Category Archives: SaaS

Online Snafus Will Not Be The End of Home Depot … (HD Part I)

As chronicled in a recent issue of StoreFront BackTalk, a recent try at not shutting down completely “Left Home Depot Customers Running in Circles” (which is terrible as there was no danger and there should have been no doubt*). Basically, what happened was that on Wednesday, February 1st, Home Depot took its web site offline to upgrade IBM Websphere from v. 6 to v. 7 (in a blatant display that it doesn’t understand e-Commerce very well, but that won’t be the end of Home Depot either, so that’s ok). This wasn’t the problem — the problem was that, in an effort to ensure that visitors still had something to look at, the “Pardon Our Dust” page that informed customers the site was temporarily down included a link to the company blog (still up) that had a new post for Do-It-Yourselfers at the top of the page. What’s wrong with that? Well, the post linked back to the product on the Home Depot site which was, naturally, redirected to the “Pardon Our Dust” page. Most of the other links went to a “Moved Permanently” Page which, in turn, linked either to another “Moved Permanently” page or the “Pardon Our Dust” page. The customer was left chasing his own tail. It was bad, and, as StoreFront BackTalk suggested, they should have just closed the e-Store for the day.

But it won’t be the end of Home Depot by any stretch of the imagination, even though e-Commerce folk still grumble that sites today — with mirroring and cloud options — shouldn’t have to shut down at all for simple scheduled software upgrades, as pointed out in StoreFront BackTalk’s follow-up on how Home-Depot’s WeekDay Noon Shutdown “Made Perfect Clock Sense”. After all, the retailer does most of its online business on weekends and mornings, and with an 18 hour upgrade, that left noon on a weekday — so it either had to pony up the $$$’s to replicate it’s site during the outage or take the small revenue loss from being down for the 18 hours that were projected to be the least revenue producing. (And sometimes it can be more distracting, and thus more costly, to aim for 100% uptime because if something doesn’t re-route properly, a poorly working site can do more reputation damage than a site that’s taken down completely and replaced with a pleasant notification. After all, Apple takes their online store down all the time and they still make a fortune as their customers know their will be new and better products to buy when it comes back up.)

And then there’s the customer reality to consider.

  • Customers Understand All Sites Need to Go Down For Maintenance
    They just want to be notified — and not run in circles if the site is down. And if Home Depot apologizes for this oversight in its maintenance, they’ll forgive it.
  • Most of Home Depot’s Business Is In Store
    I don’t know the stats, but I know the reality. (1) Before an average consumer buys something for her home — which is going to cost quite a few shiny nickels — she wants to see it. Most people use the on-line site for research. When they purchase, it’s typically because they’ve already seen the product in the store and are ordering it online because they want it delivered. (2) Most of their big dollar transactions are from contractors. And contractors are buying in the store, not online. That’s why they have contractor sections in the store.
  • Only a very small percentage of (potential) customers would have visited the site in that 18 hour window and noticed the problem.
    Again, most customers are using it primarily for research for DIY products, which is happening mainly on the weekend, or to order something they researched and found in-store on the weekend or the night before, which is happening mainly in the morning.
  • No animals were harmed by the downtime and no child labour was sweating in a factory to bring the site back up.
    e-commerce snafus don’t bring down a 68 Billion dollar plus home improvement chain. A one-day snafu won’t even make a noticeable change to its bottom line. Let’s face it — a small corporate social responsibility slip-up such as forgetting to audit a supplier’s supplier who uses child labour will do much more damage to its brand and bottom line than any website snafu ever will.

To make a long story short, it had a snafu, but it has nothing to worry about as a result. However, this doesn’t mean it has nothing to worry about. It has a lot to worry about. In fact, it’s entire business could be at stake as you read this. And the sad thing is, Home Depot might not even know it!

*Don’t get it? Too bad … but on the bright side, you feel just like a Home Depot customer who visited the site after 11:59 am on February 1st!

Risk Mitigation 2012: Technology

In the last six posts we covered the World Economic Forum‘s recently released 6th annual Global Risks report, 2011 edition. The report was filled with risk, thirty-seven types of risk divided into five categories to be precise. In the last five posts, we covered the top five risks in each category — Technology, Society, Environment, Geopolitics, and the Economy — from Sourcing Innovation’s perspective.

However, just knowing that your supply chain is fraught with risk is not very useful. That’s a given in these trying and troublesome times. What’s more useful is knowing what you can do about it. In the next five posts we will cover some ideas for planning and preparing for each risk Sourcing Innovation identified as a top three category risk to your supply chain, starting with Technology.

03: Threats from New Technology

As per our last post on technology, if a competitor latches onto, and implements a new technology before your company, it may be able to lower its production and operating costs well below your production and operating costs. Should this happen, the competitor may also be able to increase its revenue at the expense of yours. Then your organization will face declining revenues with higher costs. Profits will disappear. And bankruptcy could follow. But it does not have to be this way.

