Category Archives: Technology

Technological Damnation 87: OLAP

OLAP, short for on-line analytical processing, is a great thing, right? It is at the foundation of reporting tools like Business Objects and Cognos, that, when they were released, gave users unparalleled insights into raw data compared to the rather static reports they were used to. It was revolutionary. And that’s the kicker. It WAS.

Now, it’s old technology and, to make matters worse, there is still the widespread misconception that it is the right tool for Spend Analysis. As SI has addressed many times, often with the help of the Spend Master (and there is only one), nothing could be further from the truth. This post will summarize just a few of the reasons this damnation continues to savage us, and will likely continue to do so for some time.


OLAP has no real-time capability

On-line analytical processing is just a fancy term for pre-computing a large number of intermediate and final totals against a roll-up models so that, when a user logs in to a system, not only can they see a report, but drill down into each line item to pre-defined subtotals according to a fixed hierarchy. For example, they can click on total sales and then drill down into sales by region and then sales by country and then sales by state/province. However, if the model is ordered by geography, but the user wants by department and then by geography, unless there is another report where those totals have been pre-calculated, the user is out of luck.


… and ROLAP doesn’t count!

In OLAP, the roll-ups are pre-computed off-line at regular, pre-scheduled intervals. In ROLAP, the system will rebuild the hierarchical roll-up on the fly — but if the roll-up takes an hour to generate, who cares whether the user initiates or a system script initiates. It still takes too damn long.


OLAP requires a rigid data model

Not only does OLAP require a rigid definition of the roll-ups being done against a rigid hierarchy, but that rigid hierarchy requires a rigid data model to work against. One model, with one hierarchy per OLAP report. Multiple reports, multiple hierarchies — but only to the extent supported by the underlying data model. If the data is missing or not fine-grained enough for the OLAP data processor, OLAP just will not work.


And that just doesn’t work for spend analysis.

As SI has indicated dozens upon dozens of times over the years, spend analysis requires flexibility — the ability to redefine roll ups, drill-downs, and underlying data models to support the analysis the analyst needs to do — not the analysis a vendor thinks that the analyst needs to do.


OLAP requires a lot more server memory than an average organization can afford

Today it’s all about big data and big data is huge. This means that summaries are huge compared to simple static reports, especially OLAP roll up summaries. One detailed multi-level roll-up summary with one drill down report on terabytes of data can take over a hundred gigabytes and max out memory on an average server — but an organization will need dozens of such drill downs to even come anywhere in the vicinity to meeting its analysts’ needs, and a server with terabytes of (D)RAM. We are beyond server territory into mini super computer territory, and mini super computers come with price tags that start (well) over half a million.

There are alternatives to (R)OLAP that can actually do real-time analysis and reporting on tens of millions of records on an average high-end multi-core laptop, but given that these systems are still the exception, and not the norm, this damnation is going to be with us for decades.

My Solution Is Not One of The Six Strategic Sourcing Samurai. Am I Screwed? Part I

SI understands that it’s last few posts have probably caused a lot*1 of soul-searching and panic among practitioners and fear and loathing among vendors, so today it’s going to address the panic and fear (but not necessarily the loathing*2).

The short answer is: probably not.
The full answer takes quite a bit of preamble to explain.

First of all, many organizations carry the misconception, often reinforced by traditional analysts and big-X consulting companies, that the only way to find considerable savings, avoid unnecessary cost, and add value is through strategic sourcing. This is only one of many methodologies, and underlying technologies, that Supply Management can use to save money, control cost, and add value. It’s a powerful methodology, but just methodology.

True sustainable savings, cost avoidance, and value generation come from Strategic Supply Management. Supply Management encompasses Sourcing, Procurement, Logistics, Contract (Lifecycle) Management, Supplier Relationship Management, Sustainability Management, and other strategic activities that manage costs and generate value. Thus, strategic sourcing is only activity at the disposal of a Strategic Supply Management organization — and for an organization beginning its sourcing journey, it’s not always the best one.*3

If the organization does not have it’s e-Procurement under control, sometimes the best place to start is with a strategic Procurement process backed by a leading e-Procurement solution (with e-Invoicing and m-way match). Why? Because, as per AMR’s (now Gartner’s) classic series on Reaching Sourcing Excellence, 30 cents, or more, of every dollar of negotiated savings never materializes. If the organization is only capturing 60% of negotiated savings, then what’s the point of using an advanced solution to identify a 5% savings if only 3% of the savings is going to be captured? It would get the same year-over-year improvement if it did a simple e-Auction, identified a 3.33% savings, and captured 90% of it. This is where a great Procurement process, and solution, comes into play — specifically, one that makes it easy for buyers to find contracts, place timely orders (and avoid expedited shipments), see the impact of going off-contract (and be visually guilted into making the cost-effective decision unless there is a strong reason to do otherwise), and use the system (versus avoiding it). With this type of a solution, there will be no off-contract spend because a buyer wasn’t aware of a contract, wasn’t aware there was a more cost-effective product, wasn’t able to figure out how to use the system, etc. There won’t be overspend due to duplicate invoice payments, overpayments due to off-contract rates, or over-payments due to undelivered merchandise with a good m-way match e-Invoicing component. And so on.

