 From Las Vegas, it's theCUBE. Covering Knowledge 16, brought to you by ServiceNow. Here are your hosts, Dave Vellante and Jeff Frick. Welcome back to Knowledge 16 everybody. This is theCUBE. We're live here at the Mandalay Bay Hotel. This is our fourth knowledge. We'll be live to live wall to wall coverage for the next three days. We're halfway through the first day. Mark Toledo is here as the CEO of fruition partners. A CSC company now since last September and Todd Peterson is the director of cybersecurity sales at CSC. Gentlemen, welcome to theCUBE. Thank you. Mark, congratulations. It's been a long ride. 13 years ago, you started fruition. And we were talking off camera. When did you bet on ServiceNow? It was 2008. We actually met them in an RFP selection process. And they blew the doors off. All the other competitors. This is before even Gartner found them or put them on any Magic Quadrant. And we knew at that point, we're like, well, we got to, we got to get to know these guys. They were still 40 people surfing in San Diego at headquarters. And really we just hitched our wagon as strong as we could. And here we are today, which is amazing. Well, it's interesting. When Jeff and I first started to go to these events, we would walk around the solutions, you know, expos, and we said, where's all the big guys? You know, sir, enough. The big guys took notice and Todd, from your standpoint, you know, take us inside the, as much as you can, the sort of decision to acquire fruition. Well, I think if you look at CSE's history as a service integrator and the integration of ITSM and the platform itself and the importance of it, you know, when you look at the market space relative to ServiceNow and how it's capitalizing on the market, now the market's growing and the capabilities of service now continue to grow, the natural marry of CSE and fruition, giving us the instant capability to become the largest provider of integration services relative to ServiceNow. Frankly, again, the success of fruition as well as the success of ServiceNow made it a very, very easy conversation. So, Mark, talk about some of the things we're hearing now. You've seen the evolution more than we have, but we're certainly feeling it, tasting it, seeing it go beyond this little core, tiny little market of ITSM, this legacy kind of old business. Now it's all of a sudden this is vibrant. Frank's describing it as the third estate, bringing together all those pieces, the white space between ERP and CRM. How much of that is sort of PowerPoint vision? How much is actually happening in the real world? No, I think it's very real. I think as customers start to realize, there's a couple of things. One is ServiceNow has become kind of the action platform. There's a lot of micro tools out there, monitoring tools and alerting tools and reporting tools, but none of those tools actually get the work done, the actual action between the two. So we're actually seeing a lot of customers, they have this aha moment, they've been using the platform for years, and as they start to, there's a natural transition we see from IT, typically into HR, maybe into facilities, certain industries, they're branching out faster than others, but I think generally there's this broader adoption of saying, listen, this is, we all do similar things. HR uses it like a service desk. Facilities, they're still tracking assets, but they're not servers, but they might be rooms or buildings. Everyone's starting to have this moment where they're like, aren't we all kind of doing the same work in the same disciplines? And when they look at ServiceNow and say, that's the perfect engine to do this expansion on. So I think that momentum, you're right, the slides have been there for maybe a few years, and I think that the market and the adoption and people's willingness to shift, to do what those slides actually say is happening now. That's the buildup we're seeing. So Todd, it's only been six, seven months since the acquisition. How are you handling the acquisition? How are you integrating into CSC, where you kind of leave it on its own, or you're sort of mashing it through the massive distribution channel? How do you guys approach this? As you can see, fruition is CSC company. We're very much leaving it as it was. You don't want to disrupt success, and the success is there. Keeping the agility and the dynamic nature of fruition and the ability to pivot and shift as ServiceNow themselves, the pivots and shifts is wildly important. You look at their recent developments with the SecOps module inside of ServiceNow, and the capabilities that CSC and fruition have been able to bring to the table. We look at that capability and we say, okay, there's the capability where CSC, our ability to understand security and our history in that area, but most importantly, fruition's ability to leverage their expertise in ServiceNow and their ability to integrate capability by leaving them as a separate entity, just a partner, we can now leverage that capability and enhance our abilities to provide the security functions through their capability of integration into ServiceNow. I want to come back and talk more about security, but before we do, Mark, what's driving the decision-making process today? Is it dissatisfaction with current tooling? Is it the realization that to manage this digital transformation, I have to do a better job at service management? Is it new opportunities outside of IT? I wonder if you could give us the lay of the land. I mean, there's the ease and speed, really. What we're seeing a little bit is there's the application developers of old that are used to building these bespoke applications on .NET, C-Sharp, whatever it was, and then the business is saying, well, I can develop these same applications a third the time with the skills that I already have, with people that understand the business, I don't have to deal with kind of higher-end architecture-type complexities. It's all very simple and straightforward in the tool. There's a lot of times we talk to customers about how fast it'll take to build something, and we're talking in weeks, and they're just shocked that we can build things as fast, and I really think that's where ServiceNow is going to kind of punch through, if