 Live from Las Vegas, Nevada, it's theCUBE. Covering Knowledge 15, brought to you by ServiceNow. Everyone, we are here live in Las Vegas. This is Silicon Angle and Wikibon's theCUBE, our flagship program. We go out to the events and extract the ceiling from the noise. I'm John Furrier with my co-host, Dave Vellante, David Smolley, CIO AstraZeneca. Welcome to theCUBE. Thank you. So tell us, you're at the CIO decision, just came down, John Cleese was talking. He's going to come on theCUBE later. We're going to interview him, see how he goes. But the creativity was the theme of his speech and as CIO, being strategic is about being creative. We've heard that before. So tell us, what's going on with you right now? Tell us about the business you're involved in as CIO and just a quick overview and we'll go into some of the questions. Okay, yeah, so AstraZeneca, I think we're the seventh largest pharmaceutical company globally, we're the most global of the pharmaceuticals. We do business in over 100 countries. We're about 26 billion in sales. And we are, like many of the pharmas, dealing with tremendous pressure as many of our major blockbuster drugs come off patent. So we have to look for new sources of revenue. There's also a lot of pressure from governments around the rising cost of healthcare. So they're looking at reducing the amount of money that we spend. And what we've done at AstraZeneca is we've gone back to focus on the science. So we have invested heavily in drug development. We've spent about $5 billion a year on research. We've got about 10,000 scientists in six countries. And so we're very focused on building the pipeline of molecules, the areas we focus on are cardiovascular, respiratory, immunocology. And so the other thing that's quite interesting is science is changing with the rise of the biologic. So traditionally, pharma companies did small molecules, which are chemicals. And increasingly, we're investing more in biologics, which are sort of proteins derived from life cells. So flu vaccine comes from eggs, basically. And the specific cells that are manufactured to deliver these transport mechanisms, which is what biologics are. And now we're looking at combining the small molecule and the large molecule into these new combinations, which target very specific illnesses and diseases. So really, really exciting time to be able to do this. So you got operational, you got a lot of R&D, which you guys try to keep the patents from going to the market until the last minute. So a lot of IT involved, a lot of strategic assets, not just to make sure the computers are provisioned and people have access to the applications. Really mission critical, pretty much, across the board. It was a challenge and all that. Very diverse. I mean, it's exciting. On the science side, there's a lot of big data and analytic problems. Obviously, testing drugs in animals and humans is expensive and time consuming. So the more you can do it in silica through simulations, that's kind of the future, compressing the cycle times. On the other end of the spectrum, sales, we've got 30,000 sales folks around the world, including 6,000 in China, making them mobile enabled, giving these guys the tools they need so they can get in and out with the doctors and the payers. And then you've got the whole supply chain and enabling in between. So lots of different IT challenges. It's an exciting time. Yeah, I mean, I call it hurting the cats in big form. You've got a big R&D engine, like you said before, high risk. You got to get stuff out of R&D into the pipeline, which we're in Vegas, a lot of it's a crapshoot. But you increase the probability of a blockbuster. And then when you get the blockbuster, you're under tremendous pressure. You got generics coming in, governments beating on you. You're regulated to the point where your general counselor's like, no, don't do that, don't do this. You got your job, you're balancing risk and reward constantly. So, and you came from Flextronics, right? Correct. So you mentioned you live in Silicon Valley. So a little bit now you're in London, a little different world. So talk about that whole change in your... Yeah, it's exciting, I mean, it's both frustrating and exciting, but I think it's a fabulous opportunity for a lot of industries like this because the pharma industry has been very focused on sort of inward looking and very tightly networked group of people and they're quite collaborative. But until recently, they haven't looked as much outside the industry. And so right now, I think there's a great opportunity to look at other industries and figure out about doing the impossible. So the exciting opportunity for me is to come in from a very speed-oriented industry and look at many of the things that people who've been raised in pharma, raised in AstraZeneca, take as a given, they don't challenge them and to come in and sort of ask why not? Why are we doing things this way and push the boundaries? And so it's been exciting to bring some of that radical thinking in, stir the pot a little bit. And then of course, technology is changing so fast. With companies like ServiceNow, these cloud-oriented companies are totally changing the paradigm of the cost it takes to get up and running, the speed, the different future roadmap and evolution of new technology. So it's a really exciting time. So what are some of the interesting things you've worked on since coming to AstraZeneca that you would consider transformative? Well, I mean, we've had two key thrusts, I guess, to our IT strategy. One is around insourcing. So we were about 70% outsourced to