October 6, 2022
Image: Christopher T. Fong/Protocol
Hello and welcome to Protocol Enterprise! Today: how enterprise app stores are evolving as platform players try to maintain their power, what the verdict against Uber’s former chief security officer could mean for breach disclosure policies, and this week in enterprise moves.
Marc Benioff is technically the founder of the app store. His company’s enterprise app store, AppExchange, was the first of its kind and even predates Apple’s signature app store.
Over the years the partnership ecosystem has played an important role in Salesforce’s growth, and today AppExchange houses over 7,000 apps. “It’s been a super powerful model,” said Sageview Capital partner Jeff Klemens. “By enabling this outside developer access to the data to build the applications on top of it, they further cement their system of record status,” he added.
Now companies including Microsoft, AWS, and Hubspot have all launched their own versions of third-party marketplaces.
That’s bad news for Salesforce, which is relying on partners to push its new flagship product Genie.
Salesforce’s marketplace is also getting tougher to navigate for ISVs, which could erode the critical network at a time when investors are questioning the company’s growth trajectory.
With Genie, Benioff has a chance to leave his fingerprint on the next generation of marketplaces.
Read the full story here. And stay tuned in coming weeks for more reports on the past and future of the enterprise app store; we’ll focus on Microsoft next week.— Joe Williams (email | twitter) & Aisha Counts (email | twitter)
Commitment is easy when ransomware is out of the picture. Ransomware and data theft have soured our relationship with tech. What you need to know: We’re turning it back into a love story with insurance and security resulting in 5x fewer ransomware attacks than the industry average.
If nothing else, the guilty verdict delivered Wednesday in a case involving Uber's former security head means "we likely will get better voluntary reporting" of cyber incidents from now on, according to Michael Hamilton, founder and CISO at cybersecurity vendor Critical Insight. There could be some implications for mandatory reporting on cyberattacks, too.
The 2016 Uber breach involved the theft of data on 57 million Uber users as well as 600,000 driver's license numbers. Prosecutors say Uber’s former chief security officer, Joe Sullivan, took a number of steps to hide the incident from regulators, including paying the attacker $100,000 under the auspices of Uber's bug bounty program to keep quiet. Sullivan was convicted by a federal jury of obstructing the FTC and of concealment of a felony.
Reducing the incentives for cover-ups is not a bad thing, of course. But the fact that a CSO may be sent to prison in the wake of a breach, regardless of the circumstances, has sent shockwaves through the world of information security professionals.
In theory, mandating incident reporting could help to weaken the tendency for all of the blame for a breach to fall on the CISO, which has been so prominently reinforced by the conviction of Sullivan. A number of federal proposals that would mandate reporting of major cyberattacks have been brought forward this year, most notably a proposed SEC rule for publicly traded companies and a Congress-led initiative, now in the hands of CISA, to require incident reporting by critical infrastructure providers.
If cyber incident reporting becomes mandatory, every organization covered by the rules will know that if it chooses to not report a major attack, the consequences will affect the whole organization.
"It's a formal, legal way of saying, 'This isn't all on the CISO,'" said Padraic O'Reilly, co-founder and chief product officer at cybersecurity vendor CyberSaint. The proposed regulations make clear that a company's board and C-suite "can't isolate itself from this aspect of running the business."— Kyle Alspach (email | twitter)
Over the past week Splunk and Zendesk executives resigned, UiPath added a new exec to spur its global growth plans, and more.
Jason Child is stepping down as Splunk's CFO. Child will be leaving his position effective in early November to join a pre-IPO semiconductor company.
Jeffrey Titterton is resigning as Zendesk’s COO. Titterton will be leaving his role on Nov. 15, and his next moves have not been announced yet.
Lee Hawksley joined UiPath as SVP and managing director of Asia Pacific and Japan. Hawksley was formerly SVP of Asia Pacific Japan at Twilio and EVP of sales at Salesforce.
Gretchen O'Hara joined Splunk as VP of worldwide channels and alliances. O’Hara was formerly a vice president at Microsoft.
Richard Whitt joined Twilio as SVP of government relations and public policy. Whitt was formerly a corporate director at Google.
Tifenn Dano Kwan joined Amplitude as CMO. Dano Kwan was formerly CMO at Collibra and Dropbox.
Lisa Krueger joined Yellowbrick as VP of customer success. Krueger was formerly director of customer success at Couchbase.
Former workers at Google Cloud data centers filed a complaint with the National Labor Relations Board, claiming they were fired for trying to organize a union.As the Biden administration considers further actions to block advanced chips from reaching Chinese customers, Bloomberg reported that Huawei is leaning on a startup to order chipmaking equipment it wouldn’t be allowed to purchase.
Ransomware and data theft have soured our relationship with tech. The solution: We’re turning it back into a love story with insurance and security resulting in 5x fewer ransomware attacks than the industry average.
Thanks for reading — see you tomorrow!