you will, is as they start to get the active community, much like other platforms have in the past, they start to realize how much faster they can build. It's the business, I think, that's going to be driving this. IT has been promoting their tool set within IT, I think, when the business realized how fast they can build these applications, and they're robust, and they're worldwide, world accessible, that that's when we're going to see even more acceleration. Well, a lot of that's in support of this whole digital transformation. CSE's actually done some good work around the digital transformation. You've actually written some really good stuff you call it the digital fabric and the like. How are you, we talked before about how you're managing fruition, kind of keep the brand separate, but you've got done some great work that seems like you could really drive some of the innovations that fruition was bringing with ServiceNow through your franchise. Kate, I wonder if you could talk about the digital transformation, how fruition and service now fit into that. Absolutely, so CSE as a company has made a pretty tremendous shift over the past several years, with Mike Lawry coming on as our CEO and really the transformation of our company from that legacy IT outsourcer to cloud based as a service, really driving toward to your point the digital transformation that we're seeing in the market space. The places we played strongly in are quickly becoming a non-existent type of business. So we're leveraging the expertise that we started to bring to the table with companies like ServiceNow and many of our other acquisitions to really change the very nature in which CSE operates to function more as that nimble player. By doing that, we're giving the ability to actually create and migrate our customers from that legacy IT outsourcing which was our core business to this new digital transformed universe, our cloud offerings, big data, things like ServiceNow as a service ITSM. And our abilities and our functions go less towards the IT outsourcing of tradition to really the IT management function or the IT integrator across all of these different cloud as a service platforms to really drive value and to make sure that people could take these powerful technologies and really evolve them and integrate them effectively into their business as their businesses are changing equally. I think that's such a great theme because how can you ask your customers to be involved in digital transformation if in fact you're not doing it yourself both to know what it's all about but also to really show that you believe you're actually doing it yourself as well as helping the customers. It's fine, my mind just keeps saying devops, devops, devops. I mean, it feels kind of like what devops kind of did as a software development methodology is now being applied in really the way you execute the work. And I even think of the boards and stuff I'm thinking in my head, Jira, right? It sounds like kind of a devops way to approach work and then to kick out basically little pieces of software that now you don't have to do the email anymore. Well, that's one of the reasons why we actually first, you mentioned how long we've known ServiceNow back in 2008 when we met them. We were very used to a development cycle, the waterfall development cycle where an ITSM implementation could take eight to nine months and it was a lot of deep thinking and a lot of deep testing and now we've turned them to two week cycles. And that alone, I mean, customers are sitting there rather than thinking about changes and coming back in a month, we just make the changes while we're talking to them. And so I mean this, I mean, fraction, literally a fifth the time is what it took to do. And actually the kind of speaks to a little bit too, you know, what you had mentioned, the bigger players, right, coming in. I think a lot of the bigger players look for those big SAP, those multi-million dollar, multi-year, right, big deals. But what CSC has said is like, listen, the world has shifted. They're shifting towards lighter, more nimble, faster implementations in the days of the 10, you know, five to 10 year projects are over and they're making investments. You know, one of the other acquisitions that UXC out of Australia, so Keystone was another master services partner out of Australia and CSC went off and bought UXC, the entire UXC practice, which included Microsoft and Oracle SAP, but also included Keystone. But they're now leading with those applications and solutions that are fast and they are nimble. And that was one of the real attractions for us to CSC is they were thinking like that. They realized that although there are big players with multi-year contracts, those are shrinking and they have to go towards more nimble solutions because that's the evolution of IT. And the value add too, right? The value add solutions around specific verticals, et cetera, it's not necessarily, you don't want to keep the lights on either if there's more value add that you can provide. Service now is making some noise in cyber, announced some products there, some initiatives. What is cyber now and where does it fit into this whole thing? So it's really the integration of the technology, right? So everyone knows and I think it's pretty common, right? It's been the success model of fruition partners, right? They've made a successful business out of the integration of the service now capabilities into consumers' businesses. What we're doing with the SecOps module is really taking that very same tone, right? If it's not broken, don't fix it. The model works, right? So what we're doing is leveraging CSC's 35 plus years of delivering cybersecurity capabilities to our clients, leveraging the expertise that fruition brings to the table in the integration with service now platforms and really taking the core of what that SecOps module inside of service now does and starting to evolve that into a security operations framework as a whole. What we've realized much like the shift from IT from the old RITO base to the new as a service model is that cybersecurity in and of itself has not done a good job of evolving from a consistency perspective relative to response, right? So first and foremost, we want