third parties. We had eight different third-party vendors that were helping us in our IT ecosystem and it was very complex. There were a lot of handoffs and a lot of waste. So we've been very focused on bringing that work in and simplifying it and cleaning it up. And the others were pushing very hard into cloud and mobile. And so in the last year, we've gone live with ServiceNow, Viva, which is for the Salesforce. We've gone cloud with Office 365 for mail. We've implemented Box, Documents Store, DocuSign, we went live on ServiceNow. We have, I'm trying to think what the others are. So multiple cloud solutions that have been implemented have given us tremendous speed and at the same time, all these tools are available on mobile devices. So as we push to that sort of any device, anywhere approach where the primary question is can I access it on my iPhone or my Samsung device? And then the secondary question is, oh, by the way, can I also look at it on the tablet or on my laptop? And so those sorts of things are transformative because it makes doing work much easier. It's interesting, you mentioned, I've heard right, since you're insourcing, 70% of your activity was outsourced. Correct. And then you brought it back in-house to make it more efficient, get more control. I thought that was the whole idea of outsourcing. Right, right, right. So it didn't work out well. We know the pendulum swings a bit. I think if you go back 10 years ago, the early 2000s, the du jour strategy was to outsource, right? And so a lot of companies went big that way. And I think the thinking, which at the time was logical, was we're not an IT company, we're a drugs company. My mess for less. Yeah, I'll give it to somebody else in IBM or Cognizant or whatever, they'll take care of it. But the reality is that these guys, they're in the business to make money for themselves, not to make money for you. And if you don't manage it carefully and if you set it up incorrectly and so on, then you find that you're not very efficient. And in our case, we had eight different vendors that were involved in a system. So if you think about doing an incident remediation on a system failure, and you'd have to get eight different companies in the room or on the phone to figure out what happened and then troubleshoot, it's incredibly painful. So we had to clean that up. So I know you're in the CIO decisions sort of tracks today, but I probably had an opportunity to see the keynotes this morning. Yeah, absolutely. So big theme was productivity, email hell. I tweeted out, Frank Slutlans made a career out of selling aspirin and painkiller. And he's found some pain. So as a CIO, I wonder, what are your thoughts on what you heard this morning in terms of some of the data that was shown, what you out of five days are spent on admin tasks? That sort of email description that Frank put forth, is that sort of reflective of what's going on in organizations today? Absolutely. I think it is probably more than we realize. You know, I think obviously, you know, Frank is promoting the platform and the sort of the service process capabilities, which are very powerful. And we've certainly found, so I've implemented ServiceNow at two companies now. And in each cases, the productivity was transformative. And some of that comes from getting all the different players on a single source of truth, a single source of data, and then following common processes. And that's extremely powerful. When you think about the global, the scalability, the multi-language, it's very, very helpful. So, you know, what I see today was ServiceNow and Frank just kind of going the next logical step, was to say, look, if you can do it for an IT service desk, why can't you do it for facilities? Why can't you do it for finance? There's so many processes that are critical for a business to run. And when you have a tool like that that creates that speed and enablement, it's easy to use. The IT department knows how to configure it, so you can pretty quickly respond in an agile method to solving problems. And ServiceNow came in under your watch? Or was it? Yeah, that's it. So we brought it in about seven years ago at Flextronics, super, super successful there. And then this past year we implemented AstraZeneca. So we're up now running it across globally and inside and outside. So these service partners, you know, the Cognizants and Infosys of the world, they're on the same instance of ServiceNow. So we're all seeing them from the same song book. It started with ITSM, sort of change management. ITIL based, yep. Okay, and are you running a single CMDB at this point? We are, yeah. We're running a single CMDB. That's a continuous improvement initiative. So we made some pretty big investments this past year in a lot of tools to allow us to monitor and collect data and things like that. There's actually a lot of really cool new technology, companies like TANIUM, which are able to scan the network, give you real-time intelligence around devices, configurations, things like that. Tools like Skyhide Networks, which enable you to actually see what's happening with usage patterns, internet, sort of things like that, so, real powerful stuff. And are you now in the process of, are you thinking about where you're at in terms of extending it into other businesses? You know, we've heard a lot about HR and facilities and marketing and finance. Yeah, so we already have the finance shared services is using it, and as well as facilities. I think we're just going live on Workday in May, and, you know, Workday is a HR tool. That will be the platform for a lot of change