 Live from Las Vegas, it's theCUBE, covering Knowledge 16, brought to you by ServiceNow. Here your host, Dave Vellante and Jeff Frick. Welcome back to ServiceNow Knowledge 16. Hashtag no 16, this is Silicon Angles theCUBE, our flagship program, we go out to the events, we extract the signal from the noise. Dan McGee is here, he's the COO of ServiceNow. Been on theCUBE a number of times, Dan, great to see you again. Good morning, happy to be here. Fresh off the keynote, yeah. Have you ever spoken to an audience that large before? Last year, a little bit smaller, but yeah. Once you get past the first 20 rows, they kind of all are the same from the stage. A lot of lights, yeah. But I thought it went well, you guys really hit on that message of service management, bringing service management to other enterprise functions. You know, that strategy, talk about how that strategy developed and now you're really seeing it come to market. Yeah, well it was born out of our own experience in trying to run the company, you know, if you, for example, want to improve the customer experience, what better way to do that than to sort of tie the very things customers are saying through customer service management application back into the people that are creating that experience. And the same thing takes place throughout all the other processes in the company, create a complete closed loop workflow and you know, magic happens when people have the right information in front of them. Well, you guys, I found out the other day that you guys actually use ServiceNow for your CRM. Yeah. Which is kind of rare. Most companies, you know, use Salesforce or. Well, no, you know, most of the things we have in our CR, in our, you know, you're right, for CRM, that's right, we do. Well, of course we are, because we're ServiceNow, but it actually works quite well, you know, it didn't always work that way, but we've made it a really effective product and you see the advantages of doing that as Frank described yesterday, right? He's able to actually create alerts if deals go one way or the other and he can be brought in quite quickly. But so, we're sort of talking about this, we addressed it a little bit off camera, but CRM will hit its limits, you know, it's great for that initial engagement funnel, 30, 60, 90, 120, but then when you want to really start to customize workflows, it starts to get, it's not designed for that, right? Right, well, there's nothing else available at the time, right? And so, you know, I think folks fell into using CRM-based solutions to do customer support and other things only because that was all that existed. It's a little bit how multi-tenant got to be, you know, so pervasive, it was the only thing that really existed. And now that I think that there's a new approach, you know, a service management approach, folks are really going to flock to it. It makes a huge difference. I've lived both worlds. I've lived the CRM approach to doing customer service management and other things, and I've now lived the service management approach and this is way better. So let's back up to the problem statement. You laid it out in your keynote, you talked about our consumer experience versus our work experience. You talked about, I think you threw out some IDC data that there are tens of thousands of applications in some companies and the average age, by the way, of an enterprise app is about 19 years. So we got these stovepipe apps. So lay out the problem statement and let's talk about how you address it. Yeah, so the problem is, you know, in our consumer lives, we typically have a single platform where we can get everything done, right? We can make a hotel reservation, we can make a restaurant reservation, we can buy something, we can do online banking all from one device. It's a very unified experience where things are connected together. It's very simple. Yet in our work life, it's not nearly that way, right? In many cases, we have these applications that have been around for 17 years. They're simply stovepiped standalone and not connected together. We're forever swiveling our chairs from one application to another to get something done. It's very inefficient, very fractured with ServiceNow and we can connect these applications together. They're all sitting on a common platform, but more than that, they're connected with technology like workflow, like connect with things like PA analytics and visual task boards. So now you can create that same kind of experience we're so familiar with in our consumer lives in our work life. So speaking of, it's connect or connected? The little, the chat tool, is that, you call it connect? Connect is, it's actually an integrated chat. It's a Slack-like function, but inside of ServiceNow, right? Correct, yeah. So all of your online collaboration, it kind of goes both ways. Everything that you're doing is now going to be stored in the platform. So if you want to look at it after the fact, it's not in another system, in another place. But more importantly, you can be invited to be involved in conversations based on your skill set, based on things you've been participating in before, based on your interest. You could be drawn into things, as opposed to the way we do it today is, I need help and we blast out an email to a large distribution list and hope somebody will reply. With connect, it's much more efficient, much more targeted to get the people that need to be involved involved right away. So you laid out a couple of options for people. One is you had the guy with the head in the sand said do nothing, it's a strategy. It's not a very good one. Nope. Yeah. The other one was just say no. We've been there and done that. And then you're basically putting forth a common platform with collaboration and workflow capabilities, right? Right, and then we extended that, right? So the first part of our talk, we were talking about everything you can do just natively on the ServiceNow platform and pointing out that it's this connected experience of tying these applications together in a workflow way that really makes the difference. But then we transitioned to a layer above that, right? We talked about connecting multiple platforms together in your infrastructure. So you don't have to be running everything on one cloud because in reality, people don't. They run it on multiple things, but still with ServiceNow, we can connect all of this together, providing