IT decision makers demand transparency with their tech purchases

The supply chain of tech products have become complicated and require transparency.

About two-thirds of B2B IT buyers have experienced vendor challenges during the global pandemic, states PROS in its latest research.

According to its research buyers want vendors that offer digital purchasing and personalised pricing. These buyers want vendors that offer digital purchasing and personalised pricing through self-service channels.

The global study, conducted by Hanover Research on behalf of PROS in June 2020, examined the expectations of 210 procurement and purchasing leaders from 11 countries on what drives business buyers to select certain vendors, what causes them to switch to new vendors, and what they value in the purchase experience.

The respondents were from businesses across a variety of industries, including industrial manufacturing, IT services, oil and gas, chemicals and healthcare.

The “COVID-19 B2B Buying Trends Report” also reveals that B2B buyers are more likely to purchase from vendors that offer digital self-serve purchasing channels, are quick to respond to buyer inquiries, provide personalised and consistent pricing and offer a transparent view of inventory. Procurement and purchasing leaders have steadily been shifting purchasing from traditional reliance on sales reps to self-serve ordering through digital channels, and according to the survey, COVID-19 has dramatically accelerated this shift.

Key findings from the survey indicate:

  • Since the start of COVID-19, 37 per cent of businesses are primarily purchasing through digital channels – up from 29 per cent prior to the outbreak and expected to continue rise to 40 per cent post-pandemic
  • Only one-third of buyers stated that most of their vendors were well-prepared and had already enabled digital channels

The top three challenges identified by B2B buyers in working with their vendors were:

  • Slow and inefficient responses
  • Inconsistent, highly variable pricing
  • Lack of transparency into inventory

The survey also revealed vendor preferences have changed for three quarters of companies because of COVID-19. About 70 per cent of buyers reported current conditions are compelling them to shift their vendor preferences due to challenges in working with existing vendors, while 19 per cent of which said they were shifting preferences “a great deal”.

Competitive pricing (40 per cent), supply availability (39 per cent) and better digital purchasing experience (35 per cent) are top drivers of change in vendor preferences

The survey confirms purchasing professionals are quickly moving wallet share to vendors that can offer competitive prices, personalised digital experiences, and transparency into inventory across digital self-serve channels, said Valerie Howard solution strategy director at Pros

“B2B companies need to ensure their digital channels are delivering on these buyer expectations or they’ll risk losing market share to competitors that do,” she said.

That transparency is important at a time when international politics, a pandemic impacts and newer technology like IoT makes affects the supply chain.

Components transparency

In an interview with CIO Tech Asia, Rob McNutt, chief technology officer at Forescout said CIOs are responsible for protecting an organisation’s information and providing reliable access to IT for the business to run.

“What we’ve seen in the last kind of five years is the growth of things like BYOD — which has now transformed the way people work,” he said. “The whole goal is to get to a cost savings model for more efficiency.”

According to McNutt the CIO must deal with these devices that are being brought into the environments. And they’re not being brought in through the traditional channels like you would bring in computers or servers, by the business units.

However, the CIO is charged with protecting the information and the assets in the organisation. For them understanding all the underlying elements to these devices, is part of the supply chain process.

“They want to know when a device is manufactured, what components are inside of it, what firmware is inside of it,” said McNutt. “They’re not just looking at where they bought a particular IP camera from, they want to know who makes the logic board; and who manufactures the firmware that allows the network card in that particular logic board to work right.”

When the CIO evaluates what they have on their network, they don’t see that depth, but that depth might expose them to risk that isn’t immediately obvious.

“For a CIO when they purchase a Dell or HP laptop they understand most of the supply chain because most of the supply chain is owned by the person who manufactures the device, as well as who puts the software on it.

In the world of IoT every vendor out there is making some sort of device and they’re making their devices smarter by leveraging things like IoT.

“But now the supply chain is obscured because a device might have gone through a few different motions, might have gone through a few different sources of software, sources of hardware before it ended up with the manufacturer,” said McNutt.

For example, with Amazon’s Alexa, users may think they bought this thing from Amazon. That’s who makes it, but Amazon just puts their software on a piece of hardware.

“The hardware inside of that, and the things that make that hardware work on the network drivers might come from four or five different companies,” McNutt said. “Underneath the actual thing that you would call an Amazon — that might have layers upon layers of different hardware and different software that is sourced from different vendors in the market, which could still expose you to weaknesses or risks.”

McNutt said Forescout discovered a leading Internet service provider in the US supplied customers with routers that had a port in them to manage the underlying firmware.

“We often see all the things that are inside of organisations environments,” he said. “On the front end it looks like they were made by vendor XYZ. But vendor XYZ might have sourced the components that make that thing from various other vendors. Those other vendors might not have had the same security measures to make that particular and hardware to software relationship.”

Assessing and mitigating risk

Luke Ellery, senior director and analyst at Gartner believes its crucial for CIOs to assess the risks before making a purchase, bearing in mind that the end product didn’t come from a single source.

“The onus is always on the buyer to assess the risks before making a purchase,” he said. “Many organisations have IT vendor risk management programs, to assess the risk that IT vendors pose to their organisation.”

These risk assessments typically cover cybersecurity, geographic, financial, and operational risk – to determine what controls the vendor has in place.

“Often this is conducted by a vendor questionnaire, however depending upon the nature of the service, organisations often look for evidence that the vendor’s controls are actually in place and effective,” he said. “The verification of vendor controls is typically conducted through rating services, an audit by a consulting firm, or direct audit by the organisation.”

According to Ellery organisations in regulated industries, such as financial service or healthcare, as well as government institutions, typically have more sophisticated IT vendor risk management programs and perform a triage process to determine which risks must be evaluated for the product or service being acquired.

“However not all risk mitigations occur on the vendor side – organisations often implement additional controls or mitigations to protect themselves, such as encryption or two factor authentications,” he said. “IT vendor risk management does seem to be an increasing priority in the APAC region, as some industries are playing catch up in comparison to their international peers.”

Although technology vendors perform an increasingly important role in our organisations, supporting both critical business processes and resilience to unforeseen events.

In case of emergency

However, in the face of a disaster or business disruption, an economic downturn, or a critical vendor’s failure, most do not have a contingency plan, and most plans that do exist are paper plans — they are untested, not updated and never enacted.

This is complicated by potential anxiety in the risk of the response to the disaster, which may involve terminating long-standing agreements, negotiating critical agreements at pace, or developing a response strategy on the run. For broad-based events such as economic downturns, the impact may involve many vendors.

If a vendor’s contingency plan doesn’t exist, is untested, or isn’t actionable, senior IT decision makers must devise a crisis plan in crisis mode, said Gartner.

They need to minimise business disruption by determining:

  • Which vendors to focus on
  • What actions are to be taken
  • What risks are worth focusing on.

Gartner states it will be important for them to expedite decisions by monitoring key risk categories that determine when to invoke your planned contingency response, and then implement the response with the support of key business stakeholders.

Improve your future business risk resilience by conducting a post incident review, and determine actions to formalise you vendor risk management capabilities.









Leave a Comment

Related posts