Ensuring strong software security and integrity has never been more important because software drives the modern digital business. High-profile vulnerabilities discovered over the past few years, with the potential to lead to attacks against organizations using the software, have hammered home the need to be vigilant about vulnerability management.

Perhaps the most dramatic recent example was the zero-day vulnerability discovered in Apache’s popular open-source Log4j logging service. The logging utility is used by millions of Java applications, and the underlying flaw—called Log4Shell—can be exploited relatively easily to enable remote code execution on a compromised machine. The impact of the vulnerability was felt worldwide, and security teams had to scramble to find and mitigate the issue.

In November 2022, open-source toolkit developers announced two high-severity vulnerabilities that affect all versions of OpenSSL 3.0.0 up to 3.0.6. OpenSSL is a toolkit supporting secure communications in web servers and applications. As such, it’s a key component of the Transport Layer Security (TLS) protocol, which ensures that data sent over the internet is secure.

SBOMs as a solution

One of the most effective tools for finding and addressing such vulnerabilities and keeping software secure is the software bill of materials (SBOM). SBOMs are formal, machine-readable records that contain the details and supply chain relationships and licenses of all the different components used to create a particular software product. They are designed to be shared across organizations to provide transparency of the software components provided by different players in the supply chain.

Many software providers build their applications by relying on open-source and commercial software components. An SBOM enumerates these components, creating a “recipe” for how the software was created.

For example, something like the OpenSSL toolkit includes dependencies that are difficult or, in many cases, impossible for traditional vulnerability scanners to uncover. It requires a multilayered approach to help security teams identify third-party libraries associated with a software package. This is where an SBOM can help.

The U.S. Department of Commerce has stated that SBOMs provide those who produce, purchase, and operate the software with information that enhances their understanding of the supply chain. This enables multiple benefits, most notably the potential to track known newly emerged vulnerabilities and risks.

These records form a foundational data layer on which further security tools, practices, and assurances can be built, the Commerce Department says, and serve as the foundation for an evolving approach to software transparency.

A 2022 report by the Linux Foundation Research, based on a survey of 412 organizations from around the world, showed that 90% of the organizations had started their SBOM journey.

More than half of the survey participants said their organizations are addressing SBOMs in a few, some, or many areas of their business, and 23% said they are addressing them across nearly all areas of their business or have standard practices that include the use of SBOMs. Overall, 76% of organizations had a degree of SBOM readiness at the time of the survey.

The research showed that the use of open-source software is widespread and that software security is a top organizational priority. Given the worldwide efforts to address software security, SBOMs have emerged as a key enabler, it said. Growth of SBOM production or consumption was expected to accelerate by about 66% during 2022, leading to SBOM production or consumption use by 78% of organizations.

The top-three benefits of producing SBOMs identified by survey participants were that SBOMs made it easier for developers to understand dependencies across components in an application, monitor components for vulnerabilities, and manage license compliance.

Key features to consider

SBOMs are a key to quickly finding and fixing vulnerabilities before it’s too late. That’s because they dig deep into the various dependencies among software components, examining the compressed files with applications to effectively manage risk. It might take a software vendor days or weeks to confirm with its developers whether its products are affected or not. That’s too long a window of opportunity in which cybercriminals can exploit vulnerabilities.

With SBOMs, security teams can know exactly where an affected component is being used across applications in use within their organizations.

It’s important for organizations to understand that not all SBOM offerings from vendors are alike. An ideal solution delivers critical, real-time visibility into an organization’s software environments, enabling them to make better-informed decisions to manage risk.

SBOMs should be able to answer questions such as:

Exactly where is a particular software package located?Which open-source dependencies, if any, does an application use?Which version of the software package is running?Do any other applications use the software package?

A key capability includes having the ability to understand every software component at runtime, uncover software packages and break them apart to examine all constituent components without the need to engage the software vendor.

SBOMs should also be able to address any vulnerabilities or misconfigurations found in the various software components; take quick action to mitigate supply chain risk, even removing applications completely across affected endpoints; and optimize an organization’s investments in third-party tools by populating them with granular, accurate and real-time SBOM data.

The takeaway 

Digital businesses today rely on software to support all kinds of processes. In fact, it’s difficult to imagine any company operating without applications. Keeping software secure and reliable is essential for success today.

With solutions such as SBOMs, security teams at organizations can be confident that they have a good handle on all the complexities inherent in the software world, and that they are keeping up on any flaws that need to be addressed to keep applications secure.

Learn how Tanium’s Converged Endpoint Management (XEM) platform can address SBOMs to give your organization real-time visibility—even in the most complex software environments.

Security

Efficient supply chain operations are increasingly vital to business success, and for many enterprise, IT is the answer.

With over 2,000 suppliers and 35,000 components, Kanpur-based Lohia Group was facing challenges in managing its vendors and streamlining its supply chain. The capital goods company, which has been in textiles and flexible packaging for more than three decades, is a major supplier of end-to-end machinery for flexible woven (polypropylene and high-density polyethylene) packaging industry.

“In the absence of an integrated system, there was no control on vendor supply, which led to an increased and unbalanced inventory,” says Jagdip Kumar, CIO of Lohia. “There was also a mismatch between availability of stock and customer deliveries. At the warehouse level, we had no visibility with respect to what inventory we had and where it was located.”

Those issues were compounded by the fact that the lead time for certain components required to fulfill customer orders ranges from four to eight months. With such long component delivery cycles, client requirements often change. “The customer would want a different model of the machine, which required different components. As we used Excel and email, we were unable to quickly make course correction,” Kumar says. 

Jagdip Kumar, CIO, Lohia Corp

istock

Moreover, roughly 35% of the components involved in each customer order are customized based on the customer’s specific requirements. Long lead times and a lack of visibility at the supplier’s end meant procurement planning for these components was challenging, he says, adding that, in the absence of any ability to forecast demand, Lohia was often saddled with disbalanced (either extra or less) inventory.

The solution? Better IT.

Managing suppliers to enhance efficiency and customer experience

To manage its inventory and create a win-win situation for the company and its suppliers, Kumar opted to implement a vendor management solution.

“The solution was conceptualized with the goal of removing the manual effort required during the procurement process by automating most of the tasks of the company and the supplier while providing the updates that the former needed,” says Kumar.

“We roped in KPMG to develop the vendor portal for us on this SAP platform, which is developed on SAP BTP (Business Technology Platform), a business-centric, open, and unified platform for the entire SAP ecosystem,” he says.

The application was developed using SAP FIORI/UI5, while the backend was developed using SAP O-Data/ABAP services. The cloud-based front end is integrated with Lohia’s ERP system, thereby providing all relevant information in real-time. It took four months to implement the solution, which went live in September 2021.

With the new deployment, the company now knows the changes happening in real-time, be it the non-availability of material or a customer not making the payment or wanting to delay delivery of their ordered machine. “All these changes now get communicated to the vendors who prepone or postpone accordingly. Armed with complete visibility, we were able to reduce our inventory by 10%, which resulted in cost savings of around ₹ 200 million,” says Kumar.

The vendor portal has also automated several tasks such as schedule generation and gate entry, which have led to increases in productivity and efficiency.

“The schedules are now automatically generated through MRP [material requirement planning] giving visibility to our suppliers for the next three to four months, which helps them to plan their raw material requirements in advance and provide us timely material,” Kumar says. The result is a material shortage reduction of 15% and a 1.5X increase in productivity. “It has also helped us to give more firm commitments to our customers and our customers delivery has improved significantly, increasing customer trust,” he says.

