Q&A: Splunk Channel Chief Emilio Umeoka On IoT, Security, Partner Plus
Splunk’s a natural for service providers looking for deep insight into customer systems.
September 22, 2015
If you’ve ever worked in operations or security, you likely have a soft spot for Splunk. Its flagship product is a mainstay for analyzing massive quantities of security and operational information from a huge array of sources, in an open way, and without a team of expensive data scientists. At its annual conference this week, the company announced new initiatives for IoT and application-focused analysis. It’s also rolling out today an IT Service Intelligence offering that provides a central, unified view of services and uses advanced analytics to spot anomalies, detect root causes and predict how customers will be affected.
ITSI is a natural for service providers; you can check out the Splunk ITSI online sandbox now.
Splunk recently named the former CIO of GE Capital, Snehal Antani, SVP in charge of IoT and business analytics, and in February launched a new Partner Plus program that features technical enablement via webcasts, community building, even professional-services shadowing programs.
Channel Partners recently sat down with Emilio Umeoka, who has been Splunk’s vice president of Global Alliances & Channels for about 18 months. Previously, Umeoka was SVP worldwide partners at Juniper Networks, which he joined after a stint with Microsoft. Splunk’s partner organization comprises traditional VARs, resellers, distributors, OEMs, MSPs and MSSPs, as well as technology alliances that span the tech ecosystem.
Umeoka is less concerned with direct versus indirect and is more focused on finding partners that can influence deals and add value via services and education — that, he says, is where the money is.
Channel Partners: Give us some background on Splunk.
Emilio Umeoka: We formed in 2002; created our first product in 2004. We went IPO about three years ago. We have a few areas of focus: buying centers, security, IT ops and application delivery composed of application management and application development. We’re getting more focused on the Internet of Things and business analytics.
We are made up of four theaters: the Americas, with public sector a separate theater, EMEA and APAC. We cut across use cases from health care to machine data to financial services, retail, service providers, oil and gas. It could be in security, it could be to improve efficiency, it’s always about driving costs down and creating productivity.
CP: What type of partner is most typical? Do you have more MSPs, more straight resellers, more ISVs?
EU: It’s a combination. It depends on the customer size. Major accounts may leverage a system integrator or …
… a global outsourcer. They could be a big value-added reseller like Computacenter, for example, in the U.K. On the enterprise side, it’s more the traditional resellers and VARs.
CP: In the year or so you’ve been with Splunk, what changes have you made in the partner program?
EU: We launched a new partner program at the beginning of February. It’s called Partner Plus. It addresses three priorities for us: Help our partners bring net new customers, increase their average selling price, and reduce time to market. We have several ways of addressing those areas. One is to focus on partners that can invest and grow with us. The second focus is how we drive technical enablement, sales enablement, marketing enablement. Enablement is the key backbone for any partner program. It’s how you transfer knowledge at scale.
And the third focus is how we engage our sales team so they understand the value proposition of every single difference between an MSI, an MSP, a VAR and a reseller, so they can go to market with the right partners on their accounts.
CP: Our readers care a lot about cloud. What is the pitch you give a channel partner to resell the Splunk Cloud?
EU: What we usually tell our partners in terms of positioning is that it’s about customer choice. You can have Splunk on prem, you can have Splunk on cloud, or you can have a hybrid model where you can search your data either in the cloud or on prem. The cloud benefit, of course, is time to adoption, because you don’t have to have any infrastructure. It’s time to productivity. And it’s easier to plan in terms of cost in the future.
Partners can aggregate a lot of value by creating dashboards, creating reports, helping customers through the implementation process. There are a lot of benefits for our partners in terms of services. And, the sales cycle of a typical cloud sale is shorter because it’s not dependent on either having the right infrastructure or having to buy new servers, storage or virtualization. It has a big impact on ROI, if the customer is ready to move to cloud.
CP: Some partners worry about shifting their revenue model to the recurring stream. Do you help them with that?
EU: No, we just say that’s the way it’s going to go. Seriously, and I’m being very open. That’s the way the market’s moving. So they need to build the right financial strength to go through that. The customer will dictate how the pricing model, how the business model, will evolve.
CP: Security and Internet of Things are both places Splunk has plays. For IoT, you guys seem to be in the right place at the right time.
EU: On IoT, we have some very specialized alliances with the likes of [industrial automation software maker] Kepware, for example, where they created a data forwarder. We use our schemas on the fly. We don’t have any structured database, so you can send machine data – any kind of machine data, whether it’s your microwave or your watch or your Toyota – and it can be searched and put on …
… dashboards for analysis. We work on the alliances side to make sure we have enough of what I call “forwarders,” applications that forward data from a particular machine to Splunk. We index that machine, and then you can produce queries, from which you can produce business insight.
We have a very interesting case of New York trains; they analyzed data in terms of fuel consumption and how to optimize braking and acceleration, and they will save up to $1 billion worth of fuel this year just using machine data.