in our HR operation. So I think, you know, we've got the tool now and we're able to pace with the business, and the business has got an initiative around how do we simplify things, and I think it'll be an obvious choice for us as we look at cleaning up some of those different areas. Talk about the changing role of the CIO, obviously, in IT, shifting so much. Just go back 10 years ago when you mentioned, companies like SIRS now being highly successful, certainly productivity. As an executive dealing with vendors and suppliers, having business outcomes on one side, managing the relationships on another, it's really important to get the value. Talk about what's different in the past 10 years on the purchasing decisions, the platform decisions, the personnel decisions. You know, I saw that with Frank Slutman earlier about the sailing analogy, because he sails boat, crew, conditions, similar executive concepts that the CIO deals with. 10 years ago, much different timetables, to get upfront licenses, huge integration costs, and then you kind of, there's a time period you kind of get to a point where you go, you got there or you did or you didn't, you didn't like it, some people love it. So what's changed as you make these decisions as an executive? You hit on it right there. I think the number one thing that has changed the most is the cycle time, the speed. I mean, it's the, both on the demand side of what people's expectations are, and on the delivery side. So cloud has given us incredible flexibility and agility and speed in our ability to deliver. So, you know, Frank talked today about how just for this conference, they set up 40,000 instances in service now. On AWS. On AWS in like hours, right? And two people manage it. I mean, that's nuts. I got seeing Monty Python and the Holy Grail, the three questions. You know, can you support cloud? Yes. Okay, next. Can you support mobile? What? The speed of a swallow. I don't know. I think we've been the John Cleese to be on later. But in a way, there should be that kind of global consumption contract. We've heard from other CIOs who've been on theCUBE that there's a global now contract from a consumption standpoint. And there are some table stakes. And I'll serious now, what are some of those table stakes with a consumption contract? You know, and it's on both sides, right? So, it's sort of increased opportunity as well as increased risk. I mean, one of the things that's changed dramatically, obviously read about every day is the whole cyber security angle, right? Which, by the way, is enabled by the internet and the cloud and all these things. I mean, the way these guys can be so incredibly aggressive and creative in how they're attacking companies is because of some of the technology evolution. So, you know, that's- That Casey earlier said, you know, the post Snowden error, the data piece, just that piece is interesting. Oh, it's crazy. It's crazy. So that's something, I mean, there's real risk there, right? For companies and for individuals leading. So, you have to be very, very much on top of that. And it's moving so fast. I mean, no one knows. You know, they used to say, there were two companies, you know, companies that had been hacked and companies that were going to be hacked. Now it's kind of like there's two companies, there's companies that know they've been hacked and companies that have been hacked. But don't know they've been hacked, right? So it's just- That's a quote. Yeah, that's totally true. So kind of staying ahead of that is kind of the defensive part, I guess. You know, on the other side, there's just so much opportunity. And, you know, I think the companies and the teams and the CIOs who go for those opportunities aggressively are going to have competitive plans for the others. There's a lever of opportunity. The lever there is, you can move the ball down the field big time. But the risk is the security. With the perimeter going away, how do you deal with that? Is it cryptography? Is it, you know, virtualization? I mean, that must be one of the top conversations you have. It is. I mean, I think the posture of most companies is more offensive and less defensive these days. I mean, not in an attacking sense, but, you know, I think people are beginning to recognize you cannot operate with walls and moats anymore. You mean not waiting for an incident or a breach? Exactly. Being more proactive in the pattern recognition. That's right. And do your best. Recently, the assumption is you are a breach. You're going to be breached. So you can't keep them out. But what you can do is keep them from leaving with anything of value and stop them. So how do you, how do you sense it? One of the early employees of Illumio, one of the hot startups in Silicon Valley just got a hundred million dollars in funding. Like only a couple of years old, they said there's no more lock and key at the front door. It's a thousand soldiers inside the company, around the apps. Do you believe in that philosophy? Do you see it that way? Yeah, absolutely. Absolutely. And I think so, the key is what assets do you need to watch? What individuals do you need to watch? How are you looking at anomalies in behavior, pattern recognition, those sorts of things, so that you can move in quickly with the right assets, the right mitigating factors to solve things. So I got to ask you the question on the, because you're CIO, a blue bit bias, but not always comes up. Cause it's always kind of like a jump ball at this point depending on who you talk to. The CISO is a new role. That report to the CIO, some say, some say it should report