“Earlier there was always a crowd at the gate as the entry of each truck took 10-15 minutes. The new solution automatically picks up the consignment details when the vendor ships it. At the gate, only the barcode is scanned, and truck entry is allowed entry. With 100 trucks coming in every day, we now save 200-300 minutes of precious time daily,” he says.

Kumar’s in-house development team worked in tandem with KPMG to build custom capabilities on the platform, such as automatic scheduling and FIFO (first in, first out) inventory valuation.

To ensure suppliers would adopt the solution, Lohia deployed its own team at each vendors’ premises for two to three days to teach them how to use the portal.

“We showcased the benefits that they could gain over the next two to three months by using the solution,” Kumar says. “We have been able to onboard 200 suppliers, who provide 80% of the components, on this portal. We may touch 90-95% by the end of this year.”

Streamlining warehouse operations to enhance productivity

At the company’s central warehouse in Kanpur, Kumar faced traceability issues related to its spare parts business. Also, stock was spread across multiple locations and most processes were manual, leading to inefficient and inaccurate spare parts dispatches.

“There were instances when a customer asked for 100 parts, and we supplied only 90 parts. There were also cases wherein a customer had asked for two different parts in different quantities, and we dispatched the entire quantity comprising only one part,” says Kumar. “Then there was the issue of preference. As we take all the payment upfront from our customers, our preference is to supply the spare part on a ‘first come first serve’ basis. However, there could be another customer whose factory was down because he was awaiting a part. We could not prioritize that customer’s delivery over others.”

That the contract workers were not literate, and the company had too much dependency on their experience was another bottleneck.

To overcome these problems, and to integrate its supply chain logistics with its warehouse and distribution processes, Lohia partnered with KPMG to deploy SAP EWM application on the cloud.

“We decided to optimize the warehouse processes with the usage of barcode, QR code, and wifi-enabled RF-based devices. There was also a need to synchronize warehouse activities through the integration of warehouse processes with tracking and traceability functions,” says Kumar. The implementation commenced on 01st April 2022, and it went live on 01st August 2022.

To achieve traceability, Kumar barcoded Lohia’s entire stock. “We now get a list from the system on the dispatchable order and its sequence. Earlier there was a lot of time wastage, as we didn’t know which part was kept in which portion of the warehouse. Employees no longer take the zig-zag path as the new solution provides the complete path and the sequence in which they must go and pick up the material,” Kumar says.

Kumar also implemented aATP (Advanced Available-to-Promise), which provides a response to order fulfilment inquiries in Sales and Production Planning. This feature within the EWM solution provides a check based on the present stock situation and any planned or anticipated stock receipts.

“The outcome was as per the expectations. There was improved inventory visibility across the warehouse as well as in-transit stock. The EWM dashboard helped warehouse supervisor to have controls on inbound, outbound, stocks overview, resource management, and physical inventory,” says Kumar.

“Earlier one person used to complete only 30 to 32 parts in a day but after this implementation, the same person dispatches 47 to 48 parts in a day, which is a significant jump of 50% in productivity. The entire process has become 100% accurate with no wrong supply. If there is short supply, it is known to us in advance. There is also a 25% reduction in overall turnaround time in inbound and outbound processes,” he adds.

Supply Chain Management Software

Supply chain disruptions have impacted businesses across all industries this year. To help ease the transport portion of that equation, Danish shipping giant Maersk is undertaking a transformation that provides a prime example of the power of computing at the edge.

Gavin Laybourne, global CIO of Maersk’s APM Terminals business, is embracing cutting-edge technologies to accelerate and fortify the global supply chain, working with technology giants to implement edge computing, private 5G networks, and thousands of IoT devices at its terminals to elevate the efficiency, quality, and visibility of the container ships Maersk uses to transport cargo across the oceans.

Laybourne, who is based in The Hague, Netherlands, oversees 67 terminals, which collectively handle roughly 15 million containers shipped from thousands of ports. He joined Maersk three years ago from the oil and gas industry and since then has been overseeing public and private clouds, applying data analytics to all processes, and preparing for what he calls the next-generation “smartport” based on a switch to edge computing in real-time processing.

“Edge provides processing of real-time computation — computer vision and real-time computation of algorithms for decision making,” Laybourne says. “I send data back to the cloud where I can afford a 5-10 millisecond delay of processing.”

Bringing computing power to the edge enables data to be analyzed in near real-time — a necessity in the supply chain — and that is not possible with the cloud alone, he says.

Laybourne has been working closely with Microsoft on the evolving edge infrastructure, which will be key in many industries requiring fast access to data, such as industrial and manufacturing sectors. Some in his company focus on moving the containers. Laybourne is one who moves the electrons.

Digitizing the port of the future

Maerk’s move to edge computing follows a major cloud migration performed just a few years ago. Most enterprises that shift to the cloud are likely to stay there, but Laybourne predicts many industrial conglomerates and manufacturers will follow Maersk to the edge.

“Two to three years ago, we put everything on the cloud, but what we’re doing now is different,” Laybourne says. “The cloud, for me, is not the North Star. We must have the edge. We need real-time instruction sets for machines [container handling equipment at container terminals in ports] and then we’ll use cloud technologies where the data is not time-sensitive.”

Laybourne’s IT team is working with Microsoft to move cloud data to the edge, where containers are removed from ships by automated cranes and transferred to predefined locations in the port. To date, Laybourne and his team have migrated about 40% of APM Terminals’ cloud data to the edge, with a target to hit 80% by the end of 2023 at all operated terminals.

As Laybourne sees it, the move positions Maersk to capitalize on a forthcoming sea change for the global supply chain, one that will be fueled by enhanced data analytics, improved connectivity via 5G/6G private networks, and satellite connectivity and industry standards to enable the interoperability between ports. To date, Maersk controls about 19% of the overall capacity in its market.

As part of Maersk’s edge infrastructure, container contents can be examined by myriad IoT sensors immediately upon arrival at the terminals. RFIDs can also be checked in promptly and entered into the manifest before being moved robotically to their temporary locations. In some terminals, such operations are still performed by people, with cargo recorded on paper and data not accessible in the cloud for hours or longer, Laybourne says.

Cybersecurity, of course, is another major initiative for Maersk, as is data interoperability. Laybourne represents the company on the Digital Container Shipping Association committee, which is creating interoperability standards “because our customers don’t want to deal with paper. They want to have a digital experience,” he says.

The work to digitize is well under way. Maersk uses real-time digital tools such as Track & Trace and Container Status Notifications, APIs, and Terminal Alerts to keep customers informed about cargo. Automated cranes and robotics have removed most of the dangerous, manual work done in the past, and have improved the company’s sustainability and decarbonization efforts, Laybourne notes.

“Robotic automation has been in play in this industry for many years,” he says, adding that the pandemic has shifted the mindset of business-as-usual to upskilling laborers and making the supply chain far more efficient.

“We have automated assets such as cranes and berth and then there’s [the challenge of] how to make them more autonomous. After the pandemic, customers are now starting to reconfigure their supply chains,” he says, adding that autonomous, next-generation robotics is a key goal. “If you think of the energy crisis, the Ukraine situation, inflation, and more, companies are coming to a new view of business continuity and future sustainability compliance.”