Instead, your supply management organization can keep up with technological advancement and stay on the leading edge. It can identify new technologies as they are brought to market, follow them, and, as soon as they show maturity and promise, bring them into the organization. Then it can be the company that lowers its production and operating costs, and increases its revenues, before the competition.

02: Online Data and Information Security

Average hackers may want consumer credit card data for quick, easy, illicit gain, but hackers employed by corporations for purposes of corporate espionage want your data — and your supply management data in particular. What are you making? What are the specifications? Where? With who? When are you shipping? From Where? With what carrier? If any of this data finds its way to your competition before you’re ready to release a new product, the losses could be crippling. What if your competitor is able to use your plans to jump-start their development of a better version and beat you to market? What if thieves intercept your critical shipments and sell your product on the black market?

Fortunately, you can protect your data. There are some very simple things you can do. First of all, you can encrypt all of your data with an industrial strength encryption algorithm using industrial strength encryption programs tested and proven secure, to the degree possible, by third party security firms. Secondly, you can secure your systems from penetration by using industrial strength firewalls and anti-malware software. Virtually unbreakable encryption is good. But hackers not even having your encrypted data is even better. Thirdly, you can avoid third-party multi-tenant cloud solutions that you have no control over. First of all, you have no idea where you data is. Maybe it’s on a hardened server behind two firewalls in a guarded secure-access retina-scan and thumb-print facility that is designed to withstand bombs, and maybe it is on a back-up server in the open back-room of the managing company’s offices. You don’t know. Secondly, even if the server is guarded by firewalls and “locked-down” to installed applications only, if even one database on the server is broken by a hacker, whether or not it is your system, that can be used as an entry point to gain access to the entire system. Unless its your virtual Fort Knox, it’s not as secure as you think it is.

01: Critical Information Infrastructure Breakdown

Make sure all critical data is stored on secure servers in secure facilities that are geographically remote and accessible 24/7. Also have a third data centre location that can be brought online, with a complete copy of backed-up data, within 24 hours if the primary or secondary facility goes down (and make sure incremental backups are performed at least hourly). Make sure these facilities have redundant fibre channels, from redundant providers, inbound and outbound, and make sure that there is a satellite link for retrieving critical data should all channels suddenly go dark. Also make sure these facilities have UPS and at least 24 hours of backup power to insure that all necessary data can be extracted should the wire-lines go down or the facility need to be abandoned (due to geopolitical unrest in the region or a long-term power or line failure; and if this is the case, be sure there are auto-destruct programs in place that will wipe all data via multiple, random, writes). Make sure that you have a disaster response plan in place that has identified the location of a back-up operations centre that can be brought on-line in case your main operations centre goes dark. Make sure each satellite office knows where the back-up operations centre will be and how to contact that location should the head office or one or more satellite locations become unreachable. It might not be possible to plan for every contingency, but it is possible to devise a plan that would cover most contingencies and allow operations to resume, at least minimally, within 24 hours.

Remember, You Can’t Control the Clouds!

Even though futurists have been predicting weather control for well over half a century, and even though the US Government tried to control the weather for over 20 years (primarily with respect to storm prevention), the reality is that we still can not control the weather, or the clouds.

Thus, the clouds, which are not fluffy magic boxes and not omniscient magic mirrors, and which are, in fact, filled with hail despite your sweet fluffy dreams to the contrary, are perfect metaphors for the new breed of virtual hosting solutions being offered by countless vendors.

As per a recent Ponemon Institute study, as summarized by this recent CFO article on “Cloud Control”, a significant majority of 127 cloud-computing service providers surveyed believe it is their customers’ responsibility to secure the cloud, not theirs!

When Bruce Lynne, managing partner of Financial Executives Consulting Group, said Cloud is just a fancy word for outsourcing, he was right and, as a smart CFO knows, when a company outsources, it sheds work, not responsibility. And the Cloud is inherently insecure. Heck, even Amazon has “no liability … for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications”.

And private clouds are no more secure than public clouds, because your data is still on a virtualized platform and this means that when a hacker accesses one server, he accesses them all! Almost instantaneously!

Plus, you have no idea how long your data hangs around if the service doesn’t fail. 90 days? 1 year? For as long as the service exists? Maybe the provider deletes your archived e-mails after 90 days as per the contract and your corporate data retention policies. Maybe the provider doesn’t. And you might not find out until you get sued and have to turn over 3 year old e-mails that weren’t supposed to be kept. And more importantly, how quickly can the provider retrieve all of your corporate e-mails for the past 90 days from the 10,000 employee data store that you have to turn over for discovery?

