The Ardent Partners analyst team recently sat down with Tim Zullo, Senior Director, Sales & Marketing, and Mark Hogan, Product Manager, of Exostar, a provider of secure, cloud-based solutions for heavily-regulated industries. The two executives briefed us on what the Northern Virginia-based company has been up to recently, including its launch of a secure source-to-pay solution, and what its plans are for the year ahead.
Background
Exostar began as a joint venture in 2000 with the five largest defense contractors in the world – BAE Systems, Boeing, Lockheed Martin, Raytheon, and Rolls Royce – to provide supply chain management tools (initially leveraging the Commerce One platform) to the aerospace and defense (A&D) industry. As an executive at Commerce One, I spent time working with the Exostar team throughout 2001 and into 2002 to train new staff and later, to help evaluate and accelerate its eSourcing program and solutions. Initial product offerings included: Structured Content Collaboration, Collaboration Order Management, eProcurement, and eSourcing, which they have been providing to buy-side customers and their suppliers throughout the A&D industry. Over time, Exostar has built out its product offerings with identity and access management (“IAM”), unstructured enterprise collaboration, and source-to-pay capabilities that are designed to serve the unique functional, security, and compliance requirements of organizations in A&D and other heavily-regulated industries, like life sciences and healthcare.
In 2011, the U.S. Department of Defense (DoD), in response to increasingly numerous and sophisticated security threats, announced a significant commitment and investment to improve cybersecurity across Government and contractor networks. In conjunction with the initiative, the DoD established the Defense Industrial Base (DIB) cybersecurity program, which created a voluntary cybersecurity information sharing effort between DoD and eligible DIB companies. The program enhances and supplements participating companies’ ability to safeguard DoD information that resides on or transits unclassified information systems. A direct outcome from the formation of DIB was the need for defense contractors to strengthen security oversight throughout their vast supplier networks. At that time, Exostar’s leadership made a strategic decision to invest in developing solutions to support the secure, productive collaboration requirements that would allow buyers and their extended value chains to compliantly share information with one another. These solutions would offer new functionality while also enhancing the security of the supply chain solutions suite (which by this time had migrated from Commerce One to a combination of E2open, IBM-Emptoris, and Perfect Commerce).
By 2011, Exostar had developed an in-house IAM capability to control access to supply chain and other enterprise collaboration applications. The company also added identity proofing and two-factor authentication functionality (meaning that users had to provide two forms of identification and pass through two security layers in order to be granted access to an application or portal) to verify user identities and limit unauthorized access across the partner network. With these enhancements, Exostar had a viable solution offering that led to deals with other A&D heavyweights, including Northrop Grumman and Huntington Ingalls Industries. The Exostar A&D community grew to nearly 100,000 suppliers in over 100 countries worldwide.
In 2013, Merck, a major pharmaceutical company, approached Exostar about adopting its solutions for use in the life sciences industry. Like A&D companies, pharmaceutical companies are heavily-regulated, share a common supplier base and need to ensure the security and integrity of their systems and processes. But unlike A&D companies, speed is critical, particularly during clinical-trial and end-to-end drug research and development processes. The faster that a company’s medication is tested and approved by the FDA, the longer companies have to leverage patent exclusivity. For Merck and other pharmaceutical companies, time equals money; and they asked Exostar to help them speed up these processes without sacrificing security or regulatory compliance. A year later, Exostar deployed an IAM platform and secure collaboration solutions designed for life sciences and healthcare companies. At around this time, Merck began to invest in Exostar and joined its board of directors.
Introducing the New Exostar Source-to-Pay Suite
About a year ago, Exostar leadership took note of a shift in market demand from “best-of-breed,” one-off sourcing and procurement tools to solution suites that encompass the entire source-to-settle process, particularly those that help to drive compliance in heavily-regulated industries. They observed this shift in their existing Tier 1 A&D customers, as well as small/mid-tier A&D companies, who find it more difficult to differentiate between direct and indirect categories. As a result, Exostar leadership began to search for industry partners that could help them go to market with a secure, end-to-end source-to-pay/settle solution suite. After a nearly year-long selection process, they identified Wax Digital as the technology partner that best fit their customers’ functional requirements as well as Exostar’s strategic vision. The new offering, Secure Source-to-Pay (S2P), integrates Exostar’s IAM platform, security infrastructure, and A&D industry supply chain expertise with licensed versions of Wax Digital’s upstream and downstream sourcing and procurement capabilities.
According to Exostar leadership, their new source-to-pay offering incorporates a more robust analytics and reporting tool, and offers strategic sourcing, contracts, and supplier management tools, as well as downstream tools like eProcurement, and payments and invoicing all within one, fully integrated application. Exostar leaders also boast of easy integration with ERP and a “consistent and modern” user experience. The source-to-settle solution will also be integrated with Exostar’s supply chain platform (based on an E2Open solution) to enable collaborative planning and execution between buyer and supplier. With the addition of the Wax Digital offering, Exostar’s portfolio of secure, cloud-based supply chain management solutions now covers a broad variety of requirements.
Exostar will handle all implementation, project management, customer onboarding, and customization for the new secure, source-to-settle solution, working closely with Wax Digital as they continue to innovate and offer quarterly upgrades to the platform. The result is a hybrid cloud-based, software-as-a-service (SaaS) delivery model that will appeal to A&D, life sciences, and other heavily-regulated companies. Exostar now offers secure hosting options in both the US and UK to comply with both ITAR and UK Official Sensitive (OS) security classifications. This will allow A&D companies with export-controlled data (Boeing, Lockheed, and Raytheon in the US; BAE and Rolls Royce in the UK) to remain compliant within their respective countries while still leveraging a cloud-based source-to-settle solution with multi-factor authentication.
Rollout
Exostar is launching formal marketing campaigns with its existing customers and new prospects in the A&D industry. It plans to incrementally go to market with elements of its secure source-to-settle solution suite starting immediately with “source-to-contract,” followed by eProcurement in the first quarter of 2017. The full solution suite will be available later in 2017.
Beyond that, Exostar and Wax Digital are considering how to take their partnership even farther, and how they can better serve the needs of highly-regulated industries, like A&D and life sciences. For Wax Digital, a small UK-based provider, this is a large opportunity to leverage Exostar’s enhanced security features and large enterprise customers/investors, and gain access to companies that have been out of its reach until now.
Conclusion
When it comes to supplier risk, enterprises have traditionally focused their efforts and attention on the financial and operational performance of their first and second-tier suppliers, while leaving data and IT security to their suppliers. But increasingly, enterprises are compelled to focus on supplier data security for all of their suppliers, or else face the consequences of non-compliance. Risk assessment extends to all corners of the enterprise, from the Chief Procurement Officer’s desk.to compliance, sourcing, procurement, contracts, and product development teams. Exostar has been helping companies in heavily-regulated industries, like A&D and life sciences, control user access, secure supplier data, and collaborate productively for more than a decade. By bringing identify and access management to the source-to-settle solution market, they are paving the way for a more robust application of supply-side data security management – an area that will, over time, gain in importance in most industries, and not just those that are heavily-regulated.
RELATED ARTICLES
Onward and Upward: IBM Procurement Leverages an Ecosystem to Drive Value
Technology Round-Up – June 17, 2016
IBM Empower 2015: Back to the Future