How Splunk is ‘splunking’ data for APAC enterprises19 Jul 2018
What started out as a platform created by its engineer founders to ease IT operations has grown to become one of the darlings of enterprise technology as well as Wall Street, having achieved double-digit revenue growth for several years.
In an exclusive interview with Computer Weekly, Chern-Yue Boey, Splunk’s vice-president for Asia-Pacific (APAC), talks about the company’s business strategy in the region, how enterprises are using the firm’s technology to manage security and IT operations, and its recent moves to transform industrial operations.
What is Splunk’s footprint in the APAC region? Where do you see the growth coming from, besides the SIEM (security information and event management) market that Splunk is said to have created?
Boey: Let me start by correcting a little bit of misconception. Yes, we are very well known in the SIEM space, but our heritage started in IT operations. Our founders were engineers who managed datacentres and wanted to build a platform that could help them do a better job in IT operations. Over time, the platform became useful to security teams, who started using it to make security decisions.
From a market perspective, APAC on the whole is probably a little behind the curve compared to the US, where growth has ramped up. That said, mature APAC markets such as Australia, New Zealand, Singapore, Korea and Japan have been growing very quickly, driven by the nervousness of being exposed to cyber threats.
So do you engage customers more from an IT operations or cyber security angle these days? Or is it a good mix of both?
Boey: The Splunk platform is used as a machine data fabric that supports many different use cases. Security and IT operations are the main use cases – and our business is fairly split between the two – but if you look across the world, including APAC, the platform is increasingly being used for business analytics and the internet of things (IoT). In fact, there is a long tail of use cases that may not even fit into those areas.
For example, we have a customer running GPS data on the Splunk platform to see where its cargo ships are, and to predict the trajectory of ships approaching a port. That has nothing to do with security or IT operations.
Our customers usually talk to us about a single use case or problem they want to solve, but once they start ingesting the data and go through some data source analysis workshops with us, they will start to find other use cases for the same data.
Would you consider that as upselling, in a way?
Boey: Yes and no. I used to sell hardware, and upselling is when we to try to sell more storage and other hardware. But in our case, we are not upselling anything. What we have is a platform where customers can derive more value from the data they have today with the investments they have made with Splunk.
While they may want to ingest more data sources that may result in some additional purchases, what is more important for us is to say to customers: “If you already have these data sources, what else can you do with them?”
We have telcos that bought our platform to run IT operations. But because of the way we ‘splunk’ their data, they started to use Splunk in business analytics to understand the buying patterns of pre-paid mobile customers across different locations, giving them a better sense of the performance of their retail channels.
I noticed you used the word ‘splunk’ as a verb. What does splunking data mean?
Boey: Splunk, as a name, came from the word spelunking, which means the exploration of caves. So we look at it, basically, as a verb, as a motion. So when we splunk data, it means pulling data into our platform to derive insights.
I think what we have that nobody else has today is the investigative nature of our tool. We have the ability to work with both structured and unstructured data without using a schema. Splunking takes place when you search for answers from the data, and it is only then when the schema is set right.
The traditional way of managing data is to create a schema first before performing ETL (extract, transform, and load) functions on that data. The problem with that is, how will you get answers to questions you may have in future? It’s hard to build a schema that will be purposeful for everything – creating new schemas to answer new questions is a very painful process. Our beauty is that we just take the data as it is, store it in our platform, and when you ask questions, we’ll splunk it by correlating data points to derive insights.
Splunk has introduced term licences in addition to perpetual licences. How has that shaped your customer engagements in APAC?
Boey: Surprisingly, we are a region with a very high mix of term business, more so than in other regions. Customers who bought perpetual licences in the past are now looking at how they can manage their costs a little better in tandem with the growth of their data and business. We are seeing a lot more acceptance of term licences, partly due to the fact that the subscription-based pricing model has been taking off over the last few years with products such as Microsoft Office 365.
You said more so than other regions. What is the breakdown in terms of your term versus perpetual business?
Boey: I can’t give you a breakdown, but I can tell you that what surprised me most was the acceptance of term licensing as well as the cloud model, for which we’ve been doing very well in APAC. Just think about it – if the data trajectory continues to grow, you will need to buy more and more storage to store the data, so it’s not just about buying a licence. Going to the cloud will solve this issue.
Having said that, are there customers choosing perpetual licences for on-premise or private cloud environments?
Boey: We have the Splunk Cloud, which is essentially a cloud platform for Splunk through our collaboration with Amazon Web Services (AWS). Customers can buy perpetual and term licences for their public or private cloud environments as well. In fact, we have a lot of customers using Splunk in their AWS environment. We have a tertiary education provider in Australia that purchased an instance from us and put it on AWS. They splunked the data from Wi-Fi hotspots to get insights on energy usage, which on-campus cafes should remain open after a certain time, and whether they should open more lecture theatres.
The Splunk Cloud rides on AWS, which runs datacentres only in certain APAC markets, such as Australia, Singapore and Japan. Have there been cases of customers in countries without an AWS presence that cannot host data outside their countries perhaps due to data sovereignty requirements?
Boey: The AWS Singapore datacentre works well for most customers in the region most of the time. In markets like China, we tend to be very pragmatic and sell on-premise software that customers can put on Alibaba Cloud and Tencent Cloud. What we focus on in those markets is to make Splunk work in their cloud environments. We have a major win in China with an internet company that runs everything on Alibaba Cloud. We also have products to help customers better manage cloud resource usage and cost. From a strategic perspective, rather than have Splunk Cloud in China, which will take a lot of heavy lifting, we prefer to partner with cloud suppliers.
Splunk has recently introduced an industrial IoT offering to better monitor and analyse industrial IoT data. What is the thinking behind the move and what kinds of traction you expect to see for that in APAC?
Boey: It goes back to two things – one is really around using Splunk as a SIEM system to manage OT (operational technology) security, and the other is our recent Phantom acquisitionthat will allow customers to automate tasks and orchestrate workflows when responding to IT and security incidents. The Industrial Asset Intelligence product that you talked about hasn’t come to APAC yet, but it will come pretty soon.
From an APAC perspective, this product is very, very crucial. We have several sectors where we’ve done very well – financial services, telecoms, public sector and manufacturing, and all have huge IoT potential. There is a customer that runs a wind farm, for example, and wants to do predictive maintenance before things break down. In India, there’s someone who’s already using Splunk to manage their turbines.
OT suppliers tend to use data formats that are not open and usually proprietary. How do you make sure their data can be ingested?
Boey: The data can definitely be ingested. Again, the beauty of what we do here is that data, in any form or format, can be ingested into our platform. The critical part is how do you interpret the data? If customers have machine data and their engineers know what the codes are, we can certainly work with them.
For example, we have customers in China using local products that generate data such as security logs that do not conform to global standards. But as long as they know what the product is, and what the log data means, we can ingest it.
The company is now growing at double-digit rates. How do you keep up with the growth, especially in APAC, which is presumably growing even faster?
Boey: Asia has grown very fast. I’ve been in the company for two and a half years. In the first two years, the overall APAC business grew close to three times. We have also increased the number of people across the region by that same factor. In China alone, we have grown our headcount by more than 10 times.
There is a lot of investment just to catch up with the growth. Besides making heavy investments on our own, we are also investing a lot in our partners across the region.
What about research and development (R&D)? Is it driven largely out of the US?
Boey: Interestingly, the first external R&D centre outside the US is in Shanghai. We’ve had that centre for a good six years. It’s a very critical part of our overall operations, especially in China, where we have to make sense of the data for our Chinese customers. They are also part of the global R&D team that works on our product roadmaps.