to the CEO, both dotted lines. The Chief Information Security Officer, I see RSA is going on in San Francisco right now, it's a big debate, things like that. And things like reporting breaches and incidents, or incidents to share with other companies. What's your philosophy on both those concepts? I think reporting relationships are overrated. So the answer is it depends. And the most important thing is not the reporting relationship, but it's the effectivity of the individual. So in my case, I have a CISO who reports to my head of infrastructure or not. So he's actually one level down from me. However, I know that guy really well. In fact, we worked together at previous companies. He's like Lieutenant, but he's close to the action. He's close to the action. He deals with the audit committee at the board level. He deals with the CEO, he deals with me. And so he's able to navigate, negotiate, work with the individuals. He's got great relationships outside. The company, what's most important with CISOs these days is do they have the right relationships with government, with third party experts, with other CISOs so that they're sharing information to kind of. So what you're saying if I translate, politics doesn't really matter when life's on the line with security because you want to get the job done. So it doesn't really matter where you are. It's pretty hot position. I mean, I think so. I think the question is, are you effective? Do you have the information you need? Do you have the resources you need? And are you able to make the decisions without getting slowed down? And by the way, same for the CIO, right? So when you think about the remediation pie for security, we've heard service now talk about some new security apps and capabilities. Where does that fit in relative to, I mean, you mentioned two types of companies. Those could act, those that haven't don't know it. It's, I don't know, what the stat, 250 days before you realize this is intrusion. Okay, so in thinking about spending more money, not just on the perimeter, protecting a bit of figuring out where the hacks are coming from and other remediation techniques, how much of a difference can service now and technologies like service now make in your opinion? Just one arrow in the quiver? Is it a big chunk of the? No, it's huge because it's knowledge, right? So it's data. What service now gives you is a repository and a series of processes for effectively understanding a situation. Now, as far as security specifically, it's one part of the story. So you need other tools to collect security data and to mitigate and so on. But what that becomes is a bit of, they're calling it the ERP of IT. It's sort of where you go to understand your devices, where you go to understand the key processes and people and deal with them. So visibility, really. Absolutely. Dave, we really appreciate you taking the time. I just put a tweet inside of there because that was a really awesome candidate answer on the great answer on the CISO. Just overall, great insight. Thanks for taking the time. I'll give you the final word here. Get your thoughts and the segment on what is everything as a service to you as a CIS? I put the marketing stuff aside. It is good marketing. I got a hand at the service now on that. It does imply where we're going, basically cloud. But what does that mean to you as you've moved that into practical terms into your organization? What the hell does everything as a service mean? Translate that for us into practical execution terms for you at CIO. Well, for me, service is important. I'm coming into an environment which was probably overly emphasizing the service and not enough emphasizing the performance and the technology. So I'm sort of, in AstraZeneca, we're downplaying the service a little bit to focus on technology leadership, operational excellence, customer focus, simplification, collaboration, those kinds of things. Foundational like services? Foundational stuff, yeah. So the service itself simply says, look, you're going to do a piece of work. You've got a customer, right? So there's a piece of work. You've got inputs and you've got outputs and you've got to be real clear on what those are and where the boundaries start and stop and how you're going to measure it. That's what service is about. You might have heard the buzz word. That's been Keith Brown at Silicon Valley, right, that's pretty hot, microservices. Right. What the hell does that mean? A part of a service? Is it more app-driven and is it more? Because you hear it more in the DevOps on the Edge app side. Right, right. What does that mean to you? What, honestly, hadn't thought about it. I don't know. But what I assume it means is, again, as we bring DevOps more closely together, you're able to decompose into smaller pieces. It's much more modular. You're able to actually move parts and pieces around. Yeah, you can docker container. These are the new trends about interoperability. I think that's where they're trying to. Let's get some traction. It's a little bit of cool-aid phase right now, but you know, implied services. Yeah, yeah. David, thanks for coming out on theCUBE. Really appreciate it. It's Molly, the CIO here inside theCUBE. Sharing the data with you, extracting the signal from the noise. Here at ServiceNow, live in Las Vegas. We're on day one of three days of wall-to-wall coverage, Dave. We got a lot more coming. This is theCUBE. I'm John Furrier with Dave Vellante. Go to SiliconANGLE.tv, go to CrowdChat.net, slash no 15 for all the conversations. Join the conversations. We'll be right back after the short break.