Hasso Plattner 1988 - SAP listed at the German Stock Exchanges in Frankfurt and Stuttgart
Photo: SAP

Hasso Plattner’s last stand at SAP

Protocol Enterprise

Hello and welcome to Protocol Enterprise! Today: how a 50-year career at SAP is winding down for Hasso Plattner, why Google wants to provide security software outside its cloud, and Arm’s dubious profit claims.

Spin up

Is the debate over the merits of cloud repatriation starting to bear fruit? According to Red Hat’s 2022 State of Application Modernization survey gauging hybrid cloud use, while 98% of survey respondents are currently running applications in the public cloud, just 88% said they expected those same applications to run in a public cloud two years from now, whereas the number of respondents who said they would be running applications in their own data centers in two years increased to 55%.

Meet the old boss

[Editor’s note: Please welcome Joe Williams back to the Protocol Enterprise newsletter!]

Just one man has been with SAP over its entire 50-year history: co-founder Hasso Plattner. Now, the 78-year-old software visionary is making his last stand.

On Wednesday, Plattner will run for a final two-year transition term atop SAP’s supervisory board, an entity mandated by law in Germany that basically oversees the executive team. Leaders at SAP, for example, report to the supervisory board, not the CEO.

  • It’s a major milestone for the company given Plattner’s outsized role in helping to lead it through a still-shaky transition, as SAP continues to try to establish the same dominance it enjoyed in the on-premises environment in the era of the cloud.
  • Once that term is complete, there’s no clear successor to take the reins.
  • “I have had the privilege to lead SAP for 50 years and have always done so with the long-term success of the company and its stakeholders in mind. I deeply value your trust and support for my final term,” he wrote in a note to investors.

However, the vote comes at a tumultuous time.

  • It follows a damning report over Fioneer, a provider of software for the financial services and insurance industries that spun out from SAP in 2021, that suggests a conflict of interest on the part of Plattner.
  • Despite assurances last year he would sell his large stake in the company, Plattner remained a major investor in March through the Hasso Plattner Foundation, according to a Financial Times report, which exposed the ownership structure of the company.
  • SAP is also reeling from a rocky response to the Ukraine crisis. The company moved slower than others in rolling back operations in Russia, leading to harsh words from Mykhailo Fedorov, the Ukrainian deputy prime minister, as well as pushback from shareholders.
  • And Plattner’s age is also of note. SAP mandates that no member of the supervisory board can be over the age of 75. The company, however, made an exemption for Plattner, according to spokesperson Joellen Perry.

Despite the controversies, it’s likely Plattner succeeds in getting elected to a new term.

  • “It might be bumpy, but Hasso stays,” said Geoff Scott, head of Americas’ SAP Users’ Group. “What’s the alternative? There’s not anyone out there that I’ve seen campaign.”
  • But in a clear nod at critics of his long tenure in SAP’s orbit, Plattner made a series of governance changes on his way out, including shortening the tenure of the 18 supervisory board appointments to four years, which would theoretically prohibit long appointments like Plattner’s, and creating a new independent director role, a common staple within U.S. boards of directors.
  • He’s also poised to leave behind an SAP that, at least when it comes to workplace policies, is on the progressive side of the spectrum. Last year, the company said it would let employees work basically from wherever.
  • But there have also been recent claims of harassment and discrimination against female executives. The company pushed back against the allegations, citing a zero-tolerance policy for such offenses.

Plattner’s authority extends beyond SAP; he is a force in German business and politics.

  • He founded, and continues to fund, the Hasso Plattner Institute, an educational institution focused on computer science.
  • The Hasso Plattner Foundation is also a big financial backer of digital health research, including a $15 million joint effort with Mount Sinai.
  • Former Chancellor Angela Merkel reportedly even skipped watching Trump’s inauguration to go to the opening of a museum backed by Plattner.

Questions have been raised in the past, however, over how heavily SAP has relied on Plattner’s continued involvement.

  • That guidance has, perhaps, become more paramount over the past few years as SAP grappled with a messy leadership change following the departure of former CEO Bill McDermott — one that saw the appointment of co-CEOs Christian Klein and Jennifer Morgan, only for Morgan to leave soon after — and a difficult transition to the cloud that is only now starting to bear fruit.
  • It seems, on the surface, that Plattner has found his transitional figurehead in Klein, who has worked at SAP since 1999.
  • In some ways, Klein is slowly becoming the middle ground between McDermott and Plattner: deeply invested in the technology balanced by an evolving penchant for showmanship, complete with lofty claims about SAP’s stature in the software world.
  • Klein, however, is unlikely to ever match McDermott’s reputation as a salesman.

In a world where founders appear intent on holding on to their prized possessionsfor as long as possible, it’s not surprising Plattner would look to even further extend his authority.

