Tag Archives: Gartner

Immediate Vault Immediate Access

Apple Again Leads Gartner Supply Chain Ranking

Posted on by

Gartner announced its top 25-ranked organizations for supply chain in 2014, which includes four in the top-5 that also topped last year’s list. They are: Apple, McDonald’s, Amazon and Unilever, with P&G at fifth place. Gartner analysts announced the findings from this year’s research at its Supply Chain Executive Conference last week.

Apple took the No. 1 spot for the seventh year, continuing to outpace the others by a wide margin on the composite of financial and opinion measures used. McDonald’s placed in second spot for the second year in a row, followed by Amazon.com.

Two new companies joined the Top 25 this year—Seagate Technology (No. 20) appeared for the first time and Kimberly-Clark (No. 21) re-emerged after a year’s hiatus.

A primary goal of the Supply Chain Top 25 research initiative is to raise awareness of the supply chain discipline and how it impacts business, Gartner said. The supply chain rankings comprise two main components: financial and opinion. Public financial data gives a view into how companies have performed in the past, while the opinion component provides an eye to potential and reflects future expected leadership. These two components are combined into a total composite score.

Gartner analysts develop a master list of companies from the Fortune Global 500 and the Forbes Global 2000, with a revenue cutoff of $10 billion. The company then breaks the combined list down to the manufacturing, retail and distribution sectors, eliminating certain industries, such as financial services and insurance.

Analysts highlighted three standout trends for supply chain leaders in 2014:

Supporting the “Fully Contextualized” Customer

A trait of leading companies is that customer needs and behaviors serve as the starting point for go-to-market and operational support strategies. Their cultures enable consistently high-quality customer experiences that are tailored, where important, to local tastes. Supply chain leaders are expanding this demand-driven concept in terms of how they relate to their customers. They are more deeply understanding customers and striving to blend seamlessly into their daily routines. Ultimately, this understanding of customers in their local environments is helping supply chain leaders capture more revenue for their businesses, improving operational effectiveness, Gartner said.

Converging Digital and Physical Supply Chains

Leading companies have moved past selling only discrete products or services to their customers and are focused on delivering solutions. Regardless of industry, these companies want their customers to be loyal subscribers to their solutions. Several of the leading consumer product companies on this year’s list offer e-commerce subscriptions for their products, in partnership with retailers. This approach offers convenience and privacy to those customers who would typically purchase products in a physical store—and might switch to another consumer brand at any time.

Progressive industrial companies have suggested order replenishment systems with their dealer networks, based on the manufacturer’s ability to forecast demand for their dealer. Some have gone further, acting as virtual consultants to their customers’ planning organizations. They recognize that helping improve customers’ internal capabilities is part of a total solution, which makes them more competitive suppliers.

“Another significant aspect of the total customer solutions we see deployed by leaders relates to the remote management of aftermarket services, leveraging Internet connectivity,” said Debra Hofman, research vice president at Gartner. “The Internet of Things allows for monitoring of performance across the value chain; in the field at customer sites, but also to collect and analyze the big data generated as part of upstream manufacturing and logistics flows. This additional connectivity has also elevated the importance of supply chain security to prevent theft, counterfeiting and other forms of fraud. One thing is clear — future supply chains must seamlessly integrate the digital and physical worlds of customers to be competitive.”

Supply Chain as Integrated Partner

Growth is a top priority for the C-suite in 2014, with 63% of senior executives picking growth as a top imperative in Gartner’s 2014 CEO Survey. Leading supply chains are enabling this growth both organically and through successful M&A integration. Supply chain leaders also are emerging as trusted and integrated partners to business groups. Their focus on profitable growth often leads to smarter, more conscious decision making, saving business groups from spiraling out of control in the drive to maximize revenue.

In their quest for growth, however, many companies are finding the business models they were famous for dominating are now under attack from competition. Supply chain has a large part to play in enabling the business to compete for the future, concurrent with protecting existing business. The most advanced companies in the ranking said they are not afraid to rethink the design of their global supply networks to be successful. In some cases, this has led to increased vertical integration where leaders become involved in their customers and their suppliers’ businesses in an attempt to dominate value chains, redrawing the lines of competition in the process.

