers aware of their own vulnerabilities to attacks that exploit the behaviour of strategically positioned individuals rather than involve a broad cyber-sabotage campaign.
  • Draw the Difficult Lines
    And set up an early warning system since it’s impossible to prevent every possible attack.
  • Dig to the Roots
    Be aware that unhappy contractors, customers or partners can become cyber-accomplices, and even cyber-criminals, if they are financially desperate enough.
  • Survey the Changing “Threat Landscape”
    The rapidly rising number of smart-phone “apps” is providing cyber-criminals with opportunities to exploit mobile-data networks.
  • Know the Four Common Categories of Cyber-Saboteurs
    • Foreign Government Intelligence Services
    • Transnational Criminal Enterprises
    • Corrupt Competitors
    • Corporate Insiders

It’s not bad advice, but it doesn’t really help. It’s great to fly a flag, but that’s not enough. And even if a manager knows he is vulnerable to social engineering, that doesn’t tell him how to tell when an individual might be trying to socially engineer information out of him. And just what should an early warning system look like? And how do you identify what individuals inside your four walls might turn on you? And how does knowing what types of cyber-saboteurs are out there help you stop them from penetrating your networks?

You need to know A LOT more than you do. And you’re not going to figure it out on your own. So you pretty much have two choices.

  1. Outsource to a “Cloud” Company that are masters of SaaS and Security or
  2. Hire a Security Consultancy with the Expertise to Not Only do a Security Analysis but to Train you on what needs to be done to Minimize Risk from a Technical and Social Perspective.

That, in a nutshell, is what you need to know, because unless IT Security is your business, you won’t master it.

Your Browser Matters

While using Internet Explorer will not make you dumb, if you are using it, you probably are. That’s what a recent study by AptiQuant, that a gave more than 100,000 participants an IQ test while monitoring which browser they used to take the test, found. The results, nicely summarized in this CNN article that asks if Internet Explorer Users [are] Dumb, found that users of IE6 scored the lowest on the tests, with a score of just over 80, while users of Opera (the doctor‘s preferred browser by the way, using it since, believe it or not, 1997 when Opera 3.0 was released) scored the highest at well over 120. In other words, IE Users were at the bottom of the “dullness” range while Opera Users have “very superior intelligence” or, for the more technical, in order to include IE users, you have to go two standard deviations from the mean down, and in order to include Opera users, you have to go two standard deviations from the mean up.

Cheap shot at IE users? Oh yeah. Do they deserve it? Probably. There’s no excuse to be using IE, the most non-standards compliant browser on the market, when Firefox, Chrome, and even Safari are leagues ahead and cross-platform. Consider the recent HTML5 Browser Scorecard. IE9 Beta supports a mere 96 HTML 5 features, while Safari 5, Chrome 8, and Firefox 5 support over 200 features. So drop IE. Even if it doesn’t raise your IQ (as the doctor understands that correlation is not causation), at least no one will think you’re dumb.

What to Look for in a Strategic Sourcing Decision Optimization Solution

Once it is understood that Strategic Sourcing Decision Optimization is the application of rigorous analytical techniques to a well-defined sourcing scenario to arrive at the absolute best decision out of a multitude of possible alternatives in a rigorous, repeatable, and provable fashion, one can define some core capabilities of a strategic sourcing decision optimization platform. Then, when one is looking for a sourcing platform that includes decision optimization, one can determine whether or not the platform includes true strategic sourcing decision optimization foundations.

The following are core capabilities that should be present in any platform that claims to be based on strategic sourcing decision optimization:

  • Solid Mathematical Foundations
    LP, MILP, QP, and Convex optimization are good foundations. Random sampling, Monte Carlo simulation, and evolutionary / genetic programming are, on their own, not sufficient.
  • True Cost Modelling
    The models must be accurate and complete. Not “close” approximations.
  • Sophisticated Constraint Analysis
    At a minimum, capacity, allocation, (risk) mitigation, and qualitative constraints must be supported.
  • What If? Capability
    The “holy grail”, the tool must be able to generate, analyze, and compare multiple “what if?” scenarios in order to truly be useful to the organization.

