Category Archives: Technology

Technological Damnation 76: Cybersecurity / Cyberattack

Recently we discussed technological damnation 78: e-Privacy, where we hinted at the difficulty of maintaining privacy in an era where keeping the data encrypted and secure is getting harder by the millisecond. We followed that with a discussion of technological damnation 92: data loss that noted that intrusions are hard to trace and like privacy, loss prevention requires secure, encrypted, digital vaults that, with advances in computer technology, often get less secure by the millisecond, starting the millisecond they are implemented.

But the damnation of cybersecurity goes well beyond (e-)privacy, which consumers are very concerned about and data loss, which your C-suite is concerned about, to fraud, sabotage, and fear.

Fraud

A cyberattack might be perpetuated to steal customers’ data, especially if it has value (because it contains credit card numbers, health records that snake oil charlatans can use to target desperate people, or incriminating information or photos); to steal proprietary data (that a competitor would pay a pretty penny for); or to covertly steal company funds by inserting false supplier records into the e-Payment system (that would allow fake invoices to be automatically approved by the e-Payment or e-Procurement system) or accessing a company’s bank account through the bank integration so that the hacker can ACH the funds to another account controlled by the hacker that will allow the hacker to electronically wire all of the available funds to a bank account in a country where the funds cannot be recovered.

Sabotage

A cyberattack might be perpetuated to take down core systems that run production lines, as modern production lines are software controled and the right malware can physically damage equipment by causing it to overheat or operate beyond safe parameters. Damaging a multi-million production line, taking down a power grid, or contaminating multiple batches of product can shut a company down for weeks and do considerable financial damage to the company in the short term, and reputational damage to the company in the long term as it struggles to recover from an inability to meet its customers needs for a prolonged period of time and keep its operations safe.

Fear

A successful cyberattack can install fear in a company and its upstream and downstream supply chains all the way from the company that mines or produces the raw materials that are consumed by the company to the end consumer that buys the products. Sometimes that’s enough to do significant damage.

Defense

Defending against a cyberattack is nigh impossible. You don’t know when it’s coming. You don’t know where. You don’t know what zero-day vulnerability the hacker is going to try and take advantage of. You don’t know what communication lines the hacker is going to use and what machine they are going to try and route through. Can you encrypt everything? Secure every line? Patch every known security hole on every machine? And insure that not a single employee can be socially engineered to accidentally give a hacker any additional information to help the hacker in her quest? Defense is almost impossible.

As hinted at in our previous damnation posts on e-Privacy and data loss, cyberattack and cybersecurity is a damnation that is becoming more damning by the day.

Technological Damnation 90: Open Source

When it comes to software, proprietary madness (Part I and Part II) is one damnation — but open source, the other side of the coin, is another.

This is another damnation that is probably making you huh?, because it seems that open source, which not only give us free software, but some of the best software out there, should be a great thing, and it is, but from a Procurement point of view, it’s a damnation. Why?

How do you cost it?

There’s no such thing as a free lunch, and where open source is concerned, this is a free lunch at the Bawabet Dimashq Restaurant where you have to wash the dishes — for the entire floor (that contains 6,014 seats) all by yourself! Unlike most proprietary software which comes with a warranty, a maintenance plan, and support, open source simply comes with a license that says you have to right to use it if you see fit, but you waive all warranties and liabilities while doing so. If it is broken, you can ask the community for help fixing it, but you might have to fix it. You have to maintain and update it. You have to install it. And in some cases, you have to even compile it! That takes development manpower — and sometimes lots of it. Whereas all you might need for vendor provided software is an admin to create and maintain accounts, you might need a dev team backing up the open source.

How do you protect it?

Chances are you will find something that doesn’t quite do what you need, or that needs to be fixed, and will have to fix, and augment it. Under the terms of most open source agreements, any modifications you make must also be open source and released, so if you want to do any custom upgrades, you better be prepared to give them away for free. At least with proprietary technology, you can always negotiate with a provider for custom developed technology exclusive to you.

How do you defend your investment against it?

Maybe the best choice today is that proprietary enterprise software license that costs you high six or low seven figures for enterprise wide deployment — but which should net you a nice return based upon the value you expect to get from it under the assumption that the vendor’s promises will materialize. However, you will only get the advantage you expect in the market if your competitor cannot get a solution for any less. What if an open source with equivalent, or better, capability hits the market next year and the only cost is the cost of training or a few consultants to implement it plus an ongoing system admin after that? If your competition can get equivalent software for a fraction of the cost in a year, will you net your return? And will you be giving up a greater return by locking into proprietary software now when the open source that could materialize in the near future might even allow your organization to take an accelerated path to savings?

