Selecting the type of Cloud application
Cloud computing is a valid technology approach for transmitting data and information through supply chains, but do not commence the discussion from the view of cost savings. Instead, evaluate the risk factors for your organisation to enable identification of the total cost.
Software as a Service (SaaS) is a favoured business model among application suppliers, whereby a service provider supplies IT services and and/or applications via the Cloud. This is internet-based infrastructure which resides somewhere else.
When considering the potential of using Cloud computing in your supply chains, an initial policy decision must consider where in supply chains work should the technology be used. Whether to host core business applications, or only access applications that augment ERP planning with applications that assist decision-making.
The diagram illustrates a fishbo0ne diagram with ERP as the backbone linked with applications associated with analysis, analytics and communications; that is Supply Chain Analysis and Planning or SNAP application. The previous blogpost discussed the possible requirements to consider when trialling an application that assists communication between parties in a supply chain.
The applications will access data from the ERP data base and return updated information to the core application – corporate data does not leave the organisation. While holding corporate data in-house leaves the organisation open to cyber security risks, it removes the risks of trusting data storage, processing and access to outside parties.
The Cloud is a supply chain
Similar to material supply chains, the nodes and links of SaaS application product are rarely fully known to the end user. Commercial software developers that wish to reduce capital expenditure and in-house IT resources will contract with Platform as a Service (PaaS) providers.
These organisations host the application and data from the application provider’s customers, so their data could be located anywhere. The software developer may promote the location of its head office concerning product design, but the actual programming may be done in other countries by contractors. There may also be purchase contracts with other software developers to use particular modules or technologies in the final application.
Applications for peripheral tasks may be sold as a ‘freemium’, whereby the main application can be downloaded in a limited (but usable) form, with access via ‘the Cloud’ at no cost. Additional functionality is promoted as available for an ongoing fee. This model provides for the core application to be downloaded and used, without going through an organisation’s internal buying and evaluation process.
This purchase model can provide what salespeople call ‘stickyness’ for the supplier, as it can provide a continuing income stream, while the provider maintains ownership and development control of the application. However, it adds to the ‘maverick’ purchases which are not known to Procurement until the users request permissions to access data from the ERP data base.
Contracts with Cloud suppliers
As a user organisation moves through Cloud technology, from Infrastructure as a Service (IaaS) to Platform as a Service (PaaS) to Software as a Service (SaaS), the product from a supplier will becomes more standardised. Therefore, the terms and conditions (T&Cs) in the contract become more generic, which the supplier is less willing to negotiate.
Using an application via the Cloud will require a contract that initially may appear to be satisfactory. And, once locked-in to the contract, users will then need to agree future updates and conditions attached to the service.
So, what happens when there is a major problem with the supplier, or there is a takeover of your organisation, or at the Cloud services supplier?
At the level of peripheral applications, you could cease payments and move to another application, although the more enhancements used with multiple parties in the supply network, the more difficult this will be. At the IaaS and PaaS levels the provider will not want to lose a long-term customer and its monthly payment., It could therefore delay replying to telephone calls and emails; be unwilling to identify where the organisation’s data is actually stored; say that it does not have the expertise to undertake any conversion and reformatting of customer’s data and other stalling tactics.
IaaS and PaaS contracts are more likely to be negotiated by Procurement. Do not be lulled into ‘good feelings’ about collaboration via the Cloud, due to use of the term ‘partnership’ by the application provider. They have a commercial incentive to incorporate clauses that lock customers into the contract for its full term (with penalties for transgression) and to maintain the income stream.
Before deciding to use a SaaS collaboration application to communicate within the supply chains group and with suppliers, contractors and 3PLs, have the contract T&Cs or service level agreement (SLA) reviewed by Procurement. The review should address:
- protection of information – security and compliance
- liability for service not provided, data not stored correctly or lost data
- performance (delivery and uptime) by the supplier
- dispute resolution with (most likely) an overseas registered legal entity
- ending the arrangement/agreement
Risks in the Cloud
The more that your supply chains digitise, the more complex becomes the supply network, due to the increasing:
- Cloud Platforms and supply chain collaboration type applications accessed
- Potential outcomes if the way that data is passed/communicated between parties in your supply network is changed and
- Locations where supply network data stored and processed
Also, the risks associated with lapses in security in organisations are increasing. This should requires your business to: evaluate its cyber security capability, especially in supply chains; know where the security vulnerabilities will most likely reside and have employees trained in safe cyber practices. In reality, this will not occur in many organisations. The Supply Chains group IT strategy should therefore consider the:
- need among the supply chain disciplines for migration to Cloud computing, access to internal data and permissions required to access
- potential security vulnerabilities in the supply chains
- technical and cultural alignment required across customer and supplier companies and borders
- capability and training required for people to use collaboration type applications
- total cost and ROI targets for executive sign-off of the capital expenditure (Capex) authority
The essential future requirement for your ERP system is to be the backbone for all transactions through the enterprise and be the data base for managing the stored data. Be cautious about decisions to put ERP onto the Cloud. However, applications that access the ERP data for analysis, analytics and communications are capable of being in the Cloud, but only after a total cost evaluation.