Top vendors such as Microsoft and Amazon are looking at edge computing use cases for all industries, not just transport and logistics. According to IDC, more than 50% of new IT infrastructure will be deployed at the edge in 2023.

Gartner calls implementations like Maersk’s the “cloud-out edge” model. “It is not as much about moving from the cloud to edge as it is about bringing the cloud capabilities closer to the end users,” says Sid Nag, vice president and analyst at Gartner. “This also allows for a much more pervasive and distributed model.”

Next-gen connectivity and AI on deck

Aside from its partnership with Microsoft on edge computing, Maersk is collaborating with Nokia and Verizon on building private 5G networks at its terminals and recently demonstrated a blueprint of its plans at the Verizon Innovation Center in Boston. The ongoing work is among the first steps toward a breakthrough in connectivity and security, Laybourne maintains.

“It’s technology that opens up a lot more in terms of its connectivity, and in some of our terminals, where we have mission-critical systems platforms, the latency that 5G can offer is fantastic,” he says, noting that it will allow the cargo to “call home” data every 10 milliseconds as opposed to weeks. “But the real breakthrough on 5G and LTE is that I can secure my own spectrum. I own that port — nobody else. That’s the real breakthrough.”

Garnter’s Nag agrees that private 5G and edge computing provide meaningful synergies. “Private 5G can guarantee high-speed connectivity and low latencies needed in industries where use cases usually involve the deployment of hundreds of IoT devices, which then in turn require inter connectivity between each other,” Nag says.

For Maersk, installing IoT sensors and devices is also revolutionizing terminal operations. In the past, the cargo in containers had to be inspected and recorded on paper. Looking forward, Laybourne says, the process will all be automated and data will be digitized quickly.

His data science team, for example, has written algorithms for computer vision devices that are installed within the container to get around-the-clock electronic eyes on the cargo and identify and possibly prevent damage or spoilage.

Edge computing with IoT sensors that incorporate computer vision and AI will also give customers what they’ve longed for some time, and most pointedly during the pandemic: almost instant access to cargo data upon arrival, as well as automated repairs or fixes.

“It can then decide whether there’s an intervention needed, such as maintenance or repair, and that information is released to the customer,” the CIO says, adding that cameras and data collection devices will be installed throughout terminals to monitor for anything, be it theft, lost cargo, or potentially unsafe conditions.

Maersk has also been working with AI pioneer Databricks to develop algorithms to make its IoT devices and automated processes smarter. The company’s data scientists have built machine learning models in-house to improve safety and identify cargo. Data scientists will some day up the ante with advanced models to make all processes autonomous.

And this, Laybourne maintains, is the holy grail: changing the character of the company and the industry.

“We’ve been a company with a culture of configurators. So now we’ve become a culture of builders,” the digital leader says. “We’re building a lot of the software ourselves.

This is where the data scientists sit and work on machine learning algorithms.”

For example, his data scientists are working on advanced ML models to handle exceptions or variations in data. They are also working on advanced planning and forecasting algorithms that will have an unprecedented impact on efficiencies. “Traditionally, this industry thinks about the next day,” the CIO says. “What we’re looking at actually is the next week, or the next three weeks.”

The core mission won’t change. But everything else will, he notes.

“We’re still going to have the job of lifting a box from a vessel into something else. Are we going to have autonomous floating containers and underseas hyperloops? I don’t think so,” Laybourne says, claiming the container industry is well behind others in its digital transformation but that is changing at lightning-fast speed. “Loading and unloading will still be part of the operation. But the technologies we put around it and in it will change everything.”

Cloud Computing, Edge Computing, Internet of Things, Supply Chain

Amazon Web Services (AWS) is making a foray into supply chain management with the release of a cloud application that integrates machine-learning to help large enterprises, which often use multiple ERP systems, get a unified view of suppliers, inventory, logistics and other supply-chain related components.

The launch of the application, dubbed AWS Supply Chain, comes at a time when the world has been hit with a myriad of supply chain issues, including the pandemic and ongoing war in Ukraine.

Supply chain management (SCM) is the fastest growing market in the enterprise application software segment and is estimated to generate sales of $20.24 billion in 2022, according to market research firm Gartner.

AWS Supply Chain, announced at AWS re:Invent Tuesday, can connect to existing enterprise resource planning (ERP) suites and supply chain management systems via built-in connectors to unify all data into a supply chain data lake, which can be later used to generate actionable insights, the company said. The connectors use pretrained machine learning models based on Amazon.com’s own history of supply chain data to extract and aggregate data from ERP and supply chain management systems.

Most enterprises today use disparate systems for supply chain management, which can  lead to delays in identifying potential supply chain disruptions, said Diego Pantoja-Navajas, vice president of AWS Supply Chain.

AWS Supply Chain offers map-based visualization

To provide supply chain visibility and combat this problem, AWS Supply Chain, which can be accessed via the AWS Management Console, provides a visual representation of the unified data on a real-time visual map that contains contextual information, the company said.

The map-based interface, along with contextual information such as inventory shortages or delays, can be used by inventory managers, demand planners and supply chain leaders to de-escalate potential disruptions, Pantoja-Navajas said, adding that the service could be set to generate alerts in case of disruptive scenarios.

Additionally, AWS Supply Chain will automatically provide recommended actions to resolve supply chain issues, such as moving inventory among locations, after considering factors such as the distance between facilities, and the impact on sustainability, the company said, adding that teams can collaborate within the application using its built-in chat and messaging functionality.

The new service, according to the company, is priced on a pay-as-you-consume model. AWS will charge $0.28 per hour for the first 10GB of storage and services. An additional $0.25 per GB per month will be charged when storage data exceeds 10GB, the company said.

AWS Supply Chain, which is in preview, can be accessed across US East (North Virginia), US West (Oregon), and Europe (Frankfurt), regions, the company said, adding that availability across more regions will follow soon.

Other products that AWS Supply Chain will compete with include Oracle Fusion Cloud SCM and Microsoft Dynamics 365 Supply Chain Management.

Cloud Computing, Supply Chain Management Software

The “endless aisle” concept isn’t new, but it’s definitely the future for many supply chain operators. This retail strategy enables customers at a physical store to virtually browse and order any products that are either out of stock or not sold in-store and have them shipped to the store or their home. A fulfillment center or another nearby retail location that has the item in stock fills their order.

Increasingly, consumers expect an endless aisle experience. The pandemic has accelerated the transition to digital shopping and fundamentally changed consumers’ purchasing mindset. Today’s consumers regularly buy everything from daily groceries to new cars online or through an app, and they expect fast delivery — even within an hour, in many cases. If the retailer they go to first can’t meet that expectation, the consumer can open any number of apps and purchase the same product from another retailer, either brick-and-mortar or online, and pick it up or have it delivered when they want it.

So, the pressure is on to create the endless aisle. However, supporting this strategy will require most supply chain operators to significantly modernize their operations, including implementing solutions powered by artificial intelligence (AI) and machine learning (ML). It requires a mindset shift for operators — from thinking about technology not only as a tool to help lower supply chain costs, but also as the key to preventing missed sales opportunities, filling more orders faster, and increasing profitability.

Top challenges to building the endless aisle

1. Legacy limitations and lack of insight

Many companies, especially in the retail space, have already focused a lot of attention on creating the front-end experience for the endless aisle, giving their customers various digital options for ordering products from both in-store and online inventories. But it’s on the back end where most businesses fall short on delivering this experience: They can’t get the right products from here to there fast enough.