Just like proprietary madness, open source is also a technology damnation. When it comes to technology, it’s damned if you do and damned if you don’t.

Shortlist.co Should Be On Your ShortList for Agency & Services Management

In our last post, we noted that most Sourcing and (e-) Procurement platforms are not appropriate for Marketing and Services Management. We gave a number of reasons for this, but the big ones can be summarized as:

  • lack of a creative, digital, or advertising suppliers in a supplier network
  • lack of an appropriate project definition for marketing projects
  • lack of an appropriate workflow for marketing or services projects
  • lack of appropriate collaboration for internal and external partners

Marketing, unlike Procurement, needs to be as focussed on the relationship and the creative as Procurement needs to be focussed on the cost and the deliverable. It’s all about the message, the delivery, and the brand. That’s more than just a DVD with 30 seconds of a TV spot, a zipped download of a new website, or a document outlining a new brand building campaign.

That’s why marketing needs a solution that allows it to:

  • identify new suppliers it would not find otherwise that might be able to serve its creative, digital, or advertising needs to help it increase returns while keeping costs in line
  • define marketing projects in a way that allows for meaningful RFPs, evaluations, and workflows
  • allow Marketing to collaborate with Procurement, Engineering, and other internal stakeholders in a manner that is conscious of organizational strategy and budgets
  • allows Marketing to collaborate with suppliers and track progress, deliverables, milestone, and overall supplier relationship with marketing suppliers

Shortlist.co, which will be doing a major North American launch early next year, is a new web-based platform that will allow a Marketing organization to do all of this. This platform has three major elements:

Vetted, Indexed, Supplier Network

The platform contains thousands of global suppliers in the advertising, creative, and digital space that are vetted by Shortlist.co as real and capable of performing the advertised service offerings. They are indexed by location (from region down to city level), size, and offering.

Services Project Management

Everything in the platform revolves around a project. Project creation is quite simple, as all a user has to do is enter a name (which can be changed later), and optionally assign it to a campaign (which can be done later) and a category for budgetary purposes (which can be done later and changed later as well). Once a project is created, a user provides a description, creates and / or attaches an RFX, selects suppliers to distribute the request to, defines a response due date, and the project is launched. Alternatively, if this is a project that is undertaken on a regular basis, the user might just select a template, make a few alterations, update the supplier list, define the response dates, and launch. Then, the user defines a review team, sends out the review invitations, and when the responses come back, the review team can independently and collectively review and comment on the proposals. Once one has been accepted, the budget can be revised and recategorized, and at all times the team can see how much of the budget has been allocated year to date and how it breaks down into campaigns and categories (such as UX design, web site development, tv spots, internet video, social media campaigns, etc.).

Collaborative RFX Capability

While RFX is not unique to the platform, it is extremely well integrated into the project and has all of the functionality one would expect in the creation of a detailed RFX for services. In addition, the tool supports side by side comparison of multiple responses to make evaluation by each team member easy, and can aggregate the scorings from multiple team members to allow for organizational ranking, allowing each team member’s input to be taken into account during agency selection. Furthermore, the weighting adjusts to the actual number of reviewers who have commented on an item, so that if only one of three reviewers has an opinion, a 9 (out of 10) does not become a weighted 3.

Reporting

The insights capability is still being built out, but right now the platform also supports an initial set of project and partner comparison reports that allow an organization to answer, at a minimum:

  • how award allocations compare to budgets
  • how spend breaks down by category and campaign
  • which suppliers have the most projects
  • which suppliers have the most spend (by category)
  • the success rate of each supplier

The platform, which is being designed to be the marketing and service award, management, and collaboration tool between stakeholders and suppliers, fills a big need in many mid-size organizations today which have nothing to appropriately manage marketing and service spend, and even less that Marketing and Service Management can use. As a 100% multi-tenant SaaS solution, this allows a marketing organization to start immediately with no IT, or Procurement, support but yet involve IT and Procurement in all of their projects. Shortlist.co is definitely a solution that should be on your organization’s shortlist for agency & services management

Does Your Organization Have What It Needs for Agency & Services Management?

SI might be focussed primarily on (Strategic) Sourcing and (e-) Procurement and associated solutions for spend reduction, cost control, and value generation, but every now and again likes to focus on solutions for Marketing, Contingent Labour & Outsourced Services, Legal, and other departments who believe their spend categories are sacred cows that will not be treated with the reverence they deserve by Procurement (and, as such, refuse to hand over control of those categories to a Procurement professional).

