Top 10: Supply chain management software companies
Supply Chain 24/7 recently named the top companies for supply chain management (SCM) software. We’ve taken a look at the top 10 based on revenue, how they have grown and why they stand out
10 – Coupa Software
Coupa Software’s total 2016 revenue from SCM was $114.3mn, a significant increase from $72.4mn in 2015. Coupa’s Business Spend Management Platform offers businesses software solutions across their procurement, invoicing, expenses, sourcing and analytics. It cites some impressive names as clients including Salesforce, Sanofi and NEC. Led by CEO Rob Bernshteyn from its headquarters in San Mateo, California, the company was set up in 2006 with the aim of reinventing spend management software. It now has over 400 customers across more than 40 counties. Coupa has been listed in the Silicon Review’s 30 Most Trustworthy Companies, and is also a certified Great Place to Work.
9 – Basware
Basware offers automated payment solutions to help firms with everything from e-invoicing and e-procurement to financial software and services. The company was first launched in Finland in 1985 and now connects businesses in over 100 countries and territories. In 2016, it made $122.3mn revenue from its supply chain software, which marked a steady increase from 2015’s figure of $112.6mn. Some notable accolades have included Innovative Procurement Technology of the Year at the Innovate Awards and making Global Finance’s list of Best Web-Based Supply Chain Financing Solutions. Basware has worked with some huge MNCs, most notably Heineken, Toshiba and McDonald’s.
8 – HighJump
Spanning across 66 countries to help over 4,200 customers, HighJump offers a suite of software relating to warehouse management, business integration, transportation management and retail solutions. The company reportedly made $134.9mn in sales of its supply chain software in 2016, marking fairly steady growth from the previous year’s $129.7mn. HighJump aims to help clients “drive growth, customer satisfaction and revenue” through improved supply chain management at all stages. HighJump promises to help its clients remain agile in a rapidly changing economy.
7 - Descartes Systems Group
Descartes made an impressive $159.2mn in 2016 from its SCM offering, marking a year-on-year increase of 9.6%. This offering includes software-as-a-service for the logistics sector, which aims to accelerate time-to-value and increase productivity and performance within the supply chain. The group has made some notable acquisitions in recent years, pointing to a time of positive growth for the business. These include MacroPoint, Aljex and PCSTrac. Current CEO Edward Ryan has been at the company for nearly 18 years, his previous business having been acquired by Descartes. The company was founded in 1981, and its headquarters is located in Ontario, Canada.
6 – Epicor Software Corporation
International software giant Epicor made $191.6mn from its SCM software in 2016, marking a significant increase from $162.1mn the previous year. However, SCM makes up just part of the company’s overall revenue, which currently stands at around $900mn. As with all its offerings, Epicor offers supply chain software tailored to the needs of various businesses and industries, ranging from manufacturing and distribution to retail. Having been founded in 1972, Epicor now employs around 3,900 people, serving over 20,000 customers across the globe. With the aim to “drive growth for our customers by being the leading provider of industry-specific software solutions and services,” some notable clients include Energizer, Teconnex, Rexel and North American Lumber.
5 – Manhattan Associates
Manhattan Associates works across wholesale, retail, pharmaceutical, FMCG, manufacturing and many more sectors. From its supply chain management offering, the company made $218.8mn in 2016 and continues to grow, having invested $55mn in research and development in the same year. Since its foundation in 1990, the company now employs over 3,000 people and is a mainstay as Warehouse Management Leader on Gartner’s Magic Quadrant Report, having featured since 2009. Some other notable recognitions have included making Forbes’ ‘America’s 100 Most Trustworthy Companies’ list three years in a row, and the Top 100 Logistics IT Providers for Inbound Logistics over the same period, 2014-16.
4 – Infor Global Solutions
Infor helps over 90,000 organisations across the world with their digital transformation, including within their supply chains. In 2016, that particular aspect made the company $243.3mn in revenue, a year-on-year increase of $30mn from 2015. From its foundation in 2002 when it had 1,300 customers and operated under the name Agilsys, Infor now boasts 168 direct offices across the globe which house over 15,000 employees. Specifically, Infor’s SCM software works across many sectors including retain, distribution, F&B and industrial manufacturing. The software on offer, Infor Supply Chain, claims to “provide unparalleled visibility and collaboration capabilities, from planning, to execution, to connecting with your entire network of trading partners”. In this way, Infor’s clients can expect an end-to-end solution across their entire supply chain.
3 – JDA
In 2016, logistics giant JDA made $475.9mn from its SCM segment. JDA works across the manufacturing, retail, distribution, logistics, hospitality, travel and entertainment sectors. In particular, the company offers an impressive 3PL (third party logistics) segment which includes “inventory optimisation, omni-channel fulfilment, returns facilitation and even value-added warehouse or manufacturing services”, according to the company’s website. The service helps clients increase productivity, reduce costs and manage risk across their supply chains, as well as improving customer service. JDA was founded in 1985 and currently serves about 4,000 clients in total across over 40 locations worldwide. Among its clients are 20 of Gartner’s top 25 supply chains.