Several issues can hinder an organization’s ability to achieve a true endless aisle experience:

Outdated facilities, order management systems, and supply chain processesInflexible systems that prevent order fulfillment from multiple warehouse or retail locationsThe lack of true, real-time visibility into inventory status (i.e., what is available, where it is located now and where it needs to be)The inability to project where the next order will most likely originate so that inventory can be staged at the closest location to fill that order at the lowest cost

AI and ML play a leading role in helping supply chain operators overcome these limitations and build a next-generation supply chain. Following is a closer look at how these advanced technologies can enable the endless aisle by helping organizations to develop intelligent warehousing and engage confidently in more predictive decision-making.

2. Creating smarter, more flexible warehouses

Historically, supply chain operators have had dedicated warehouses and distribution centers that serve specific customers or regions. That strategy creates complexities for companies in forecasting the type and amount of inventory needed at those facilities. The result is that companies can’t flex much or at all.

No organization can create smarter warehouses or a more agile, flexible supply chain without updating their back-end technology first. Most will also need to rethink their entire order management process — including whether there’s a different way to handle it rather than with their inflexible, traditional enterprise resource planning (ERP) system, which lets them map specific products only to specific locations and offers very little visibility.

If these organizations have intelligent warehousing systems within their supply chain, they could request and supply any inventory they have to any customer or geography at any time. They could also confidently enable the endless aisle concept while at the same time reducing shipping costs and delays.

To create intelligent warehousing and deliver the endless aisle, many organizations will need to wrap new technologies like AI and ML around their legacy ERP system to improve and extend its capabilities or even completely replace certain functions. Integrating their ERP system and warehouse management system will also be a critical measure to ensure efficiency and timeliness when the business eventually starts shipping inventory from more places to serve customers in any location.

3. Enabling more predictive, proactive decision-making

Predictive modeling, using both AI and ML, lets an organization know how much inventory to stock, and where to place the goods based on historical and current patterns and behaviors. This insight is a must for any supply chain operator that wants to stay ahead of trends, prepare for future sales, and accelerate order-to-fulfillment time.

ML is also an excellent tool for minimizing costs and lost revenue due to obsolescence, excess inventory, and stockouts. And AI tells the organization where future demand is likely to originate and suggests where future inventory should be placed as it arrives. AI also helps supply chain operators avoid costs from excess shipping charges, long transit times, and stockouts and obsolescence.

These advanced technologies are also essential to providing real-time data insights that inform supply chain “digital twins” — logical views of the physical supply chain used for simulation modeling — that allow the business to understand, well in advance, what options it has to fulfill customer requirements when supply chain disruptions inevitably occur.

Many companies that have made significant progress on their journey toward building a next-generation supply chain are also using AI and ML to enhance their forecasting so they can address their “SKU problem.” They are better able to determine what inventory they need to have on hand instead of keeping two of everything on the shelf “just in case.” More organizations are also embracing AI and ML as force multipliers for their supply chain workforce; intelligent automation is helping them overcome current labor shortages while allowing their existing workers to be more productive.

There is no one-size-fits-all approach to modernizing the supply chain, creating intelligent warehousing, and laying the groundwork for the endless aisle. Each company’s journey will vary in scope and duration. Some organizations will choose to augment their existing infrastructure with more intelligent solutions, while others will go so far as to set up entirely new and separate supply chain operations. But the need for change is urgent, and those businesses that act now regardless of any further disruption or uncertainty that may be on the horizon are those that will emerge as tomorrow’s supply chain leaders.

Learn more about Protiviti’s Emerging Technology Solutions and Supply Chain Services.

Connect with the authors:

John Weber

Director – Supply Chain, Protiviti

Geoff Weathersby

Director – IoT and Emerging Technology, Protiviti

Artificial Intelligence, Machine Learning

Supply chain management is a growing field and a satisfying profession, as a recent survey from the Association for Supply Chain Management (ASCM) found that 96% of those surveyed were highly satisfied with their career in SCM, with average rating of 8.4 out of 10. The survey also found that it pays to get certified: SCM pros with at least one certification get paid on average 19% more than those who aren’t certified, and those with two or three certifications earn salaries that are 39% and 50% higher than the median, respectively.

And with the global supply chain remaining a vital concern for businesses across nearly every industry, the value of those with verifiable SCM skills will likely only increase, especially as IT turns to analytics and other data-related measures to help alleviate issues businesses face with their supply chains.

Whether you’re already making a career in supply chain management, or want to break into the field, here are 12 supply chain management certifications that can round out your resume and give you a leg up against the competition.

Top 12 SCM certifications

ASCM Certified in Logistics, Transportation, and Distribution (CLTD)ASCM Certified in Production and Inventory Management (CPIM)ASCM Certified Supply Chain Professional certification (CSCP)ASCM Supply Chain Operations Reference (SCOR-P) EndorsementCertified Six Sigma Black BeltISM Certified Professional in Supply Management (CPSM)ISM Certified Professional in Supplier Diversity (CPSD)NCMA Certified Professional Contract Manager (CPCM)Oracle E-Business Suite 12 Supply Chain Certified Implementation Specialist: Oracle Purchasing CertificationSCPro Council of Supply Chain Management FundamentalsSCPro Council of Supply Chain Management Professionals (CSCMP)SOLE Certified Professional Logistician (CPL)

ASCM Certified in Logistics, Transportation, and Distribution (CLTD)

The Association for Supply Chain Management (ASCM), formerly known as the American Production and Inventory Control Society (APICS), offers a number of certifications to demonstrate your SCM skills. The ASCM Certified in Logistics, Transportation, and Distribution (CLTD) certification is designed for those focused on improving efficiency in distribution and warehousing in order to optimize the overall customer experience. The exam covers the best practices around logistics, transportation, and distribution with a focus on topics such as logistics overview, network design, sustainability and reverse logistics, capacity planning, demand management, order and inventory management, and global logistics and transportation. According to the ASCM, CLTD certified professionals report earning 25% higher salaries than those without the certification. To earn the CLTD designation, you will need to pass one exam, and to maintain the certification you will need to earn and submit 75 professional development maintenance points every five years.

Exam fee: $985 per exam for Plus members, $1,315 per exam for Core and nonmembers

ASCM Certified in Production and Inventory Management (CPIM)

You’ll need to pass two exams within three years to earn your Production and Inventory Management (CPIM) certification from ASCM, and you’ll need to maintain your certification every five years by completing 75 professional development points. If your certification isn’t maintained within five years, it will expire before the 10-year mark, and you will be required to retake the exam. For every year that your certification is suspended, you’ll need to submit an additional 15 professional development points. When considering the cost, remember that you’ll have to pay the fee for both exams — the fee only applies to one exam at a time. According to ASCM, those with a CPIM certification reporting earning up to 23% more per year over their uncertified peers. The exam covers supply chain fundamentals, plan supply, inventory management, continuous improvement and quality management, strategy, sales and operations planning, and inventory, among other topics.

Exam fee: $545 per exam for Plus members, $760 per exam for Core and nonmembers

ASCM Certified Supply Chain Professional certification (CSCP)

To be eligible to take ASCM’s Certified Supply Chain Professional exam, you’ll need three years related experience or a bachelor’s degree or international equivalent. As with the CPIM certification above, you’ll need to submit an extra 15 points for every year your certification is suspended if you let it lapse. The CSCP certification exam covers topics such as supply chains, demand management and forecasting, global supply chain networks, sourcing products and services, internal operations and inventory, supply chain risk, and optimization and sustainability. According to the ASCM, those with a CSCP certification report earning salaries that are 40% higher than their peers.