Marketing is one of the departments that needs a solution for cost control, and not just because it won’t turn over it’s sacred cow spend, but because the nature of the spend requires good, collaborative, services management. Traditional (e-) Procurement does not address the particular needs of an indirect services category like marketing where:

  • agency identification requires a vetted, indexed, database
  • agency selection requires stakeholder engagement and agreement
  • budget management requires award tracking by project and category
  • project management requires agency involvement
  • issue resolution requires real-time online collaboration

These needs can only be served by a platform that provides:

  • a supplier network of creative, digital, and advertising agencies
  • an online collaboration portal with survey capability and multi-user ranking and aggregate weighting
  • the ability to capture award amounts by project and work category (creative, digital, equipment rentals, etc.)
  • an online project management portal to track progress, milestones, and deliverables
  • an online collaboration portal where stakeholders can connect in real-time

But if you consider these needs, you find that:

  • few e-Procurement platforms have networks, and fewer still have any creative, digital, or advertising agencies as they tend to focus on direct material providers
  • the vast majority of e-Procurement and Sourcing platforms have RFX, most allow multi-user aggregate rankings, but most are not configured for users outside of Procurement
  • most e-Procurement platforms with CLM support allow for detailed project definitions and costing by line item, but the built in categorizations are not designed for marketing
  • most e-Procurement platforms have Procurement driven workflows, not agency project management workflows
  • online collaboration is generally only well supported in SRM (Supplier Relationship Management) platforms

As a result, as has been discussed on SI in the past, most Sourcing and (e-) Procurement platforms are not appropriate for Marketing and Services Management. Other solutions are needed.

My Solution Is Not One of The Six Strategic Sourcing Samurai. Am I Screwed? Part II

In Part I we noted that SI understands that it’s last few posts have probably caused a lot of soul-searching and panic among practitioners and fear and loathing among vendors, who don’t have an optimization based Sourcing platform and, in the viewpoint of SI, don’t have a platform that supports true strategic sourcing, and then began to discuss the panic and fear. We then noted that the simple answer was that the average organization was probably not screwed, but the full answer would take quite a bit to preamble to explain — preamble that we’re in the midst of.

We left off noting that SRM is only one way to identify additional value, or, in some cases, reduce unexpected loss. Contact Lifecycle Management (CLM) is another way. Strategic Sourcing identifies savings. Procurement prevents unnecessary overspend. But CLM prevents unexpected loss. The total cost of a good is total landed cost plus utilization/processing cost plus COGS (cost of goods sold) plus return/warranty cost plus reclamation cost at life end. And it’s a total loss if the good is lost. In order to prevent savings leakage, an organization has to manage the lifecycle of the goods being purchased for the length of the contract, especially if returns and payment reclamations need to occur. This is where CLM comes in. It makes sure contracted terms are adhered to, the lifecycle is monitored, supplier relationships are appropriately managed, and, where appropriate, risk is monitored and managed. (For more details, see the Contract Lifecycle Management series over on Spend Matters that was co-written by the doctor and the maverick.)

Then there is sustainability. Finding ways to reduce energy and water consumption, to switch to renewable resources, to avoid suppliers or products that are not in compliance with appropriate regulations (and that could result in the organization being hit with multi-million dollar fines), is also strategic and very valuable.

If the Sourcing platform in use by your organization supports one or more of the above strategic activities, your organization is definitely not screwed as it can use that platform to identify additional sources of strategic savings and strategic value. As will be discussed in a future joint series between the doctor and the prophet, there are many approaches to sourcing and, with the exception of first generation e-Negotiation, each brings significant, unique, advantages that are very valuable.

However, if all the organization has is a first-generation e-Negotiation platform that is nothing more than an RFX and/or e-Auction with a little bit of reporting and a primitive supplier portal, then, at some point, it may find itself screwed. While the first e-Sourcing event on any category will almost always identify (significant) savings, those savings don’t reappear the next time the event is run. The fat can only be trimmed from the margins once, and then the organization has to get strategic to find sustained savings. Fortunately, the majority of providers do not fall in this category, because this means the majority of organization with a sourcing platform can confidently say they made a good choice — and just need to acquire supplementary optimization capability for where it is needed.

The full answer is thus: as long as you are not stuck on a pure first-generation e-Negotiation platform, then you have a platform that will support continued savings identification, cost control, and/or value generation when appropriately used. If you are, then you will need to augment it as soon as possible because, as explained in the last paragraph, from a savings perspective, you need to consider the platform a one-time use on a category basis. By the time you cycle back to the first category in the queue, you will need a more advanced solution.