Cisco Buys Splunk: First Thoughts

Yesterday morning US-based computer industry analysts got an early wake-up call with news that Cisco (CSCO) intends to buy Splunk (SPLK) in a deal valued around $28 billion. While the purchase wasn’t a complete surprise (the two companies had talked about the possibility as recently as last year), neither had it been on the recent rumor circuit. While the IT industry will probably have at least a year until the purchase is finalized to discuss and plan for “what comes next,” I spent a day thinking about the deal and what it means for different players -- here are some initial thoughts.

The most important point is to recognize something that Cisco made crystal-clear: This purchase is all about cybersecurity. Though Splunk's analytical engine is used for all sorts of tasks, it's the security capabilities that have caught Cisco's corporate eye and will be Splunk raison d'etre going forward. While Splunk functionality can have a huge impact on performance and resilience, those features will have to overcome major corporate headwinds to get traction in the future.

Cisco -- For the buyer, this makes complete sense. They get the market-leading analytics and SIEM company to bolster/replace their native offerings. More important, they get a massive recurring revenue stream to go along with their massive single-point hardware sales. While some stock analysts thought the price was too dear, I see this as a long-term win for Cisco with very little risk.

Splunk -- Given the share-price premium Cisco is paying, this is also a win for Splunk. In many ways, Gary Steele's tenure as CEO has been priming the company for a sale like this. Splunk now gets a home with very deep pockets and a focus on a single type of data going forward. There will likely be significant force reduction in back-end operations as Cisco looks for economies after the sale is complete.

Cisco Customers -- Cisco customers should see new opportunities for better security, especially if they're not already Splunk customers. For those that are Splunk customers it will be interesting to see how the licensing works out -- how the integration results in lower/simpler/better licensing terms.

Splunk Customers -- Here's where my real questions live. Splunk has a large and quite enthusiastic user base with its own culture. That culture has brought a great deal of value to Splunk customers through code development, education, peer consulting, and other activities. If Cisco manages to destroy that through intention or neglect, it will be a major loss to existing Splunk customers.

There's also a huge set of questions for Splunk customers who are not Cisco customers. One of Splunk's great strengths has always been its ability to ingest pretty much any data from any source. If it turns into a Cisco-centric product set, that will take another huge chunk of value away from existing customers.

There have, so far, only been the broadest sorts of statements about how the businesses will be integrated but this is, to me, one of the areas that will bear the closest watching. Depending on precisely how it's done, it can either add tremendous value for both customer bases or be the beginning of a major disappointment for the Splunk customers.

Buttercup -- I hope they find a nice pasture for the Splunk pwny. After years of faithful service, it deserves nothing less.

?

?