Exam fee: $1,095 for Plus members, $1,425 for Core and nonmembers

ASCM Supply Chain Operations Reference (SCOR-P) Endorsement

The SCOR-P endorsement from ASCM validates your knowledge in the Supply Chain Operations Reference (SCOR) model and methods. The SCOR model is a supply chain approach that helps link SCM to business goals, metrics, processes, and other internal departments and stakeholders. The exam is included in the course, which extensively covers the SCOR model to help you apply it to real-life supply chain problems, support organizational goals, improve efficiency, organize SCOR projects, and implement processes. To become SCOR-P certified, you will need to attend a three-day SCOR-P public training or an in-house corporate training where you’ll study the workbook material in a group setting and take the exam at the end of the three-day training. 

Exam fee: The exam is included in the course fee, which varies per program

Certified Six Sigma

The Six Sigma method was designed to streamline quality management and it’s still widely used today to help eliminate waste in processes, identify areas for improvement, and keep track of the supply chain while developing products. The Six Sigma certification scheme is often found within organizations, earning you “belts” as you move from green belt all the way up to black belt and make your way up the certification ladder. It’s typically used in large companies to create paths towards leadership in operations and to maintain a focus on efficiency and quality. The principles in Six Sigma can be extremely helpful for keeping your supply chain lean and agile, and it’s a valuable certification if you’re working in an organization that leans on the Six Sigma method.

Exam fee: Varies by location and provider

ISM Certified Professional in Supply Management (CPSM)

The Institute for Supply Management (ISM) offers a Professional in Supply Management (CPSM) certification that validates your knowledge on supply management functions across several industries. The ISM touts the CPSM as the “most recognized supply chain management certification” you can earn. To gain your credentials, you will need to pass three exams. The ISM offers several certification paths, including self-paced learning, learning bundles with everything you’ll need for all three exams, guided learning hybrid courses, and classroom-based training onsite at your organization. You can take the three exams in any order but to qualify, you’ll need three years of full-time SCM experience in a position that isn’t clerical or support. To maintain and renew your certification after four years, you’ll need to earn 60 hours of approved continuing education credits. If you already passed ISM’s CPSD certification (see below), you will not need to take the foundation exam for the CPSM certification, since it’s included in both. If you aren’t already a member, the cost of the nonmember fee for the exam also includes one year of ISM Direct membership.

Exam fee: $495 for members, $725 for nonmembers

ISM Certified Professional in Supplier Diversity (CPSD)

The second certification from the ISM is the Certified Professional Supplier Diversity (CPSD) certification, which you can earn on top of the CPSM certification from ISM. It’s a relatively unique certification that focuses on the growing demand for companies to “engage in supplier diversity to be socially responsible or to meet customer or federal requirements,” according to the ISM. The CPSD certification consists of two exams, but you can skip the foundational exam if you already hold your CPSM exam. To qualify for the exam, you’ll need three years of supplier diversity or management experience and a bachelor’s degree, or five years of experience. To maintain your certification, you’ll need to complete 50 hours of approved continuing education credits over a three-year period. According to the ISM, those with a CPSD certification earn around 10% more than their uncertified peers.

Exam fee: $229 for members, $379 for nonmembers

NCMA Certified Professional Contract Manager (CPCM)

The National Contract Management Association (NCMA) offers multiple certifications, including the Certified Professional Contract Manager (CPCM). The certification is designed for those who participate in government-to-business and business-to-business contract and subcontract activities, who want to better understand how buyers’ actions impact sellers and vice versa, and those interested in learning more about contract management. Candidates for the exam will need a strong understanding of the Certified Management Body of Knowledge (CMBOK) and a minimum of five years’ experience in a relevant field. The NCMA also offers a Certified Federal Contract Manager (CFCM) certification for those working in or with the government and a Certified Commercial Contract Manager (CCCM) certification for those in the commercial industry.

Exam fee: $135 for domestic, $160 for international exams

Oracle E-Business Suite 12 Supply Chain Certified Implementation Specialist: Oracle Purchasing Certification

The Oracle E-Business Suite 12 Supply Chain Certified Implementation Specialist certification is targeted at intermediate-level implementation team members who are members of the Oracle PartnerNetwork with a focus on selling and implementing Oracle E-Business Suite Supply Chain Management modules. The certification is designed to show employers that you have the right skillset to navigate the R12 E-Business Suite, enter data, pull information, form queries, and access online help. You’ll also need to know how to manage the purchasing process, set up and use the R12 Oracle Purchasing software, and navigate purchase orders. The exam covers topics such as navigating in R12 Oracle applications, introduction to Oracle Applications R12, shared entities and integration as well as the fundamentals of Flexfields, Multi-Org, and Workflow and Alerts. It also covers topics such as purchasing, suppliers, document security, routing and approval, RFQs and quotations, approved supplier lists and sourcing rules, requisitions, and automation.

Exam fee: $245

SCPro Council of Supply Chain Management Fundamentals

The SCPro Council of Supply Chain Management Fundamentals certification is an entry-level supply chain management certification that offers eight certification tracks that cover the most important aspects of SCM. These tracks include supply chain management principles, transportation operations, demand planning, manufacturing and service operations, customer service operations, warehouse operations, inventory management, supply management, and procurement. There are no eligibility requirements and each exam for the eight tracks consists of a 40-question multiple-choice format and the credentials do not expire or need renewal.

Exam fee: $200 per certification track

SCPro Council of Supply Chain Management Professionals (CSCMP)

The SCPro Council of Supply Chain Management Professionals (CSCMP) certification is unique in that it combines a multi-level education with a three-tiered exam process. There are three levels of SCPro certification and the first level, SCPro Level One, covers the fundamentals and eight elements of supply chain management. At the second level, SCPro Level Two: Analysis and Application of Supply Chain Challenges, you’ll be tested on your ability to apply SCM knowledge in various scenarios. The third and final level, SCPro Level Three: Initiation of Supply Chain Transformation, certifies your ability to “positively impact an organization” through a hands-on project that demonstrates your skills. You will need to renew your certification for all three levels every three years, which will require 60 hours of eligible professional development activities. You will need to complete at least 20 hours of professional development annually, but no more than 30 hours per year.

Level 1 exam fee: $650 for members, $975 for nonmembers

Level 2 exam fee: $1,095 for members, $1,500 for nonmembers

Level 3 exam fee: N/A

SOLE Certified Professional Logistician (CPL)

The International Society of Logistics (SOLE) offers a Certified Professional Logistician (CPL) certification in logistics, which is a key element of supply chain management in certain industries such as commerce, defense, federal and local government agencies, and education. The exam takes place twice a year in May and November over an eight-hour period, with two four-hour sessions; you will need to pass all four parts of the exam before you can earn your certification. It’s a relatively advanced certification — to qualify for the CPL exam, you’ll need at least nine years’ experience practicing or teaching logistics and two years’ experience in at least two fields of logistics. Each year of undergraduate accredited coursework in logistics subjects is equivalent to one year of professional experience, up to four years. For those with a master’s degree or doctoral degree, you’ll need four or three years’ additional experience, respectively.