In addition, the following capabilities are nice to have:

  • Constraint Impact Analysis
    Why is this solution “optimal”? Which constraints are driving the allocation?
  • Network Modelling
    for the analysis of demand across multiple categories and network (re)design
  • Automatic Scenario Generation
    that automatically creates “what if?” variants of a given scenario to jump-start analysis

For more information, see our recent article on What to Look For in a Strategic Sourcing Decision Optimization Solution over on the new Next Level Supply site. This article, that summarizes and updates some of SI’s best writings on Decision Optimization, including the Next Level Purchasing Optimization Interview and the e-Sourcing WikiPaper, is a good refresher for those of you looking to (re) acquire a sourcing platform based on strategic sourcing decision optimization.

Project Assurance: Pre-empting ERP/SCM System Failure

ERP/SCM projects fail all the time. The reasons include, but are not limited too, lack of top management commitment, unrealistic expectations, poor requirements definition, improper package selection, gaps between software and business requirements, inadequate resources, underestimating time and cost, poor project management, lack of methodology, underestimating impact of change, lack of training and education, and, last but not least, poor communication. In other words, human factors cause these projects to fail much more often than they should.

However, as per a recent article in Supply & Demand Executive on “preempting ERP/SCM failure through project assurance”, there is a way to minimize the risk. It begins with a blueprint of strategic project assurance at critical points in the implementation project’s evolution. It establishes clear understanding of expectations among all people involved — from the executives, to the business and IT management, to the software vendors and end users.

A Project Assurance plan, that

  • identifies the real issues,
  • sets realistic timeframes,
  • aligns the work streams
  • looks beyond the indicators for early warning signs,
  • manages the expectations,
  • seeks objectivity,
  • communicates the expectations, and
  • measures progress regularly

reduces the risk of failure by

  • trakcing milesontes,
  • controlling costs, and
  • minimizing surprises.

It requires a lot of up-front planning, and a willingness to be realistic at all times, but is worth the effort. For details on how to create one, see Rob Prinzo’s No Wishing Required that will hep you identify six critical points in every project and get you on your way.

IT Outsourcing: The Two-Headed Beast

A recent article on “IT Outsourcing Category Management” over on Efficient Purchasing did a great job of capturing the nuances of the category in that the drivers will be dependent on whether it’s a first or subsequent sourcing event and so will Procurement’s role. In the outsourcing scenario, the number one driver is access to competence. Cost reduction and flexibility take a back-seat with Procurement, whose role is to facilitate the process, that is led by IT, and ensure a competitive environment. In a subsequent event, cost reduction becomes the number one driver and innovation, completely absent in the first phase, jumps into the back-seat. Procurement jumps into the driver’s seat, leading the effort to find qualified suppliers that can reduce costs and increase value.

However, the two events are not completely different. In both scenarios, Procurement must master stakeholder management, do its homework properly, understand risks and the nature of likely disruptions, accurately model cost, and get a grip on the value a supplier could bring to the table. The last part is key, since while 67% of IT leaders rely on outsourcers to turn ideas into new and improved processes, as per a Warwick Business School study, only 33% measure the impact of innovation delivered by service providers, which is key component of delivered value. Plus, as per an IDG Outsourcing Survey, IT Outsourcing has only led to cost reduction and flexible staffing in one third of engagements!

And contracts are a major headache for the unprepared. In addition to detailed descriptions of the services, service levels, and service management process, that need to be provided, a significant number of commercial terms and legal terms generally need to be provided as well. Plus, contract templates should be included in the bidding event as this will let potential providers know what is expected of them. As a result, many projects have to be planned six to twelve months in advance as it often takes four to eight months just to stipulate the scope of services and SLAs, which needs to not only define the services, but the transition plan and an exit plan should the contract not be renewed.