And then there’s the problem that it doesn’t matter how secure you are or how secure the provider is if even one of the cloud provider’s customers is insecure. Remember, it only takes one hacker to penetrate one server and … boom … game over.

Can SaaS Solutions Improve Supply Chain Network Quality?

A recent article over on Supply & Demand Chain Executive on a holistic view of quality described the four steps to applying a cloud-based solution to establish a quality supply network. In this post, we’ll review the four steps presented and then discuss whether or not SaaS (Software as a Service), because “cloud” is undefined and irrelevant, can really improve your network quality.

The author is correct in that a number of trends (including a greater reliance on component suppliers, outsourcing of subassemblies and offshore manufacturing) are dramatically changing the supply base and challenging the ability of brand owners to manage their supply chains and ensure quality. And the author is also correct when he states that access to data is unpredictable across the supply chain and this is a problem. If all you get is a number of reports that are incomplete, inconsistent formats after the fact, that’s just not good enough — especially if you need to interpret the data in real time to take effective, corrective, actions.

And he’s also right in that, when outsourcing (to far-flung locales), intermittent inspections are not enough. A quality trend analysis, built from the continuous monitoring of quality, is required. However, retesting after you get a delivery does nothing to insure quality of supply — it only prevents defects from reaching the consumer. And if this results in a stock out six weeks before Christmas, this could be devastating.

That’s why a quality supply network, which insures quality before product leaves the manufacturer, is required. According to the author, this is achieved by:

  1. Capturing the Data
    Extract as much data as you can from suppliers’ manufacturing execution systems and/or spreadsheets into a common format.
  2. Uploading the Data
    Aggregate, synchronize, and retain the data on common servers where the supplier and brand owner have secure access.
  3. Analyzing the Data
    to gain insight into quality issues and trends (in real-time)
  4. Gathering Insight from the Data
    by way of an intelligent, multidimensional pattern recognition tool that identifies the data clusters where anomalies and issues are

And, at least according to the author, the best way to do this is a cloud-based solution because manufacturers do not need to make significant IT investments to build a quality network and you can quickly bring alternate manufacturers online and monitor their product quality, ensuring the results you need and minimizing the impact to delivery schedules.

This is true, but he is making / implying a couple of incorrect assumptions.

  • Cloud offers no advantages over SaaS
    and, furthermore, you don’t even need to have a true SaaS application or have it externally hosted! You could have a traditional web-based solution in your data centre. As long as suppliers can easily upload their data or provide you web access to their data feeds, it doesn’t matter if it’s cloud, SaaS, or just web-enabled. As long as everyone who needs the data can get it when, and how, they need it, problem solved.
  • You don’t need a multidimensional pattern recognition tool.
    All you need is a good data analysis tool and a smart analyst — because no tool will ever be smarter than the analyst driving it. As long as she can build the cubes she needs, create the appropriate multi-dimensional reports, and capture trends — she’ll spot the issues.

In short, SaaS doesn’t improve supply network quality — real-time data sharing and analysis improves supply network quality. A SaaS solution can enable this, but it’s not always necessary and not a complete solution in and of itself (as you will always need a smart brand owner and smart analyst driving the solution).

Thank You Brian! Building Apps IS Wrong!

In a recent post over on Software & Services Safari, Mr. Brian Sommer tells us that Building Apps is Wrong! and, as far as the doctor is concerned, he couldn’t be more right!

According to Brian:

      Software application development has been going on for decades. In the old world of software, applications took a (usually accounting) business event and then validated, stored and reported it. These were internal usage utilities that dealt with internal data. That’s the wrong perspective to have today. Businesses don’t want apps – they need ‘capabilities’. Moreover, they need capabilities that serve different kinds of information to different kinds of smart devices to mobile, interconnected workers.

And, as Brian points out, not only do interconnected workers that want to access information whenever and wherever they are, they want one user interface no matter how many solutions are serving up information on their device.

This means that a Desktop App, an iOS App, an Android App, a Windows App, each customized to the browser or platform, is not the way to go. When you customize to the platform, you tend to drift away from the current UI to the new UI until you have a hodge-podge of interfaces across a dozen platforms. Unless you want to develop your own extensions to the default development libraries on each platform, and alter your UI to be observant of the limitations of each library, you need to focus on a platform-independent delivery method (such as mobile-compatible HTML 5) and focus on what the user really wants — a slick, information-rich, user experience, and not a solution exclusively oriented around the data and the capabilities of the platform.

After all, as Brian points out, what the user really wants is:

  • Context to enrich and complete transactions, customer interactions, etc.
  • Information served up at point of need
  • Information designed to answer the worker’s or customer’s needs
  • Information beyond transactional data
  • A solution that makes the most of data, voice and video

and not flash. If they want HD graphics, they’ll fire up a HD game.