  • But as SAP ages in lockstep with Plattner, and the competition becomes younger and more fierce, now is the time for the company to get serious about handing the reins over to SAP’s next generation of leaders.
— Joe Williams (email | twitter)


The speed at which security has been built up over the last 12 months has been a derivative benefit of what we’ve seen during the pandemic. Privacy, compliance and security are three legs of the same stool. What we’re seeing increasingly is that intersection continuing to happen. RingCentral has invested in all those elements.

Learn more

Google’s security blanket

In August, Google Cloud pledged to invest $10 billion over five years in cybersecurity — a target that looks like it will be easily achieved, thanks to the $5.4 billion deal to acquire Mandiant and reported $500 million acquisition of Siemplify in the first few months of 2022 alone.

But the moves raise questions about Google Cloud’s main goal for its security operation. Does Google want to offer the most secure cloud platform in order to inspire more businesses to run on it — or build a major enterprise cybersecurity products and services business, in whatever environment it’s chosen?

According to the cloud provider’s chief information security officer, Phil Venables, Google doesn’t need to pick just one of those goals to focus on.

On Tuesday, Google Cloud announced the newest addition to its menu of security offerings that are available to customers. The Assured Open Source Software service will curate secure open-source software packages on behalf of customers. Ahead of that announcement, Protocol spoke to Venables about open-source security, enterprise security concerns and the talent shortage.

With the Assured Open Source Software, I gather that this is about more than just securing customers that are running on Google Cloud?

It is a Google Cloud-delivered product. But we're not just going to do this for things that run on Google Cloud. It could be for any software that enterprises consume into their on-premises systems, or in fact, other clouds.

What we've done at Google for a long time is we don't automatically consume open-source software into our critical systems. We take this open-source software and then we do a whole series of tests, and we find and fix security vulnerabilities before those open-source packages are consumed into our software builds.

So as we saw more organizations, over the past year or so, become increasingly concerned about [the security of] open source, we came up with the idea that we should probably commercialize what we do for ourselves. And thus was born the Assured Open Source Service.

Beyond offering services like this one, how is your security strategy accounting for the talent shortage in cybersecurity?

We recognize the big challenges customers have around cybersecurity skills, and the fact that we need to somehow create a lot more cybersecurity professionals. That's true — but we also need to spend a lot of time thinking about how we 10x the productivity of the cybersecurity professionals we've already got.

A big part of what we're doing with Chronicle and Siemplify and the Security Command Center and VirusTotal, and other things that are coming, is to arrange all those together so that when customers buy and use those services, they're 10x-ing the capability they've got without 10x-ing the number of cybersecurity people they've got. We're very focused on enabling customers to run their security more effectively with the resources they've got.

— Kyle Alspach (email | twitter)

Adjust your expectations

By some measures Arm had a great quarter. It reported record revenue of $2.7 billion in its latest fiscal year, and globally, 29.2 billion chips based on the company’s ubiquitous designs shipped. But what’s less clear is how profitable that business actually is.

Arm disclosed a measure of adjusted profit of $1 billion, or adjusted earnings before interest, taxes, depreciation and amortization. The rub is the adjustment: We don’t know what Arm’s executives added or subtracted from the company’s bottom line to arrive at the $1 billion, and it appears as though we won’t anytime soon — Arm and SoftBank, the company’s corporate owner, didn’t respond to a request to clarify the adjustments.

It’s worth being skeptical of creative adjustments because of the long, rich history of various tech companies that have used such measures to ignore costs that are inconvenient. Another SoftBank investment, WeWork, tried to convince investors that “community adjusted” profit was a reasonable substitute. Groupon tried “adjusted CSOI” years earlier, and there was an entire genre of adjusted profit measures during the dot-com boom in the 1990s. (This is not to say Arm is attempting to do so.)

Profit is important for any healthy business, but it is doubly true of Arm at the moment. It needs the cash to fund its research and development to ensure it develops designs that are relevant for the AI era of computing. And since it plans to go public within the next year, it will have to demonstrate that it is profitable enough to keep Wall Street happy.

— Max A. Cherney (email | twitter)

Around the enterprise

Renesas plans to restart a chip plant that was mothballed in 2014 and convert it to modern manufacturing standards, yet another signal that the chip shortage isn’t going anywhere anytime soon.

Speaking of problems that aren’t going anywhere, Microsoft announced a new set of cloud services designed for companies that want to achieve their sustainability goals.

Arm announced that Microsoft’s Ampere instances on Azure have achieved its SystemReady certification, the first of the major cloud providers to hew to Arm’s guidelines for ensuring enterprise software works properly on its chips.


At RingCentral, we’re focused on making hybrid work simpler for organizations so they can best set up, run and manage their business. We’re asking ourselves what's the benefit that we can derive, or that we can enable, that is better than the best-in-class in the industry?

Learn more

Thanks for reading — see you tomorrow!

Recent Issues