to evolve that response. But then secondarily, building a framework or a bridge between your IT service management and your cybersecurity is going to help to bring those two pieces closer together, right? And the real challenge that we face from a cybersecurity perspective is there's always been this wedge of cybersecurity over here, IT over here, and the two don't meet. By leveraging the service now platform, bringing all that integration together, the platform will help to unify those two functions and really start to drive the model, which is necessary from a market standpoint, which is securities everybody's business. And without us all being involved, we stand no chance of being successful. So I wonder if we can follow up on some of that. So there seems to be a shift going on amongst organizations and I wonder if we can test this premise with you. Where is the shift is from, we're going to keep the bad guys out, that's what we're going to communicate to the board to one of, it's not if it's when we've been penetrated, it's all about responding to that penetration. First of all, is that premise valid? Are you seeing that in the customer base, that recognition at the board level? Well, in other words, CXO is communicating to the board with more transparency in that regard. Is that happening? Absolutely, I think you're seeing what you're seeing is the shift, right? And the shift is from that of the word security to what it really is, risk management, right? We're doing security risk management. We're making intelligent informed decisions on behalf of organizations and giving them the advice and the information they need to make informed intelligent decisions for their business. You cannot mitigate all risk. If you don't believe me, check the newspaper, right? It's everywhere. The response is the key because the people you don't hear about are the breaches that were resolved within minutes. The ones you do hear about are the ones that went on for years. Is the lack of understanding of the value of data inside of organizations, does that create a problem in terms of, first of all, does that exist? And does it create a problem in terms of companies being allocated the proper response and resources to cyber? What I see is the gap, as actually Todd mentioned, there's the security group and the IT group. We would think, well, it's security, it must be IT, they must be like this. And they're actually extremely far apart. I think security's very aware of the risk and the data and maybe what things are worth on the black market, that information or what the exposure is. But when they need IT to mitigate those gaps, like they can discover and they can find, but they have to go ask IT to distribute those patches and make sure these particular servers, these things aren't exposed. And IT just says, okay, we did it. But security really can't validate that. So one of the things we're doing is bridging that gap, the cyber now offering, like you mentioned, is actually we're using service now, we're tying it much closer to security. So when they identify the breach and they say these are the vulnerabilities, we actually, not only can IT take that work, like I mentioned, the action engine, we can also validate because we have the CMDB. We actually can not just say somebody clicked the button and said, yes, I'm done, or they automated using ITOM to actually go distribute those patches. Security can then test that. They can say, we wanted you to patch 100 servers, you said you did, we found you only did 87. So a false sense of security is now not there anymore. You can actually, it's trust but verify, right? And that's really the fruition with the cyber team within CSC is doing. That's the big solution. Well, and I think too, there's been this sort of failure equals fire mentality that has led a lot of organizations, a lot of security organizations or IT organizations, sandbag the threat. And I think that's shifting. Would you agree with that? Absolutely. I mean, I think the days of being able to effectively ignore the problem are non-existent anymore. As I said, you can look at any newspaper and established which organizations have taken it seriously. And it's not necessarily from, you know, you had a breach. You've seen several organizations where they've had breaches and they've been very successful because they've been able to manage the public perception. They've been able to respond effectively to the incident. It's the companies when they come out and you clearly can tell from their response that they're unprepared. Those are the companies that suffer the worst, right? And the reality is that's the organizational shift that companies have to make is one towards an effective response because the court of public opinion will be far worse for any organization than any regulatory body could ever hope to be. So I think you just nailed it. And in fact, I think that increasingly at the board level, the communications should be about CISOs being able to lead that response. That's all about the response. And it seems like ServiceNow is positioning for that response as opposed to digging deeper moats and wider moats. Well, remember what I said? There's the information and the action. So the information, we see the exposure. We know what the vulnerabilities are, but I have to go act on this information and I have to verify that it was actually done. There's a lot of tools out there that can say, well, I know what's wrong and you hope someone goes and does something. And so that's where ServiceNow is sitting there going, I was assigned these tasks on these servers. I know it was done. I know the exposure there. I've automated what I can, but I can validate that I've actually fixed something. Well, there's also an overload of data. I can't necessarily visualize if somebody's traversing different servers and trying to knock on different doors. It seems like ServiceNow has that right. So I mean, I'm excited. I mean, I think Todd, you just nailed it. And I think ServiceNow is well-positioned in its early days, but it's such an enormous marketplace. I mean, five years ago, I asked Pat Gelsinger in theCUBE, is security a do-over? And he said, yeah, it is a do-over. It feels like this is a do-over. Can you guys affect, so