Exam fee: $225 for members, $375 for nonmembers

More on supply chain management:

What is supply chain management? Mastering logistics end to endHow CIOs can help reduce supply chain anxietiesSupply chain woes? Analytics may be the answerSupply chain analytics: 5 tips for smoother logisticsSupply chain analytics: 3 success storiesWhat is SCOR? A model for improving supply chain management10 best graduate programs for supply chain managementCareers, Certifications, IT Skills, Supply Chain Management Software

One reason open source is popular in the enterprise is that it provides well-tested building blocks that can speed up the creation of sophisticated applications and services. But third-party software components and the convenience of packages and containers bring risks along with the benefits because the applications you build are only as secure as those dependencies.

Software supply chain attacks are becoming so widespread that Gartner listed them as the second biggest threat on for 2022. By 2025, the research firm predicts 45% of organizations globally will have experienced one or more software supply chain attacks — and 82% of CIOs think they will be vulnerable to them. These include attacks via vulnerabilities in widely used software components such as Log4j, attacks against the build pipeline (c.f., SolarWinds, Kaseya, and Codecov hacks), or hackers compromising package repositories themselves.

“Attackers have shifted priority from production environments to software supply chains because software supply chains are the weakest link,” explains Lior Levy, CEO of Cycode. “As long as software supply chains remain relatively easy targets, software supply chain attacks will increase.”

Recent high-profile incidents have been a wake-up call for the software development industry, says Rani Osnat, senior vice president of strategy at Aqua Security. “We’ve uncovered decades of opacity and lack of transparency and that’s why it’s such a big deal.”

Studies of codebases that use open source code shows that vulnerabilities and out-of-date or abandoned components are common: 81% of codebases had at least one vulnerability, 50% had more than one high-risk vulnerability, and 88% used components that weren’t the latest version or had no new development in two years.

These issues are unlikely to dent the popularity of open source though — and commercial software and services are also vulnerable. When LastPass was attacked it didn’t lose customer data, but an unauthorized party was able to view and download some of its source code, which might make it easier to attack users of the password manager in the future, and the Twilio breach enabled attackers to launch supply-chain attacks on downstream organizations.

The ‘shadow code’ threat

Just as security teams defend their networks as if already breached, CIOs must assume all code, internal or external, and even the development environments and tools their developers use have already been compromised and put policies in place to protect against and minimize the impact of attacks against their software supply chains.

In fact, Osnat suggests CIOs think about this “shadow code” the way they do about shadow IT. “This needs to be looked at as something that is not just a security problem, but really something that goes deep into how you obtain software, whether it’s open source or commercial: how you bring it into your environment, how you update it, what kind of controls you want to have in place and what kind of controls you want to demand from your suppliers,” he says.

Transparency: Toward a software bill of materials

Physical supply chains already use labels, ingredient lists, safety data sheets, and bills of materials so regulators and consumers know what ends up in products. New initiatives aim to apply similar approaches to software, helping organizations understand the web of dependencies and the attack surface of their software development process.

White House executive order 14028 on software supply chain security requires software vendors supplying the federal government to provide a software bill of materials (SBOM) and use the supply chain levels for software artifacts (SLSA) security checklist to prevent tampering. Because of this, “we’re seeing a lot of enterprises take a much more serious look at their software supply chain,” says senior Forrester analyst Janet Worthington. “All companies today both produce and consume software and we’re seeing more of the producers come to us and say, ‘How do I produce software that is secure and that I can attest to with a software bill of materials.’”

There are numerous cross-industry projects, including NIST’s National Initiative for Improving Cybersecurity in Supply Chains (NIICS), the Supply Chain Integrity, Transparency, and Trust (SCITT) initiative from Microsoft and other IETF members, as well as the OpenSSF Supply Chain Integrity Working Group.

“Everybody is taking a more holistic approach and saying, wait a minute, I need to know what I’m bringing into my supply chain that I’m creating the software with,” Worthington says.

A recent Linux Foundation survey found that SBOM awareness is high, with 47% of IT vendors, service providers, and regulated industries using SBOMs today and 88% expecting to use them in 2023.

SBOMs will be most useful to organizations that already have asset management for software components and APIs. “People who have robust software development processes today find it easier to slot in tools that can generate a software bill of materials,” Worthington says.

SBOMs can be created by the build system, or they can be generated by software composition analysis tools after the fact. Many tools can integrate into CI/CD pipelines and run as part of a build, or even when you pull down libraries, she says. “It can warn you: ‘Hey, you have this component in your pipeline and it’s got a critical issue, do you want to continue?’”

For that to be useful, you need clear policies on how developer teams acquire open-source software, says Chainguard CEO Dan Lorenc. “How do developers know what their company’s policies are for what’s considered ‘secure’ and how do they know that the open source they are acquiring, which constitutes the great majority of all software being used by developers these days, is indeed untampered with?”

He points at the open-source Sigstore project that JavaScript, Java, Kubernetes, and Python use to establish provenance for software packages. “Sigstore is to software integrity sort of what certs are to websites; they basically establish a chain of custody and trust verification system,” he says.

“I think a CIO should start by indoctrinating their developer teams in these fundamental steps of using emerging industry standard approaches for one, locking down build systems, and two, creating a repeatable method to verify trustworthiness of software artifacts before bringing them into the environment,” Lorenc says.

Making the contribution

Whether it’s components, APIs, or serverless functions, most organizations underestimate what they’re using by an order of magnitude unless they run routine inventories, Worthington points out. “They find out that some of these APIs aren’t using proper authentication methods or are maybe not written in a way that they expected them to be and maybe some of them are even deprecated,” she says.

Beyond vulnerabilities, evaluating the community support behind a package is as important as understanding what the code does because not all maintainers want the burden of having their code treated as a critical resource. “Not all open source is made the same,” she warns.

“Open source may be free to download but certainly the use of it is not free. Your use of it means that you as are responsible for understanding the security posture behind it, because it’s in your supply chain. You need to contribute back to it. Your developers need to participate in fixing vulnerabilities,” says Worthington, who suggests organizations should also be prepared to contribute monetarily, either directly to open-source projects or to initiatives that support them with resources and funds. “When you create an open-source strategy, part of that is understanding the budget and implications.”

Don’t think of that as just an expense, but as an opportunity to better understand the components you depend on. “It even helps retain developers because they feel like they’re part of the community. They’re being able to contribute their skills. They can use this on their resume,” she adds.

Remember that vulnerabilities can be found anywhere in your technology stack, including mainframes, which increasingly run Linux and open source as part of the workload but often lack the security processes and frameworks that have become common in other environments.

Protecting your pipeline

Protecting your software delivery pipeline is also important. NIST’s Secure Software Development Framework (SSDF) and SLSA is a good place to start: This covers best practices at various maturity levels starting with a simple build system, then using logs and metadata for audit and incident response through to a fully-secured build pipeline. The CNCF’s Software Supply Chain Best Practices white paper, Gartner’s guidance on mitigating software supply chain security risks, and Microsoft’s OSS Secure Supply Chain Framework, which includes both processes and tools, are also helpful.

It’s important to note, however, that simply turning on automated scanning tools intended to find malicious code can produce too many false positives to be helpful. And although version control systems such as BitBucket, GitHub, GitLab, and others include security and access protection features (including increasingly granular access policy controls, branch protection, code signing, requiring MFA for all contributors, and scanning for secrets and credentials), they often have to be explicitly enabled.

