May 17, 2022
Hello and welcome to Protocol Enterprise! Today: how a 50-year career at SAP is winding down for Hasso Plattner, why Google wants to provide security software outside its cloud, and Arm’s dubious profit claims.
Is the debate over the merits of cloud repatriation starting to bear fruit? According to Red Hat’s 2022 State of Application Modernization survey gauging hybrid cloud use, while 98% of survey respondents are currently running applications in the public cloud, just 88% said they expected those same applications to run in a public cloud two years from now, whereas the number of respondents who said they would be running applications in their own data centers in two years increased to 55%.
[Editor’s note: Please welcome Joe Williams back to the Protocol Enterprise newsletter!]
Just one man has been with SAP over its entire 50-year history: co-founder Hasso Plattner. Now, the 78-year-old software visionary is making his last stand.
On Wednesday, Plattner will run for a final two-year transition term atop SAP’s supervisory board, an entity mandated by law in Germany that basically oversees the executive team. Leaders at SAP, for example, report to the supervisory board, not the CEO.
However, the vote comes at a tumultuous time.
Despite the controversies, it’s likely Plattner succeeds in getting elected to a new term.
Plattner’s authority extends beyond SAP; he is a force in German business and politics.
Questions have been raised in the past, however, over how heavily SAP has relied on Plattner’s continued involvement.
In a world where founders appear intent on holding on to their prized possessions for as long as possible, it’s not surprising Plattner would look to even further extend his authority.
The speed at which security has been built up over the last 12 months has been a derivative benefit of what we’ve seen during the pandemic. Privacy, compliance and security are three legs of the same stool. What we’re seeing increasingly is that intersection continuing to happen. RingCentral has invested in all those elements.
In August, Google Cloud pledged to invest $10 billion over five years in cybersecurity — a target that looks like it will be easily achieved, thanks to the $5.4 billion deal to acquire Mandiant and reported $500 million acquisition of Siemplify in the first few months of 2022 alone.
But the moves raise questions about Google Cloud’s main goal for its security operation. Does Google want to offer the most secure cloud platform in order to inspire more businesses to run on it — or build a major enterprise cybersecurity products and services business, in whatever environment it’s chosen?
According to the cloud provider’s chief information security officer, Phil Venables, Google doesn’t need to pick just one of those goals to focus on.
On Tuesday, Google Cloud announced the newest addition to its menu of security offerings that are available to customers. The Assured Open Source Software service will curate secure open-source software packages on behalf of customers. Ahead of that announcement, Protocol spoke to Venables about open-source security, enterprise security concerns and the talent shortage.
With the Assured Open Source Software, I gather that this is about more than just securing customers that are running on Google Cloud?
It is a Google Cloud-delivered product. But we're not just going to do this for things that run on Google Cloud. It could be for any software that enterprises consume into their on-premises systems, or in fact, other clouds.
What we've done at Google for a long time is we don't automatically consume open-source software into our critical systems. We take this open-source software and then we do a whole series of tests, and we find and fix security vulnerabilities before those open-source packages are consumed into our software builds.
So as we saw more organizations, over the past year or so, become increasingly concerned about [the security of] open source, we came up with the idea that we should probably commercialize what we do for ourselves. And thus was born the Assured Open Source Service.
Beyond offering services like this one, how is your security strategy accounting for the talent shortage in cybersecurity?
We recognize the big challenges customers have around cybersecurity skills, and the fact that we need to somehow create a lot more cybersecurity professionals. That's true — but we also need to spend a lot of time thinking about how we 10x the productivity of the cybersecurity professionals we've already got.
A big part of what we're doing with Chronicle and Siemplify and the Security Command Center and VirusTotal, and other things that are coming, is to arrange all those together so that when customers buy and use those services, they're 10x-ing the capability they've got without 10x-ing the number of cybersecurity people they've got. We're very focused on enabling customers to run their security more effectively with the resources they've got.— Kyle Alspach (email | twitter)
By some measures Arm had a great quarter. It reported record revenue of $2.7 billion in its latest fiscal year, and globally, 29.2 billion chips based on the company’s ubiquitous designs shipped. But what’s less clear is how profitable that business actually is.
Arm disclosed a measure of adjusted profit of $1 billion, or adjusted earnings before interest, taxes, depreciation and amortization. The rub is the adjustment: We don’t know what Arm’s executives added or subtracted from the company’s bottom line to arrive at the $1 billion, and it appears as though we won’t anytime soon — Arm and SoftBank, the company’s corporate owner, didn’t respond to a request to clarify the adjustments.
It’s worth being skeptical of creative adjustments because of the long, rich history of various tech companies that have used such measures to ignore costs that are inconvenient. Another SoftBank investment, WeWork, tried to convince investors that “community adjusted” profit was a reasonable substitute. Groupon tried “adjusted CSOI” years earlier, and there was an entire genre of adjusted profit measures during the dot-com boom in the 1990s. (This is not to say Arm is attempting to do so.)
Profit is important for any healthy business, but it is doubly true of Arm at the moment. It needs the cash to fund its research and development to ensure it develops designs that are relevant for the AI era of computing. And since it plans to go public within the next year, it will have to demonstrate that it is profitable enough to keep Wall Street happy.— Max A. Cherney (email | twitter)
Speaking of problems that aren’t going anywhere, Microsoft announced a new set of cloud services designed for companies that want to achieve their sustainability goals.Arm announced that Microsoft’s Ampere instances on Azure have achieved its SystemReady certification, the first of the major cloud providers to hew to Arm’s guidelines for ensuring enterprise software works properly on its chips.
At RingCentral, we’re focused on making hybrid work simpler for organizations so they can best set up, run and manage their business. We’re asking ourselves what's the benefit that we can derive, or that we can enable, that is better than the best-in-class in the industry?
Thanks for reading — see you tomorrow!