However, simply capturing the majority of savings identified in a sourcing event does not guarantee that the organization is capturing all of the savings available to it or controlling spend. For example, the savings quoted is simply the best price that the supplier feels that it can offer today – but that may not be the best price the supplier could offer if it was more efficient. The supplier might not be lean, might be quoting off of an inefficient design (that it could improve through a joint-design initiative), or might have an outdated quality control process leading to a higher rate of defects then is necessary. That’s why great supplier relationship, powered by a leading SRM platform (that, by definition, also captures SPM and SIM data) can also provide great value.

*1 some to say the least
*2 first generation e-Negotiation platform providers are going to loathe SI, but there’s nothing to be done about that — it was their choice to stand still while their peers continued to innovate
*3 bet you never thought that the doctor, the leading advocate of SSDO since this blog went online in 2006, would say that, eh?

The Six Strategic Sourcing Samurai

In our last post, we made the bold statement that it’s not optimization, it’s strategic sourcing and the even bolder statement that SI believes it has become practically impossible to do true strategic sourcing without optimization.

This is probably scary for those of you that are looking for a strategic sourcing solution and just figured out that, if the doctor is right*, then most of the organizations on your RFX list are not going to make the cut because while there are dozens of Sourcing platforms on the market, there are only six (6) that have true strategic sourcing decision optimization that implement all four (4) pillars defined in the classic wiki-paper that formally defined strategic sourcing decision optimization (SSDO).

So who are these six strategic sourcing samurai? They are the six remaining companies that took the time and effort to not only research and build a solution, but take it to market and wait while the market caught up with the vision that a few pioneers had fifteen years ago — a vision of true best-cost global sourcing from a total cost of ownership (and, more recently, from a total value management) perspective.

They are:

  • BravoSolution (acquired VerticalNet, which acquired Tigris)
  • Determine (formerly Selectica, which acquired Iasta)
  • IBM (acquired Emptoris, which acquired MindFlow)
  • Keelvar
  • SciQuest (which acquired CombineNet)
  • Trade Extensions

It’s not a long list, but it’s an important list. Furthermore, one can be sure that there will be more companies to add to the list in a couple of years, especially since there are a number of advanced solvers out there — such as CPLEX, Gurobi, XPress, etc. — to build solutions on; a number of 3PLs — such as APL, Schneider, etc. — that have very advanced logistics optimization solutions; and a few companies — such as LLamasoft, Oracle, etc. — that have very advanced Supply Chain (Network) Optimization solutions (which is not the same as SSDO). Optimization is spreading, and as more companies realize its power, it will continue to spread. However, now that the early adopters have proven the power of decision optimization, the question is, are you going to be a leader, and one of the first to capitalize on it, or a laggard, and watch as your competition moves faster, captures more market share, and generates a greater year-over-year profit based on the advanced cost reduction and cost control methodologies that optimization provides?

As for those of you that already have a previous generation sourcing solution and, for one reason or another, are locked in to it, don’t fret. A few of these vendors are quite happy to license their software as a secondary solution because, even though optimization should be used in every event, the reality is that, if the category has been well studied, the cost model is relatively simple, or the product is going out for an all-inclusive bid, the additional savings that optimization is likely to find is small and those categories can continue to go through the current platform. By cherry picking the categories with the largest (un-managed spend) and which appear to have the largest opportunities, and simply conducting those through the secondary optimization platform (and then pushing the bids and awards back into the primary platform to maintain a single database of bid and award data), it’s likely that the organization can easily identify 80%+ of all of the additional savings opportunities identifiable through optimization for a small additional investment. It’s whatever works. If the organization can get by on one platform, great, but if it can’t, or feels it can extract more value from two platforms, that’s fine too. Strategic Sourcing is for everyone, and that’s why the leading optimization vendors are quite happy to work with everyone who’s ready.

* the doctor is right. The real question is, when will your organization be ready to accept it? If your organization has not yet reached a level of sourcing maturity that, at the very least, puts it in the Hackett Group top 8%, it may not be far enough along it’s sourcing journey to truly understand why optimization is a necessary for strategic sourcing in the latter half of this decade.

Technological Damnation 92: Data Loss

It is the information age and data is the life blood of the company and the supply chain. The financial chain is controlled by data. The physical flow of goods is dictated by data. People communicate electronically through data packets. It’s all data. And losing that data is a damnation. Not just because data is lost, but because:


Lost Intellectual Property data is a loss of competitive advantage

Sometimes the only edge a company has is it’s intellectual property that it can use to create a slightly better product, do better in a foreign market, or lower its costs enough to undersell the competition when its products are no better. If that gets stolen, and one or more competitors get their hands on it, the advantage is gone and all of a sudden the product is no better, the edge in the foreign market is lost, and there is no cost advantage to exploit in the end product.