a unified experience for your end users. We've been talking to Cube all week about security, very excited about what you guys are doing in that space. It's a real problem for organizations, and we've been doing more work there. I wanted to ask you, well, first of all, what should the conversation be at the board level around security? And sometimes security gets really wonky, but at a high level, what should boards be thinking about in terms of security? What should practitioners, CISOs, CIOs, be communicating to the board about security? Yeah, you know, I don't know. From my point of view, I'll tell you what I want to know. What I want to know is that we are looking really hard for breaches, for threats, for issues. Are we covering the map in terms of making sure that there isn't something that's overlooked because overlooking things is one of the causes of problems. But it's more than that. It's more than just finding an issue that needs to be prosecuted. It's now, do you have the people and the processes to actually run this thing into the end zone, right? We need to do better than just be able to point out that we have an issue. We need to be able to run it to the ground and resolve it and remediate it quickly, and then be able to look back and ask ourselves, how did we do? Can we do better next time? It's a very practical approach, and I think that's what people want to see. It's the response, right? It came up yesterday, too, kind of taking it to the end zone, not just to the two-yard line because they were saying, say you needed to patch whatever the action was, X number of servers, and you do X minus four. Are you making sure, do you have a closed loop? Is it accountable to the very end of the process, not to 98th percent? That's right, I'll just pile on to what you're saying. It's one thing to sort of find a vulnerability on one particular device, but you need to go beyond that. You need to figure out, do I have similar devices like this that are also vulnerable across my entire infrastructure, and our service operations application combined with our ITOM suite can actually do that, because we have the CMDB, we know everything that's in your infrastructure. Well, so the other thing, you talked about threat intelligence, as one of the three areas that you're attacking. Talk more about what that is. Yeah, so there are a lot of folks out there that are specialists in uncovering and communicating it to the rest of the world. These are the things that are going on right now that you need to watch out for. And the way people do it today is they subscribe to these websites or whatnot, and they go and read in them, and then they kind of come back and they talk amongst themselves, do you think we're effective by this? I don't know, let's go look. It's a very ad hoc, kind of informal process, prone to missing things, right? So with our security operations product, we can actually import every line item of threat that these folks produce, and cross-reference it against the CMDB, which stores every device you have in your facility, and it can give you a list of the stuff you need to go prosecute. Incredibly useful and incredibly thorough, much better approach. There's another dynamic if we could stay on security for a moment, and at the financial analyst meeting on Monday, service now put out the number, and I've seen higher numbers, I've been using higher numbers, but on average, an organization that gets penetrated, it takes 205 days to identify that somebody's in there. I've seen much higher numbers, so you guys use a conservative number, maybe, but whatever it is, it's 200, 250, I've seen them sort of all over the place. It's a long time. Yeah. Do you feel like you can help compress that, and you may not want to answer the second part of that question is, what do you guys see internally in your own operations? Yeah, well, you know, a lot of the products we have, this one is no exception, sort of came about through our own pain and agony, right? You know, we were very concerned about security, and we wanted to find a better way, because humans that are sort of reading websites and other kinds of things, and then kind of coming back and doing an ad hoc exploration, and then if they find anything, then getting the right attention on it is all another matter, right? Because typically, security is a different part of the organization than the organization that's actually gonna remediate issues. It just takes time, and it's fraught with miscommunication errors and other kinds of things that could go wrong. By linking all this together, by automating it, you make it much less susceptible to problems, and you're much more thorough, and as a result, we have a lot more confidence that there aren't overlooked areas or overlooked vulnerabilities out there where we're not acting on. So, is it reasonable for us to look at that metric? I mean, I don't know if that metric's like one of those metrics of 70% of projects fail, or we spend 80% of our dollars on maintenance, maybe it's some made up number, but is it a reasonable expectation to look at that, first of all, is the data reliable enough, and can we actually, as an industry, shrink that in your opinion? Yeah, well I think it's safe to say that it's very long. It is too long, right? If a threat is out there, even if it's out in your infrastructure for 20 days, let alone 100 days, that's horrible, right? That's something that we ought to be really worried about. So, absolutely you can, cause we've lived it, right? We're big advocates of this because it's working for us, right? We have brought the security operations team together with the part of the organization that actually affects change. We are now one team, and it's because we're using one product to drive all of this together. They aren't sort of often a separate building behind lock doors, discovering secret stuff, and maybe some of it makes its way out, maybe some of it doesn't. It's a much better solution. Yeah, we really like what you're doing there, cause you're focusing on productivity and the workflow and responding to the problem. We've seen responses to ransomware, which are hardcore brute force, basically mirroring data and disconnecting it, and then connecting it and copying it over at random times during the day. I mean, okay, it's a solution, but wow, talk about brute force, you're approaching it with a much more I think intelligent