The frenemy store
Image: Christopher T. Fong/Protocol

The frenemy store

Protocol Enterprise

Hello and welcome to Protocol Enterprise! Today: how enterprise app stores are evolving as platform players try to maintain their power, what the verdict against Uber’s former chief security officer could mean for breach disclosure policies, and this week in enterprise moves.

The enterprise market marketplace

Marc Benioff is technically the founder of the app store. His company’s enterprise app store, AppExchange, was the first of its kind and even predates Apple’s signature app store.

Over the years the partnership ecosystem has played an important role in Salesforce’s growth, and today AppExchange houses over 7,000 apps. “It’s been a super powerful model,” said Sageview Capital partner Jeff Klemens. “By enabling this outside developer access to the data to build the applications on top of it, they further cement their system of record status,” he added.

Now companies including Microsoft, AWS, and Hubspot have all launched their own versions of third-party marketplaces.

  • Overall, demand for such marketplaces is growing. In 2021 alone, cloud marketplace transactions grew 70% to $4 billion, which was three times the growth of the public cloud, according to Bessemer’s 2022 State of the Cloud report.
  • Given the number of choices, it no longer makes sense for partners to devote so many resources toward one vendor.

That’s bad news for Salesforce, which is relying on partners to push its new flagship product Genie.

  • “I’ve talked to five [independent software vendors] already in the past 24 hours that are planning to build apps on Genie,” co-CEO Bret Taylor told Wall Street analysts at Dreamforce last month.
  • The success of Genie will rely on a broad array of partners, including ISVs, system integrators, and other IT providers.
  • But as customers contemplate major shifts in IT amid an economic free fall, it’s likely they will approach purchases of heftier software like Genie with new skepticism.

Salesforce’s marketplace is also getting tougher to navigate for ISVs, which could erode the critical network at a time when investors are questioning the company’s growth trajectory.

  • For ISVs it’s become much harder to get visibility with Salesforce without agreeing to the 15% revenue share to be listed on the marketplace or paying for marketing efforts.
  • And ultimately, just like independent retailers that sell on Amazon, ISVs run the risk of being quickly trampled by Salesforce.
  • “The main real risk is Salesforce building your thing or buying a competitor,” said CEO Chris Federspiel.

With Genie, Benioff has a chance to leave his fingerprint on the next generation of marketplaces.

  • But first Salesforce will have to convince potential partners its peak hasn’t come yet, and that it still has their best interests in mind.

Read the full story here. And stay tuned in coming weeks for more reports on the past and future of the enterprise app store; we’ll focus on Microsoft next week.

— Joe Williams (email | twitter) & Aisha Counts (email | twitter)


Commitment is easy when ransomware is out of the picture. Ransomware and data theft have soured our relationship with tech. What you need to know: We’re turning it back into a love story with insurance and security resulting in 5x fewer ransomware attacks than the industry average.

Learn more

Blame game

If nothing else, the guilty verdict delivered Wednesday in a case involving Uber's former security head means "we likely will get better voluntary reporting" of cyber incidents from now on, according to Michael Hamilton, founder and CISO at cybersecurity vendor Critical Insight. There could be some implications for mandatory reporting on cyberattacks, too.

The 2016 Uber breach involved the theft of data on 57 million Uber users as well as 600,000 driver's license numbers. Prosecutors say Uber’s former chief security officer, Joe Sullivan, took a number of steps to hide the incident from regulators, including paying the attacker $100,000 under the auspices of Uber's bug bounty program to keep quiet. Sullivan was convicted by a federal jury of obstructing the FTC and of concealment of a felony.

Reducing the incentives for cover-ups is not a bad thing, of course. But the fact that a CSO may be sent to prison in the wake of a breach, regardless of the circumstances, has sent shockwaves through the world of information security professionals.

In theory, mandating incident reporting could help to weaken the tendency for all of the blame for a breach to fall on the CISO, which has been so prominently reinforced by the conviction of Sullivan. A number of federal proposals that would mandate reporting of major cyberattacks have been brought forward this year, most notably a proposed SEC rule for publicly traded companies and a Congress-led initiative, now in the hands of CISA, to require incident reporting by critical infrastructure providers.

If cyber incident reporting becomes mandatory, every organization covered by the rules will know that if it chooses to not report a major attack, the consequences will affect the whole organization.

"It's a formal, legal way of saying, 'This isn't all on the CISO,'" said Padraic O'Reilly, co-founder and chief product officer at cybersecurity vendor CyberSaint. The proposed regulations make clear that a company's board and C-suite "can't isolate itself from this aspect of running the business."

— Kyle Alspach (email | twitter)

Enterprise moves

Over the past week Splunk and Zendesk executives resigned, UiPath added a new exec to spur its global growth plans, and more.

Jason Child is stepping down as Splunk's CFO. Child will be leaving his position effective in early November to join a pre-IPO semiconductor company.

Jeffrey Titterton is resigning as Zendesk’s COO. Titterton will be leaving his role on Nov. 15, and his next moves have not been announced yet.

Lee Hawksley joined UiPath as SVP and managing director of Asia Pacific and Japan. Hawksley was formerly SVP of Asia Pacific Japan at Twilio and EVP of sales at Salesforce.

Gretchen O'Hara joined Splunk as VP of worldwide channels and alliances. O’Hara was formerly a vice president at Microsoft.

Richard Whitt joined Twilio as SVP of government relations and public policy. Whitt was formerly a corporate director at Google.

Tifenn Dano Kwan joined Amplitude as CMO. Dano Kwan was formerly CMO at Collibra and Dropbox.

Lisa Krueger joined Yellowbrick as VP of customer success. Krueger was formerly director of customer success at Couchbase.

— Aisha Counts (email | twitter)

Around the enterprise

Former workers at Google Cloud data centers filed a complaint with the National Labor Relations Board, claiming they were fired for trying to organize a union.

As the Biden administration considers further actions to block advanced chips from reaching Chinese customers, Bloomberg reported that Huawei is leaning on a startup to order chipmaking equipment it wouldn’t be allowed to purchase.


Ransomware and data theft have soured our relationship with tech. The solution: We’re turning it back into a love story with insurance and security resulting in 5x fewer ransomware attacks than the industry average.

Learn more

Thanks for reading — see you tomorrow!

Recent Issues