Intrusions that result in lost or stolen data are hard to trace

If your systems or networks get hacked, and your data is stolen, good luck figuring out who got your data, because chances are that not only will you not be able to figure out who hacked you, but you will not even be able to figure out where the hack came from. Right now, there are free hacking toolkits for every major OS on the deep web that can bounce packets off of dozens of anonymous proxy servers, fake TCP/IP headers, and exploit dozens upon dozens of security holes that can be launched successfully against the average system by budding script kiddies — so imagine what real black-hats can do if this is what they give away for free. Do you know how many zero-day exploits are in your systems? They do!


Even if the intrusions are traced, loss is hard to recover

Let’s say you are able to afford, and hire, the best white-hat trackers from the top security firms on the planet and they trace the hack to, let’s say, a rogue hacker in China or Russia. Do you think you’re going to recover anything? Nope. And even if you can trace the hack to your country or a country that you operate in, do you think suing a hacker who got an untraceable payment to a Swiss or Cayman Islands account is going to net you anything? No way!


Data loss prevention requires very powerful, expensive, digital vaults

The only protection your organization has is to install the best systems with the best encryption configured by real security pros. This is not easy to do. Considering that most web sites are full of security holes that are easily uncovered by open source products like PortSwigger’s Burp Scanner, imagine how hard it is to properly secure a database, an ERP, an OS, and the communication lines between them. So not only do you have to buy a top of the line system with embedded security, but then you have to find a real security expert to properly configure and harden the system — who is extremely pricey if you manage to find that person.


And loads of security training, awareness, review, and enforcement.

The majority of data thefts are not the result of hacks, but the result of disgruntled employees with access or social engineering. That’s why you need good policies, training, and enforcement. An admin should not grant carte-blanche access to data in a system to an employee who does not need it just because it’s too hard to set up the roles based security, even if the employee is happy and trust-worthy. Chances are that security will never be reviewed and if, in two years, the employee gets disgruntled or falls on hard times, that’s an exploit waiting to happen.

But the biggest risk is the average employee who writes her password on a post it inside her drawer, a receptionist who does a system test when asked over the phone, or an office admin who grants a workman access to the server room because they look like they should be there. The most common way a hacker gets access to your system is by posing as the janitorial staff who gets to go into every cubicle to empty garbage (and check desks for password post-it notes), as the vendor rep who wants to test the server connection (and has the rep go to a site that looks like the vendor portal admin screen and login for a speed / reliability test when all it does is capture the authentication data before passing through to a real site), or by dressing up as an IT shop employee there to fix the server — because once you’re on the live system, you can suck all the admin codes you want for a remote access later. Poor security practices opens holes bigger than the Vredefort crater.

And the average person does not understand this, even after repeated instructions and explanations as to why writing the password down is dangerous. So this damnation will be with us for quite some time.

Technological Damnation 78: e-Privacy

Privacy is a good thing, and e-Privacy is a better thing, but that doesn’t mean it’s not an eternal damnation to Procurement. Why?

Customers are always demanding more privacy rights.

Including rights that they do not have in the off-line world. While you definitely should not post online that they shop at your location, they some consumers don’t even want you to keep records that they do. But in the real world, you can keep your security feeds, that show them, your physical credit card receipts for at least seven years, that show they shopped their, and the associated transaction receipts, that shows what they bought. But as soon as you store that data in a system, aggregate it, and use it to build a loyalty program and target appropriate rewards (even if you do so in a private way and don’t share the data with anyone), you’re trying to invade their privacy rights. So you have to be extra careful in Procurement that any systems you source have the highest safeguards and are only going to be used for legal, responsible uses.

Oversight requirements are increasing as regulatory acts are multiplying.

As more and more consumers demand their e-Privacy rights, and as more and more data breaches happen as a result of lax (or nonexistent) security, more and more regulations are being proposed and passed. There are so many provincial and federal acts addressing e-Privacy across finance, health-care, and technology that it’s dizzying. It’s impossible to keep up, and when something is missed, Procurement, who will be made responsible for Procuring the technological systems needed by the organization and the third party services providers to help with proper configuration, will be the organization given the blame.

The technological sophistication required to achieve an acceptable level of security and privacy safeguards is through the roof.

It’s not just buying a new database with built in 256-bit encryption, it’s getting all of the data into the database, making sure the data is encrypted on the way in, making sure it goes through a secure, encrypted channel from the port from the old database to the new database, and making sure the new database is appropriately configured and locked down to only authorized access through only authorized channels. This configuration is not easy, given the complexity of today’s encryption technology, the complexity of the tools that need to be encrypted, the arsenal of freely available hacking tools on the deep web, and the average security and third party systems knowledge of an average system administrator. Procurement has to first identify true security experts with experience security the systems and software that need to be secured, source a firm, vet the experts presented, and ensure that the person who shows up is the person who is actually the person whom they are expecting. A tall order for an organization typically tasked with sourcing products to keep production and operations going.

Consumer fear combined with the a lack of technological understanding of the underlying security requirements makes this a difficult damnation to tackle, but one that is only going to get more relevant and immediate as time goes on.