putilov_denis - stock.adobe.com

Splunk AIOps development to be led by new 'hands-on' CEO

Splunk product development will be led by the company's new CEO following another high-ranking exec's departure, prompting speculation about the vendor's long-term priorities.

Splunk's new chief executive plans to lead the security and observability vendor's product development teams following the departure of another high-ranking executive from the company, raising eyebrows among some industry experts.

Shawn Bice, president of products and technology at Splunk since June 2021, departed the company as of June 16, according to remarks by Splunk's new CEO, Gary Steele, in the company's earnings call May 25. Bice was hired as part of a wave of new executive appointments last year that caused some consternation among employees, especially as new hires such as Teresa Carlson, the now-former president and chief growth officer, were positioned by the company above existing managers instead of promoting from within.

Carlson stepped down in March, just as Steele was taking over as CEO following a three-month search for a replacement for his predecessor, Doug Merritt, who stepped down in November 2021. Carlson's and Bice's roles will not be filled, Steele said on last month's earnings call.

"My first priority has been to increase internal speed and agility across our people and organizations," he said. "Flattening our org structure will help us do that."

As part of this plan, Steele will directly lead the product marketing and development organizations.

"One of the things I'm actually personally super excited about is rolling up my sleeves and working closely with the engineering leaders to drive higher speed, agility and a faster pace of innovation," Steele said in response to Wall Street analyst questions on the earnings call. "I love to get my hands dirty and work directly with the engineering teams. ... We're really well-positioned to do that within a flatter organization."

I love to get my hands dirty and work directly with the engineering teams. ... We're really well-positioned to do that within a flatter organization.
Gary SteeleCEO, Splunk

In his first Splunk .conf22 keynote as CEO this week, Steele outlined his strategy for Splunk's products: to include more advanced machine learning and AIOps automation features as well as further federated search capabilities among distributed data repositories.

"We intend to accelerate our investments in machine learning and automation so that [customers] can predict more issues before they become costly problems," Steele said during the keynote presentation. Machine learning product advancement will focus on improving Splunk's anomaly detection algorithms, risk-based alerting prioritization and making it easier to write queries within AIOps tools, he said.

"We want to take on complexity head-on and lead the market in federated search," Steele continued. "We believe you should be able to decide to move data when you want to move it and make it as efficient as possible. ... You'll have the ability also to think about where you want to store your data and how you can take advantage of the lowest-cost options available."

Finally, Splunk will continue to integrate its security and observability tools and add further collaboration tools for DevSecOps teams to triage incidents together, according to Steele.

Industry watchers predict Steele will bring cybersecurity focus

During his .conf22 keynote presentation, Steele mentioned lowering storage costs using cloud services such as Amazon S3, and Splunk Cloud this week added support for lower-cost "cold storage" in SmartStore on Azure. Splunk also rolled out workload pricing last year in a bid to address customers' longstanding concerns about its licensing costs. But one industry analyst wondered whether Steele's strategy could go farther in that direction.

"When looking at the various components mentioned in the earnings call and announcements, it appears that simplicity and efficiency are underpinning the decisions Steele is making at Splunk," said Carlos Casanova, an analyst at Forrester Research. "What I don't see spoken about enough are costs to their clients, which is a fairly well-known issue in the marketplace."

A former Splunk executive watching the news this week said Splunk's organization could use some flattening, and the roadmap Steele laid out is reasonable.

"Historically, there had been a problem with spreading too many bets too thinly," the former executive said. "Focus and direction would only help in delivering."

However, another former employee, who said he left the company earlier this year due to Merritt's departure, felt Steele's hands-on management might not be good news for the company's cloud-native observability tools. Before taking over as Splunk CEO, Steele led a cybersecurity company, Proofpoint, but hasn't led product development for DevOps software. Steele spent 20 years at Proofpoint, and before that, he led a SaaS startup focused on the professional services industry from 1998 to 2002.

"This tells me Splunk is going to be 100% a security company and leave observability and DevOps behind," the former employee said.

Morphing into a security company wasn't Splunk's stated intention during presentations this week, nor was it during Steele's earnings call remarks last month, where he stated Splunk still sees "two primary buyers" in security and observability.

But there is increasing momentum around observability with the IT security industry, according to a survey conducted by Dynatrace this month. And Forrester's Casanova also predicts a shift toward more of a focus on security tools for Splunk long-term.

"The departure of two key individuals without backfills, comments regarding 'flattening the organization,' and heightened 'focus on engineering' lead me to believe we should expect more organizational changes and possibly new capabilities that focus on the security business as well as improving the delivery efficiency of their offerings," Casanova said.

In earnings call remarks and during .conf22 presentations, Splunk remained focused on its existing audience of large enterprises rather than on the developer-led market of emerging midsize companies targeted by rapidly growing observability competitors such as DataDog. Splunk CFO Jason Child told financial analysts that security accounts for 50% of Splunk's business and is the fastest-growing part of that business in terms of revenue.

Steele also noted links between security and observability trends on the earnings call.

"One of the things that has been really interesting to me is to see the leverage that we're getting from ... traditional security customers into observability," Steele said. "The market opportunity is very simple, in that when something goes bump in the night and there's an application failure, companies want to know, 'Is that a security issue? Or is that just an application failure?' And it's really looking at a lot of the same data. So we benefit from being able to have that insight."

Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.

Next Steps

Splunk .conf22 focuses on scaling observability for the cloud

Dig Deeper on IT systems management and monitoring