CP: One of the challenges for IoT is security — there’s so much data, and there are no standards. How do you help with that?
EU: We recently acquired a company called Caspida [for] behavior analytics. What Caspida does is go it checks on particular points of discrepancies and behavioral changes, and instead of creating your own questions, like “OK, am I being infiltrated?” Caspida basically checks everything. It can check data back to whatever point you select, like let’s say two years ago, and really drives some insights and patterns that you could be looking at in the future. You could have been infiltrated already, and you don’t know. That’s the beauty of Caspida, for example.
Of course, you can do fraud detection and fraud prevention. We offer Splunk Security, an enterprise security system that runs on top of Splunk Enterprise, and we work very closely with other security vendors, like FireEye and Palo Alto as well as Cisco.
Security is always evolving. Once you’re infiltrated, how quickly can you know that you’ve been infiltrated? And how can you manage your systems and prevent them from being infiltrated in the next round? One focus is prevention, the other is detection, and the third is on analysis and forensics. We have solutions that cut across the three areas.
CP: Your SIEM offering is very well-known, and this is getting to be a crowded market. What is your strength here; why should an MSP or MSSP go with Splunk?
EU: Again, it’s the ability to collect data from any of those vendors that I talked about. We cut across and we have forwarders from Palo Alto, from FireEye, from Cisco. We can work in conjunction with ArcSight. We can replace ArcSight if the customer wants.
The beauty of Splunk is that it’s not only on the security side; you can get a forwarder from Juniper, a forwarder from Cisco. Anything that is a machine data, we or our partner ecosystem or developers or our own alliances will create forwarders to that. AWS, for example. EMC. Nutanix. All of them have forwarders that will send information to Splunk. So from a security perspective, you have a much broader view than just one single-vendor type of approach.
CP: How do you see your IT portfolio changing in the three- to five-year span? What are you guys working on?
EU: We recently hired an SVP to be in charge of IoT and business analytics, Snehal Antani, who used to be the CIO of GE Capital, and he brings a lot of understanding on business analytics and IoT. The company has also started investing in the last two years on very strong market group leaders. Haiyan Song leads the security piece. Rick Fitz leads IT ops and applications. Marc Olesen leads the cloud initiative. On the security side, you saw the recent announcement that I mentioned about Caspida. It’s just broadening our …
… portfolio with some great technology that’s either built from within or that’s acquired and is very complementary to Splunk.
CP: Do you have other plans for your channel strategy especially?
Emilio: We have a great opportunity for MSPs looking to become managed security service providers. We just closed one big MSP that we’re not ready to announce, but we’ll announce very soon. That could be a new channel for us. We have a very strong go-to-market alliance with AWS. You’ll see some announcements this week with Cisco as well. So we have both the alliances from a technology perspective but also what I call “meet in the channel” alliances where do something together. We’re doing a road show with Palo Alto and Optiv, for example. Optiv, as you may know, is a combined entity of FishNet and Acuvant. We’re doing this in 10 cities here in the U.S.
And you see us more engaged with the outside community as well. Some big system integrators are starting to provide services using Splunk as part of their practices. So it’s a combination of traditional channels and technology alliances, strategic alliances, SIs and meet-in-the-channel value propositions where working together makes us better. What we call “better together.”
When you talk about the next three to five years, it’s a long road. We’re establishing ourselves as the platform for machine-to-machine business analytics and business insights. I think you’ll see us grow to become the platform.
CP: Can you talk a little bit about your revenue model with the channel?
EU: Traditional selling of licenses plus support, professional services. Opportunity registration. The Partner Plus model is migrating to, the more value and technical resources they provide to the customer, the more points they make in terms of discounts and margins, the more benefits they have. So a traditional partner program, where you have three qualifications depending on revenue-side certification, and then portfolio — are they a security player, are they an IT ops player, do they cut across? What competencies?
There’s a partner-value registration process, where the more they add in terms of their technical skills, their sales skills, their closing skills, their capabilities in terms of financing the customer, the more points they make. So it’s a progressive table.
CP: What business advice that would share with the Channel Partners community?
EU: Make sure you’re betting on the right technology. That’s first and foremost. Can you understand it and can you see the road map? We’re sharing more and more with our partners. We’re opening our road map to them so they know where to be investing. We have advisory councils, partner summits. They get very engaged with our key executives; they can ask questions. They have roundtables with some of the major SVPs that we have in the company. So they know the company direction, because they need to bet on the right horse.
And then it’s about commitment and clarity of the rules of engagement so they know where they need to invest ahead of time and how to measure ROI.
Sometimes people get fixated on direct/indirect mix. I’m not fixated on that. I’m fixated on measuring how much value our partners are adding to Splunk and to our customers.
Follow editor in chief @LornaGarey on Twitter.
Read more about:
AgentsAbout the Author
You May Also Like