2 – Oracle
Oracle offers software as a service as well as platform, infrastructure and data services. The company has a total of about 430,000 customers spanning 175 locations. The numbers don’t stop there, with Oracle employing 138,000 people including 40,000 developers and engineers, 16,000 support and services specialists and 19,000 implementation consultants. In 2016, Oracle made $1.5bn in the SCM software segment, an impressive $100mn increase from the previous year. This is, however, a drop in the bucket in comparison with its overall yearly revenue which currently amounts to around $37bn. Oracle helps businesses modernise their SCM processes, offering clients services like product life cycle management, supply chain planning and order management.
1 – SAP
Global supply chain master SAP made $2.93bn from its SCM-related software in 2016, which remains a fairly steady figure from the previous year. SAP is the largest business software company in the world and the Germany-based company has become somewhat of a household name since its foundation in 1972. Fast-forward 46 years and the company serves about 378,000 customers, with notable clients including Microsoft, Lennox and Komplett Group. SAP’s IoT and Digital Supply Chain offering promises clients that it will help them digitise their supply chains as well as making collaboration with partners easier within the supply chain. This is done partially though cloud-based deployment.
Biden’s Cybersecurity Executive Order; A Leading Solution?
Colonial Pipelines, Microsoft Exchange, SolarWinds. What do those names all have in common? They’re all subject to highly sophisticated breaches of the United States’ cyberinfrastructure. Each serves as a sobering reminder that, in an age of advanced technological power, criminality and danger lurk around every corner in an increasingly virtual, data-dependent world.
There has been a myriad of cybersecurity incidents in recent times, allowed by insufficient cybersecurity defences that have left both the public and private sectors vulnerable. As an outsider looking in, it’s evident that both sectors must prepare themselves for a long, drawn-out battle against increasingly complex and malicious cyber attacks from both rival nations ─ China and Russia, for example ─, and global cybercriminals.
The Cybersecurity Executive Order
To that end, American businesses and institutions likely breathed a sigh of relief at the back-end of last week.
Following on from President Biden showing his government’s willingness to, at least, attempt to mitigate future risks by approving America’s Supply Chains review, the ‘leader of the free world’ has signed yet another Executive Order ─ this time, in a bid to improve the United States’ cybersecurity infrastructure and to protect Federal Government networks, in increasingly turbulent and troubled times.
According to the White House briefing, the Executive Order on Improving the Nation’s Cybersecurity will make a significant contribution to the modernisation of US cybersecurity defences by protecting Federal networks, improving information-sharing between government agencies and the private sector on cyber issues, and it should strengthen the nation’s ability to respond to incidents when they occur.
It will be the first of many ambitious steps by the Administration to bring US cybersecurity into the present, but the might of the leading superpower isn’t necessarily enough; the initiatives being laid out will be dependent on collaboration between government and private bodies. The recent Colonial Pipeline incident emphasises that point ─ Federal action alone is not enough to protect every aspect of the country’s cybersphere.
With that in mind, the White House states that “much of our critical domestic infrastructure is owned and operated by the private sector, and those private sector companies make their own determination regarding cybersecurity investments. We encourage private sector companies to follow the Federal Government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimising future incidents.”
Key Factors of the Executive Order
Specifically, the Executive Order that President Biden signed last Thursday will:
- Remove barriers to threat information sharing between government and the private sector.
- Modernise and implement stronger cybersecurity standards in the Federal Government.
- Improve software supply chain security.
- Establish a Cybersecurity Safety Review Board.
- Create a standard playbook for responding to cyber incidents.
- Improve detection of cybersecurity incidents on Federal Government networks.
- Improve investigative and remediation capabilities.
Fortunately, Supply Chain Digital has been given some stellar insight on the cybersecurity Executive Order, from three industry-leading
Padraic O’Reilly, Co-Founder & Chief Product Officer, CyberSaint Security
Information sharing within the cybersecurity community has long been decried as something there needs to be more of. That said, it must be approached with the proper guardrails in place to ensure the protection of those sharing the information. As industries that have struggled with standardising and information sharing begin this journey, look to sectors that have successfully done it for decades─specifically, the financial services sector. By extending the guidelines seen in financial services, the disincentives for information sharing are reduced.
As the government looks to increase the communication between public and private sectors, they must work to ensure that it is a two-way street. The EO does acknowledge this need; however, historically, private sector CISOs have felt that the information sharing ends up as a one-sided relationship. I was heartened to see the urgency of the Order as well. I think the biggest challenge will be balancing the urgency with making sure that the two-way line of communication gets opened up.