that the stat is, I saw a recent stat that yesterday, 205 days on average, the time it takes to recognize that you've been penetrated. I've seen much higher. I've seen it up over 300 regardless, whatever it is, let's say it's between two and 300. Did you have confidence that you can start to attack that number? Well, let's focus on what the value of this platform is, right? Let's get a couple key facts, right? One, there's a negative unemployment rate in cybersecurity. There are more jobs than there are people, right? Which means the resources that you have are expensive and they're over consumed. So the first thing we need to do from a cybersecurity perspective that ServiceNow is really delivering on is learn from IT. IT has done a fantastic job over the last several years of automating redundant processes. Cybersecurity has done none of that. We have not tried to automate. Our whole focus as an institution has been to consume information and identify threat. What we haven't focused on is that some of that threat over that time has become standard and we can have automated response. So leveraging the ServiceNow platform, we're able to bring that security information in and parse out that information that we know exactly what needs to be done with that threat. There's no longer a need for that highly needed security resource to be focused on that threat. So we can drive that out. By driving that out, what we actually have done now is freed up those resources to focus on the very information that we just finished talking about. If I can take a thousand events and parse out 30% of them, that's 30% more time for your cybersecurity staff to be focused on finding more of those strategic type of attacks that you really need to be worried about. So this is as much about automating out the IT security process and allowing that to give value back to your business in the form of IT security resources. So I absolutely think that the platform and the capabilities that we're talking about here are going to help those organizations be able to drive additional insight into their security data by automating out the noise. So we're consuming the conversation on security here, but it's an interesting topic. How much of that have you guys heard at the event? I mean, it's so many, it's like Fred says, the platform, it can be anything. It can be anything. Well, if you look at the growth, so Frank put up some interesting slides where they are in 2016. I mean, it's in its nasancy. The product came out in January. But we've already engaged probably 20 different customers. We had great sessions here as part of Todd's theater speech. If you look in the next five years, I don't know how big that is in comparison on the chart Frank had. But it looks like it's a booming business right now. And I think, when we at first sat down with Todd and we articulated what service now can do from that action capability. And from what he knows of what's lacking, as he mentioned over the years, cyber hasn't been able to produce in their discipline. And he said, once we combine these two, it's incredible, it's market differentiating. Right now, these tools don't exist. So we're going to market, and we have a ton of great appeal or response that we've had from customers. Yeah, the CIO of Oshkosh, not the closed company, but he was in the financial analysts meeting yesterday. He said that when he presents to the board, one half of the time is spent talking about security, minimum. And so obviously it's on top of people's mind. We're not doing better as an industry. Every year you look back and go, are we more secure? No, because we have more data and more tools, and more devices. So you guys sound encouraged that we're entering a new era of attacking this problem. Excellent. All right, I'll give you guys each the last word. Knowledge, what you're seeing, kind of interesting conversations. Todd, what are you? Well, my interesting conversations, as you can imagine, have been all around the SecOps module and the capabilities there. I mean, the reality is at the end of the day, what we've spoken about just in this session is the tip of the iceberg relative to what the capabilities truly will become. I see a truly automated security operation center with massive amounts of automation throughout the analytics process and the integration of that through the ServiceNow platform. I think to Mark's point, this is a game changer in my mind. And it's really all about helping IT lessons learned be driven into security as we've now become a mature product line in the IT lifecycle, right? When no longer those guys you throw a bunch of money at and hope they go away, we're here to stay, right? We're not going away. So the ability to leverage what we've learned in IT and drive that through security, that message is resonated with everything and everyone I've seen here at Knowledge. And Mark, you've been eating glass for 13 years, right? It's got to be a great feeling for you to be here. You know, a wonderful exit with a company, large company, keeping the name. I mean, congratulations. It's just awesome. Thank you, it's been phenomenal. What's it been like for you this year? Well, you know, this is our eighth knowledge, right? So when I look here and where we were at the beginning, it was a lot of ServiceNow saying, these are the capabilities of the tool. And now in the eighth year, it's customers saying, here's what we've done, right? And it's been a beautiful transition, right? Like I mentioned, people are there seeing it, they're adopting to it. We're helping customers break out of IT and taking service management. I think that's the most compelling thing here. It's the customers telling their stories and the fact that we're able to enable them, create those solutions, it's fantastic. Well, you were early on with that intuition. It's great to see it pay off and CSC, you know, getting in, getting all in. So congratulations to both of you. Thank you. All right, thanks very much for coming to theCUBE. Really wonderful, haven't you? Appreciate the insights. I just lost. All right, keep right there. Everybody, Jeff Frick and I will be back with our next guest right after this short word. This is theCUBE, we're live from Knowledge 16. Service management is...