Also, projects such as Factory for Repeatable Secure Creation of Artifacts (FRSCA) that aim to secure build pipelines by implementing SLSA in a single stack aren’t yet ready for production, but CIOs should expect build systems to include more of these practices in future.

Indeed, while SBOMs are only part of the answer, the tools to create and work with them are also still maturing, as are the processes for requesting and consuming them. Contracts need to specify not only that you want SBOMs but how often you expect them to be updated and whether they will include vulnerability reports and notifications, Worthington advises. “If a new important vulnerability like Log4j is found, is the vendor going to tell me or am I going to have to search myself in the SBOM to see if I’m affected?”

Organizations will also need tools to read SBOMs and put in place processes to take actions on what these tools find. “I need a tool that can tell me what are the known vulnerabilities [in the SBOM], what are the licence implications, and does that happen continuously,” Worthington says.

CIOs should keep in mind that an SBOM “is an enabler but it doesn’t actually solve anything in terms of securing your supply chain. It helps you cope with incidents that might come your way,” says Osnat, who is optimistic about both the speed of industry response and the broad collaboration that’s going on around standards for SBOMs  and code attestation that will help make tools interoperable (something organizations raised as a particular concern in the Linux Foundation research). That could lead to the same improvements in the standards of transparency and reporting across the industry that SOC 2 delivered.

That said, CIOs don’t have to wait for new standards or tools to begin making security as much a part of the developer role as quality has become in recent years, Osnat says. His suggestion: “Start by getting your CISO and lead engineer in a room together to figure out what the right model is to make that work for your organization and how that transformation will occur.”

Application Security, Security Practices, Software Deployment, Software Development

For years, auto makers and dealers have used Salesforce for CRM — but it’s involved a hodge-podge of company-specific customizations. Now Salesforce is hoping to sweep that away with Salesforce Automotive Cloud, a dedicated platform for the auto industry that sticks close to industry standards on data exchange.

This new offering has arrived as auto makers rethink their relationships with dealers and intermediaries who handled face-to-face customer relations and local inventory since the pandemic made online auto sales and touchless delivery seem desirable. Until that point, few consumers wanted to spend tens of thousands of dollars on a car they had never seen or touched.

Michael Ramsey, a VP and automotive analyst at Gartner, said Automotive Cloud offers a way for auto makers to take back control of their branding.

“At a basic level, Salesforce built this because they could see that the auto companies were suddenly in need of actually delivering customer experience rather than relying on dealers to do it,” he said.

Achyut Jajoo, Salesforce’s company’s GM of manufacturing and automotive, pointed to moves Ford is already making to impose a new way of working on its dealers. “They basically want them to become more experiential,” he said. “The dealership of the future would actually look more like an Apple Store.”

Automotive Cloud is intended to help auto makers get closer to their customers by analyzing data not just about one person and their vehicle, Jajoo said, but their entire household and all interactions with dealers on one screen.

“And because we have that data, we can now recommend to dealers what next best action to take,” he said. “We’ve created tools to do this in a more declarative fashion, rather than custom coding.” The tools include a rules engine that can look at the data and fire off alerts and recommendations.

By gathering data from their dealers in one place, auto makers will also have a better picture of the market, Jajoo said.

“Now you can run performance analytics: what cars are selling, which make, model, model year, in which geographies, which dealer is performing better — all of those types of things,” he said.

Maintaining standards

One of the things that lubricates data flow around and between enterprises is compliance with standards. The US auto retail industry realized this almost two decades ago, and came together to create the nonprofit corporation Standards for Technology in Automotive Retail. STAR’s members include the National Automobile Dealers Association (NADA); automobile manufacturers such as Ford, GM, BMW, and Toyota; and IT vendors such as Microsoft, Nuspire, and Tech Mahindra. Many of STAR’s IT vendor members have offices in Detroit, once known as Motor City and increasingly becoming a hub for technology companies.

STAR deprecated its original flat file exchange format long ago, and now publishes over 200 XML message formats for Business Object Documents (BODs) covering everything from exchanging sales leads through arranging credit, selling the vehicle, servicing it, and ordering parts for repairs to resell it.

Salesforce adheres to STAR’s standards, making sure all necessary fields are available in its platform, said Jajoo: “Salesforce as a platform is API first, so it becomes easy for us to exchange information between parties.”

The company has created templates to facilitate that data exchange. “It’s an ecosystem play,” he says. “We extend this data out for your partners, whether they’re dealers, agents, or other third parties.”

That means companies adopting Automotive Cloud should be able to continue exchanging data with those using other STAR-compliant platforms.

But there’ll be more work involved for CIOs who have already built their automotive CRM systems on the Salesforce platform, as they’ll have to unwind years of customization in order to adopt Automotive Cloud.

“For legacy car companies, it will be a big leap to adopt the platform wholesale because most already have a pretty robust Customer 360-type database,” said Gartner’s Ramsey.

Toyota Financial Services is one of the companies looking forward to the migration challenge. Its digital information officer is excited by the potential Automotive Cloud offers to build more meaningful relationships with customers.

Accelerator peddling

Salesforce isn’t the only company targeting CRM solutions at the automotive industry. Microsoft offers an “automotive accelerator” for its Dynamics CRM product — but, as with Salesforce’s previous efforts, this is more about making it easier for customers to develop applications on top of the vanilla CRM tool to meet their needs, and less about providing a turnkey solution.

“Automotive Cloud provides a modular way to connect customer, car, dealer, and other parts of the organization together that need customer info, like finance, warranty and connected vehicle services,” said Ramsey. There needs to be something like this in place to manage customer IDs and all the interactions between companies, he said, adding, “I’m sure other companies will follow with some kind of vertical offering like this, but right now it fits in a niche that’s a step above a standard CRM and is something closer to a customer operating system,” he said.

CIO, Cloud Management

Data-driven supply chains continues to be a hot topic, given what’s happened over the last couple of years with the pandemic, lockdowns, transportation woes, container ships held outside ports, war in Ukraine and other issues wreaking havoc. Problems caused by these events are ongoing, but if addressed from a proactive rather than reactive standpoint, there are ways to mitigate their detrimental impact, especially when the analytics and processes become clear.

“What we’re seeing with clients, as we focus on a data-driven supply chain, is enabling data-backed decisions at all levels of the organization,” says Singleton. “Historically, supply chains have been slow to adopt technologies and analytics, but great strides have been made to upgrade systems to capture critical data in the supply chain. Now the question is how to return all of the data we have into transforming and enabling our people to make decisions—backed by that data—to create a proactive supply chain versus a reactive one to market conditions.”

Anticipating supply chain issues rather than responding to them is also a principal means to give companies an advantage over their competitors in terms of not only being able to access an increased amount of data, but having the means to effectively utilize that data in a customized and targeted way.

“Data in general has been exploding for years in all facets and all verticals,” says Abel. “And in the area of supply chain in particular, given the challenges of the pandemic, wars, chipageddon and everything else, the ability to leverage that data and create transparency up and down your entire supply chain, and run analytics on it, is the game changer now occurring.”

But when such compound disruption occurs, creating a battle on many fronts, that’s when the analytics and data become even more important because managing multiple crises at different points of the supply chain requires a more refined, targeted and accurate approach than wielding a blunt object. The ultimate goal is to eliminate the climate for crises before they happen in the first place, but the common denominator is talent and getting the right people in place who are equipped to find answers.