The balance between the data and human problems in cyber is something we look at early and often. As a step to enhancing the posture of organisations, both public and private, the government needs to be contributing data sets such that risk management can be enhanced and performed with greater precision and knowledge. By pooling risk data across sectors, security leaders can get a complete picture which is what is severely lacking across both organisations and industries.
This executive order is a strong step toward enhancing public-private partnerships within critical infrastructure cybersecurity. The callout to the NIST Cybersecurity Framework, one of the most significant public/private sector collaborations to date, was very heartening to see and certainly serves as a model going forward.
By widening the FAR to require cyber hygiene standards across all agencies, we can begin to set some baselines. Furthermore, by learning from and integrating the DFARS and CMMC rollout within the DIB, we may begin to see the expansion of CMMC to other sectors. The critical step, though, is getting teeth behind the regulation while also making stronger cyber practices accessible. With the added language in the Order around software acquisition contracts and discussion of digital transformation of government infrastructure, it will be good to see the data collected as a result of those efforts shared with the private sector efficiently.
Joseph Cortese, CEH, Director Research & Development at A-LIGN
Although the intent of this executive order is admirable, it’s quite a laundry list. Implementing everything listed will take a very long time – especially at the pace the Federal Government moves. But here’s what really compounds the issue: yes, every step in this executive order will serve to harden the systems in question, and each of these additional frameworks will move us in a more secure direction. But it is impossible to tell if the problems we’ve been experiencing are the result of fundamentally broken systems or a failure to adopt technologies and frameworks that would have otherwise provided adequate security. Viewed through that lens, if we pile on more technology requirements that do not get adopted down the supply chain, we are no better off.
That said, there is a lot of strength in what the EO promotes. The aspect of this executive order that will have the most significant impact is the implementation of zero-trust architecture. When you look across all the controls that we use to secure technology, embodied in an ever-growing list of NIST Special Publications, it’s getting overwhelming. Zero-Trust can restructure our approach and deliver a fundamentally more secure architecture across the board.
The executive order also has its failings. One area that needs further consideration is the private sector and how they share threat information. Setting this standard will take a great deal of time and result in new bottlenecks within the private companies that conduct the threat intelligence, now subject to new requirements for feeding this information to government systems. As someone who has worked in global threat intelligence and for various agencies, the amount of information and volume of data may not be fully understood and could severely complicate the ability to execute much of this EO.
The majority of cybersecurity hacks occur due to blatant disregard for security, such as lack of two-factor authentication, egregiously simple passwords, easy-to-access software repositories, and lack of brute-force protection. What’s so upsetting to me as a cybersecurity specialist is how many of these threats can be mitigated within the private sector by increasing security awareness within organisations and by bringing attention to existing policies and procedures. It may be that greater cybersecurity awareness is the most powerful weapon we could have when it comes to the private sector.
Mike Fleck - Senior Director, Sales Engineering - Cyren
Yes, it will make a difference. Good security requires a culture of security, and culture is set at the top. This EO signals to government agencies and the tech industry that serves them that they need to prioritise security (if they aren’t already doing so). Some of the requirements have been in place for years. Most government agencies have required encryption for classified information and other sensitive data like Personally Identifiable Information (PII). There are already breach notification requirements like the ones in the HIPAA/HITECH regulation that require affected organisations to share information with their Federal Government regulators. The focus on the software supply chain is smart. We know that supply chains are and have been a common attack target.
Specifically, security standards for the software supply chain will have the largest impact. The government has been aspiring to use more Commercial Off-the-Shelf (COTS) software rather than custom-built solutions. However, it will be difficult to realise the full potential of this EO without some kind of enforcement. This EO could be similar to the process the government recently used to enforce proper security of sensitive government data stored on non-government systems. First, they published security standards (NIST 800-171) and required the defence industrial base to adhere to them. A few years later, they implemented the Cybersecurity Maturity Model Certification to enforce compliance.
Enforcement, but that will probably come in time. Also, the devil is in the implementation details. We know the government has a lot of outdated systems that can’t easily be updated to comply with modern security standards. The EO will need to include guidance for how to handle these legacy systems. We also know that government processes are far from agile. We can’t take three years to secure against the threats of the day. How will this EO incent organisations to move faster? High growth companies have long since adopted the mantra of “fail fast.” For very good reasons, the government has resisted that approach – people can die when the government fails (either quick or slowly). Finally, we can improve the security of software development processes, but software will never be 100% secure. Many, many of the large breaches have been caused by a failure to install security updates. We need to acknowledge both the manufacturer and the purchaser of the software bear responsibility to secure it.
Yes, the Software Supply Chain Security aspect should have a deep reach into the private sector. The Federal Government has the largest IT budget in the United States, so anyone selling software to government agencies should have to comply with the relevant aspects of this EO. Again, it will come down to enforcement, so “should” becomes a “must.” Security requirements without enforcement are just security recommendations.