More detailed analysis is available in the report “The Gartner Supply Chain Top 25 for 2014.”

Advanced Persistent Response

Posted on by

Yesterday, at the Gartner Security & Risk Management Summit, I sat in on a session on advanced persistent response, presented by Tom Kellermann, vice president for cybersecurity, North America, for Trend Micro. Many of us are familiar with advance persistent threats, and to pay homage to the elite hackers of the world, in a way, the term advanced persistent response was coined.

Let us reflect on history. “There is a lot we can learn from Constantinople,” said Kellermann. “It was never defeated in battle until 1453. It demonstrated the fact that perimeter defenses were inefficient regarding onslaughts. Traditional internet security is insufficient. In fact, Trend Micro evaluations find over 90% of infrastructure is infected by malware.”

Kellermann noted that the cyber kill chain, or a set of sequential events that make up an advanced attack, has significantly evolved. The kills chain goes as follows:


This year, an eighth stage has been added to the chain, known as the maintenance stage. “This eighth stage is due to hackers worrying about other hackers infiltrating the systems they have attacked more so than being woried about you,” said Kellermann. “We’ve noticed they’ve moved command and control into your systems and network. We really have to move beyond the technologies we’ve used for years and achieve advanced persistent response.”

Kellermann also acknowledged some emerging threats on the cyberwarfare landscape, including:

  • professionalization and commoditization of exploit kits
  • modularization
  • increased sophistication with traffic direction systems
  • ransomware
  • new exploitation vectors introduced via html5
  • evolution of mobile threats
  • continued exploitation of social networks
  • metasploit
  • byod aka byom (bring your own malware)

He notes that although street crime is down 20%, that doesn’t mean there are less criminals, they’re just migrating to cyberspace. He points to Android malware and the fact that it “has exploded.” In a frightening example, he explains what cyber criminals are able to do with Androids now. “They can go into your phone and look at your calendar. They say, ‘I see on your calendar that you have a very important meeting on a certian day. During that meeting I’m going to turn on the microphone on your cell phone and at the same time hack into everyone’s phone who’s at that meeting.'”

As for Kellermann’s 2012 predictions, they aren’t pretty:

  • mobile malware will continue to explode
  • app attacks will increase
  • botnet migration
  • cloud attacks
  • web injection attacks

This is serious information that every company must take into consideration. Not every organization will have to deal with advance persistent threats, but every organization should be prepared using the theory of advanced persistent response.

Security and Risk Management as a Social Science

Posted on by

Here at the Gartner Security & Risk Management Summit, I sat in on a session regarding human behavior and it’s connection to information security. Tom Scholtz, an analyst with Gartner, started off with a statement many of us know to be true, but often forget.

“The single weakest link in the information security chain still remains the human being,” he said.

In Scholtz’s view we are increasingly coming to the realization that by focusing on individuals’ human behavior and how we can influence it, we can learn how to create a more secure environment. “By 2015, one out of four enterprises will use social and behavioral sciences techniques to drive cultural and behavioral change in their information security programs. Maybe understanding how individuals react differently will give us an understanding in improving our security measures.”

He advises that security professionals should start focusing on human behavior as a root cause rather than a symptom. “We need to understand how individuals react differently to risks and the controls to mitigate risks.”

The key issues regarding behavior and information security:

  1. How is the information security and risk management discipline evolving and what are the consequences?
  2. What are the parallels and overlaps with social and behavioral sciences?
  3. What strategies and tactics should information security and risk leaders adopt to exploit this evolution?

It is vitally important for organizations to consider these questions. But it may be better to seek answers from an outside source, in order to prevent group think. “Group think tends to polarize views,” said Scholtz. “If you have the same group of individuals who sit in the same office eight hours a day, they’re going to have similar attitudes towards things. We need to understand how those working environments pressurize people into beliefs which they might not have if it was a one-on-one basis or under a different work environment.”

So what kind of insights do we get from the social sciences? People react differently. To understand this is to become a pioneer in understanding human behavior and its importance in developing an ever-evolving information security program.