“We tend to focus on the technology, which generally relates to databases, BI and analytic solutions,” says Patel. “All of those things are fairly mature and available, and many companies have implemented them over the years. So we have good technology available and we want to use it effectively. But when we look at supply chain, a lot of data tends to be disparate, and getting that collected in one location or connected so you can do these deeper analytics and visualization across all of those data sets is a hard problem to solve. The people side of things is the hardest element. Far too many people are used to reports, dashboards and doing the basics and I think we need to raise the level of understanding of data and then help them with experts who can answer the hard questions.”

Abel, Patel and Singleton recently spoke with Ken Mingis, executive editor of Computerworld and host of the IDG Tech(talk) podcast, about organizational advantages realized through the data-driven supply chain, and enabling the right people to interpret that data to make more informed decisions.

Here are some edited excerpts of that conversation. Watch the full video below for more insights.

John Abel

John Abel on data management: Supply chain planning has been around forever. I know my role. I’m used to the rearview-looking aspect. Some don’t know the art of the possible or the potential there is, so it’s not that they don’t know what to do with it, but there’s no one on their team with the skill set to create the art of the possible.

So it’s bringing the skill sets into the organization in order to create. That’s where most companies are currently lagging. It’s going beyond the traditional view that supply chain professionals had of just delivering outcomes based on traditional KPIs. So going beyond that and combining traditional supply chain for information with customer data or with usage, or with customer experience, that’s when you start understanding what plays into your ecosystem of delivering better outcomes that bring top-line revenue or bottom-line cost reduction.

Those are the outcomes, ultimately, that drive most organizations. The one key thing is, if you haven’t already begun on this journey, starting sooner rather than later is key. Just look at the available data and understand that. Then arm yourself with the right talent to understand your ecosystem and how you get the right outcomes.

Manesh Patel

Manesh Patel on handling expectations: One thing many companies did was manage their supply chains in a standard capability. If we think about MRP, communicating downstream to suppliers and vendors and so on, that’s a complex problem statement in the first place. And I think just doing the day-to-day, week-to-week sort of processes was onerous in the first place and a lot of companies were focused on that.

Then with the pandemic, we all started to react and handle these exceptions, which are much harder to do because they’re all different. And I think we’ve become more adept at addressing those exceptions in the last three years. We still have a long way to go though. Grasping those exceptions has become very critical and one thing we’ve realized is this is not a one-off thing. Whether for a war, climate or something else, it is a reality of our future.

Erik Singleton

Erik Singleton on data literacy: A warehouse supervisor before might have looked at a dock or floor and said, “Okay, I’m doing good for the day.” But now they can see key metrics and concrete UPHs or KPIs. But how do they action on that? Just having the data is not enough. It’s teaching your people to think with a data mindset and really get them articulate, interpret and analyze data that has a meaningful impact. So there are so many components of just integrating, but then it’s also empowering people to use the information they have.

John Abel on data volume: Data volumes are growing everywhere. The good news is the technology side can handle that. We’re able to process and select large amounts of data but the reality is that people are getting overwhelmed. So how do you turn massive recent explosions in data into value, and what are the analytics you use?

One use case is we’re helping a customer in the sporting world by outfitting stadiums with networking devices to get huge amounts of data and give analytics back, which then they can turn into more value for their customers. The people who can look at the volumes coming in, parse it down and turn it into value are a unique skill set and hard to come by. It’s really about taking large amounts of data in your ecosystem and beyond your ecosystem, and finding what value you can drive by using analytics.

Supply Chain

Many view today’s supply chains as true marvels of modern existence — push a button and a desired object is delivered to one’s doorstep. Others see modern supply chains disrupting local economies and damaging the environment.

Massively complex, interdependent, and subject to disruptions, supply chains were, for the most part just a few years ago, the purview of midlevel executives operating out of sight of newsrooms and boardrooms. The pandemic, escalating geopolitical tensions, cyberattacks, and severe weather events have made the supply chain a universal issue subject to boardroom and even White House scrutiny.

Supply chain disruptions and irregularities leading to shortages, delays, and escalating price increases have become defining realities of modern business today. So too is the fallout of an ever-expanding knowledge set that sees modern enterprises filled with black boxes of “we-know-it’s-important-but-we-don’t-really-understand-it” specialty areas. Supply chain used to be one of those black boxes. But CEOs and boards of directors are now demanding that the supply chain black box be opened and fully explained. This is not a trivial exercise — and it is one that CIOs need to undertake strategically.

The CIO as transparency and data delivery champion

Prior to the pandemic, most people — even businesses — took supply chains for granted. You wanted something, or needed a part to produce a product, and you simply ordered it and it would be delivered — quickly, affordably, and with forecastable precision. This is no longer the case. Supply chain realities are changing how organizations operate, and how they design and deliver new products and services.

But the first step to making supply chains more resilient is transparency. For IT, this means mapping the total end-to-end flow of material, tasks, and costs from product/service design to ultimate customer delivery. This exercise will surface high-risk areas of the supply chain such as the auto industry’s overdependence on a few semiconductor factories in Taiwan, or the global pharmaceutical sectors’ reliance on Chinese supplies for foundational life science ingredients.

One life sciences organization had secured the raw materials needed to manufacture its end product but failed to account for supply issues with the packaging of that medicine. Shortages in the ink used to print expiration dates on the packaging made shipping the product impossible. The adequate supply of ink for labeling, not raw materials for production, had become the bottleneck in the supply chain. Companies must pay attention to all aspects of their supply chain.

Of course, history tells us that management teams have a tendency to overcorrect in response to many crises. Yes, we have learned that existing supply chains are not as resilient as we thought. But before rearchitecting the entire supply chain, CIOs and their C-suite colleagues need to collect estimates regarding how much will more money resilient supply chains will actually cost.

Scholars at the DHL Initiative on Globalization at the NYU Stern Center for the Future of Management remind us that attitudes regarding supply chain strategies are not etched in stone: “In an April 2020 survey, 83% of executives said their companies planned on nearshoring to regionalize their supply chains. When the same survey was repeated in March-April 2021, only 23% still said they were planning on nearshoring.”

Historically the CIO and the IT organization have delivered and managed the transactional and information systems that drive the supply chain. In most organizations, IT and the CIO have not taken the responsibility of aggregating and making sense of the end-to-end data supply chain systems generate. They should assist the data analytics team in implementing digital dashboards for end-to-end supply chain visibility.

Supply chain analytics are the key way CIOs can help address this central business issue — and help ensure the strategic response on the part of the business to supply issues is measured, realistic, and impactful.

As for customers’ concerns about the impact of supply chains on the environment, analytics can too play a part — as well as messaging.

Research at MIT’s Sustainable Supply Chain Lab shows that with the proper messaging, “70% of the consumers surveyed were willing to delay home deliveries by approximately five days if given an environmental incentive to do so at the time of purchase.” Furthermore, the words used to describe the eco-benefit mattered as well: “Around 90% of respondents accepted slower deliveries when they were told about the number of trees saved, compared with 40% of those who were told about reduced emissions.”

So, in addition to helping establish ESG-related metrics around the impact of their companies supply chains, CIOs can also help establish channels for open and honest communication with customers regarding supply chain realities through customer engagement initiatives aimed at putting data to work to assuage their concerns.

Supply Chain