and viable way. And we aggregate alerts, we aggregate information from others, so this still allows space for the narrowed area experts to come in and detect that kind of stuff, right? There's going to continue to be growth in the industry of discovering threats to our organization because there's going to be an ever-growing number of things that people go after, right? We're not going to be experts at that, but what we do do is aggregate that information and help people relate these threats to the specific devices they have in their infrastructure so that they know what to act on. For example, if my laptop is hacked, that's probably a much more serious issue than if somebody else's laptop is hacked. So we know who owns these devices and we know what they do. We can assign priority to them, marry that with a threat intelligence that's coming in and now we have a real good recipe for figuring out what should we go do first. So Dan, I want to shift gears a little bit to talk about Microsoft. We had Frank on yesterday talked about of all the instances that are spun up for this show, for training, et cetera. Last year was 100% AWS. This year is 50 Azure. You guys made the announcement. Give us a little bit more info on the announcement and why now do you have Azure as an option? Is it just to give customers choice? Kind of what's the story there? Yeah, so we kind of like to work with a lot of folks on these kinds of things specific to the Microsoft announcement. What we are really seeing is people are getting to the point where they want to optimize the cloud that they are choosing, right? In the old days when we first started using cloud for bare metal and things like that, you would deploy and then you would kind of be there for ever, right? It was a big decision because it was a big investment to actually move to a particular cloud. But now people are trying to optimize, right? They're trying to move things around to try to optimize their cost, optimize their performance. It's a much more of a dynamic environment. So in our partnership with Microsoft and others and with our ITOM suite, we're actually working towards making this optimization much, much easier. Well, right, so you got a cloud management play now and inter-clouding we call it sometimes. So you're into that business. Again, people always get confused. It's like, what, work day? Are you competing with work day? Well, no, pardon. And it's similar, people ask, well, are you replacing Docker and Chef? And if you want to orchestrate on service now, you can, but you can also use your existing tooling, right? Right, much like what we were chatting about in security, there's always going to be specialists in various areas. And Puppet and Chef are great folks. They're very good specialists in understanding. I said Docker, right? Yeah, specifics of certain products. Why not leverage them and we interact with them? Right. You're also talking about benchmarking. Yeah. We interesting to benchmark that 205 days, but anyway, we... Maybe we will. All right, excellent, I can't wait to see that. So, why are you in a good position to do that? What are people asking you for and what's the solution? Yeah, so the point there is, we've all wondered over time, how well we are actually doing compared to other companies out there and it's been a very difficult question to answer. I've been doing this for a long time and I've never had a really good answer. Well, now we finally can do that. It turns out we have a big percentage of the population running on service now, right now. So why not take advantage of that, aggregate the data, anonymize it, and then pass it back to individuals so you can see how are you doing on number of incidents created per month. How are you doing on time to resolve? And you can compare that against your peers in the ServiceNow Cloud and see how you're doing. We have a big, big group of folks, over 3,000 customers now running at ServiceNow. We had Jeffrey Moore on theCUBE a couple of weeks ago. We had him on here, I think two years ago. And we'd like to as well talk about systems of record, systems of engagement. He's talking about now systems of intelligence. What is ServiceNow? All three? Well, we're certainly the departmental system of record for IT, right? So this is where the CNDB is core. But what we are also doing is we are becoming the single system of engagement for the entire enterprise. So we provide that unified interface to all the end users of the enterprise. And then we take care of sort of the back end transactions to a workday system or to an SAP system. And what this allows is for us to deliver that same unified experience to our end users that they're so comfortable with in our consumer lives. The point we were making this morning is, people don't want to pull up one phone to call up Uber and another phone to make a hotel reservation. They want to use the same device for everything. And that's what ServiceNow provides is a single system of engagement. I'm just thinking as you talk about the single system of engagement. We've talked to some people in the hallways that they live on ServiceNow all day. That is their work. To contrast that when you have your email open and you open an email, now I got to go do something else, right? Then you go back to your email and you got to go do something else. It's such a different and convoluted. You just think how many tabs you end up opening on your browser, because you're constantly having to go do something else based on actions requested in an email. Very different type of experience. Yeah, email is horribly inefficient, right? Nobody loves email, what I've ever talked to you. Last question, Dan, next 12 months, what are you going to be working on? What should we be watching for? Yeah, well, I think we're going to continue to figure out more ways to connect parts of the enterprise that have to date just not been connected and continuing to sort of suffer from this ad hoc, out of band workflow, because we think we can really make life better for everybody. We really can change the way people work with the ServiceNow applications. Excellent. Dan McGee, The Cube, connecting you to the connected enterprise. Thanks very much for coming on The Cube. Thanks guys, good seeing you again. All right, keep it right there. Everybody will be back with our next guest. Right after this, we're live from Knowledge 16. Every once in a while.