Not a member yet? Register now and get started.

lock and key

Sign in to your account.

Account Login

Forgot your password?

Exostar: Enhancing Security for Source-to-Settle Solutions

The Ardent Partners analyst team recently sat down with Tim Zullo, Marketing Director, and Mark Hogan,Product Manager, of Exostar, a Northern Virginia based provider of secure source-to-pay solutions for heavily regulated industries, who briefed us on what the company has been up to recently and what its plans are for the year ahead.


Exostar began as a joint venture with the five largest defense contractors in the world – BAE, Boeing, Lockheed Martin, Raytheon, and Rolls Royce – to provide secure supply management tools (provided initially by Commerce One) to the aerospace and defense (A&D) industry. As an executive at Commerce One, I spent time working with the Exostar team throughout 2001 and into 2002 to train new staff and later, to help evaluate and accelerate its eSourcing program and solutions. Legacy product offerings included: Content Collaboration, Collaboration Order Management, eProcurement, and a Sourcing tool, which they have been providing to customers in the A&D industry for the last fifteen-plus years. Over time, Exostar has built out its product offerings with identity and access management (“IAM”) and source-to-pay capabilities that are designed to serve the unique needs of procurement teams in the A&D and other heavily-regulated industries, like life sciences and pharmaceutical companies.

In 2008, as with many technology providers at the time, questions arose over Exostar’s ability to secure sensitive customer data across the supply chain. In response, Exostar’s leadership doubled down on their commitment to data security. They also acquired a company that would enable them to place more security around their new/different sourcing tool (Exostar had replaced Commerce One with from the IBM-Emptoris eSourcing tool) incorporating identity and access controls, which are intended to make for a more secure, yet user-friendly experience for users across the supply chains of its customers.

By 2011, Exostar had developed an in-house IAM capability and had added two-factor authentication (meaning that users had to provide two forms of identification and pass through two security layers in order to be granted access to an application or portal). Exostar deployed its upgraded sourcing platform to Northrop Grumman, another A&D heavyweight, before rolling it out to its larger user base. At this point, Exostar had roughly 300,000 suppliers in its sourcing tool.

In 2013, Merck, a major pharmaceutical company, approached Exostar about adopting its IAM-capable sourcing tools for use in the life sciences industry. Like A&D companies, pharmaceutical companies are heavily regulated and need to ensure the security and integrity of their systems and processes. But unlike A&D companies, speed is critical, particularly during clinical-trial processes. The faster that a company’s medication moves through this process, the sooner it can be approved by the FDA and cleared for use. For Merck and other pharmaceutical companies, time equals money; and they asked Exostar to help them speed up the clinical-trial process while doing so in a secure and efficient manner. A year later, Exostar deployed a modified sourcing tool with IAM capabilities for life sciences companies. At around this time, Merck began to invest in Exostar and joined its board of directors.

Introducing the New Exostar Source-to-Pay Suite

About a year ago, Exostar leadership began to notice a shift in market demand from “best-of-breed,” one-off sourcing and procurement tools to solution suites that encompass the entire source-to-settle process, particularly those that help to drive compliance in heavily-regulated industries. They noticed this shift from both their legacy customers in the A&D and life sciences industries, as well as mid-tier A&D companies, who find it more difficult to differentiate between direct and indirect categories. As a result, Exostar leadership began to search for industry partners that could help them go to market with a secure, end-to-end source-to-pay/settle solution suite. After a nearly year-long selection process, they chose Wax Digitaland began in earnest to develop a new offering that essentially integrates Exostar’s IAM platform and infrastructure with licensed versions of Wax Digital’s upstream and downstream sourcing and procurement capabilities.

According to Exostar leadership, their new source-to-pay offering will incorporate a more robust analytics and reporting tool, and offer strategic sourcing, contracts, and supplier management tools (from IBM-Emptoris), as well as downstream tools like eProcurement, and payments and invoicing (from Wax Digital). Exostar leaders also boast of easy integration with ERP and a “consistent and modern” user experience. They will integrate the new source-to-settle suite into the supply chain platform (based on anE2Open solution); and there will be no change for current customers.

Under the terms of the agreement, Exostar will be the “face” of the new secure, source-to-settle solution; they will handle implementation, project management, and customer onboarding. Wax Digital will conduct all of the back-end developmental work and upgrade the downstream solutions going forward. Together, they will offer a private cloud-based, software-as-a-service (SaaS) model for A&D, life sciences, and other heavily regulated companies whose data will reside separately in secure cloud in data centers in the US and the UK. This will allow A&D companies with export-controlled data (Boeing, Lockheed, and Raytheon in the US; BAE and Rolls Royce in the UK) to remain compliant within their respective countries while still leveraging a cloud-based source-to-settle solution with multi-factor authentication. Customers will be offered three-year subscriptions; companies can buy “blocks” of end-user access and will be able to purchase additional blocks as they grow.


Exostar is currently standing up its data centers in the US and UK and launching formal campaigns with its existing customers in the A&D and life sciences industries. It plans to incrementally go to market with elements of its secure source-to-settle solution suite starting in the third quarter of 2016, beginning with “source-to-contract,” followed by eProcurement in the first quarter of 2017. Exostar plans to fully deploy the full offering later in 2017.

Beyond that, Exostar and Wax Digital are considering how to take their partnership even farther, and how they can better serve the needs of highly-regulated industries, like A&D and life sciences. This is a large opportunity for Wax Digital, a small UK-based provider, to leverage Exostar’s enhanced security features and large enterprise customers/investors, and gain access to companies that have been out of its reach until now.


When it comes to supplier risk, enterprises have traditionally focused their efforts and attention on the financial and operational performance of their first and second-tier suppliers while leaving data and IT security to their suppliers. But increasingly, enterprises are looking at supplier data security as an area of heightened risk, particularly as those risks can and do cascade over the firewall and onto the Chief Procurement Officer’s desk. Exostar has been helping companies in heavily-regulated industries, like A&D and life sciences, secure their supplier data and user access for more than a decade. By bringing identify and access management to the source-to-settle solution market, they are paving the way for a more robust application of supply-side data security management – an area that will, over time, gain in importance in most industries, and not just those that are heavily-regulated.


Onward and Upward: IBM Procurement Leverages an Ecosystem to Drive Value

Technology Round-Up – June 17, 2016

Research Preview – Sailing Downstream: How Source-to-Settle Defines Procurement Transformation in 2015

The Future of P2P – Networks

IBM Empower 2015: Back to the Future


Comments are closed.