>> Mine from Las Vegas. It's the cute covering knowledge sixteen brought to you by service. Now carry your host, Dave Alon and Jeff Rick. >> Welcome back to knowledge. Sixteen. Everybody, This is the Cube. Silicon Angles, flagship product. We go out to the events. We extract the signal from the noise Bart Murphy is. Here's the CTO of York Risk Services group. Mark. Good to see again. Good to see you. But thank you for having me. So what's been going on this week? Busy week. What you been doing this week has >> been busy. I've been doing a couple different things. One on the CIA decisions track, you know, collaborated on with those folks and getting some sessions in from service now and then on the partner side. You know, talking to customers, checking out and enjoying the the key notes on seeing what's new on the platform. Very exciting. >> Did you see Secretary Gates last night? We were, unfortunately, >> got pulled out for a call, So I >> think that's the >> one thing I did miss. You >> want to call me on that? One of things, he said, which I want to ask you about a former CEO. See XO now? Hey, said that consensus management don't bother now speaking to watch the CEO's as the CEO, yeah, it's a >> challenge. I think you know, there's there's one component that you have to devise, a strategy that you know a sound, and you have to have some resolve to help sell it. So I see that component of it. But the other is to sell that vision and get other people bought it. So, you know, I think there is a and consensus component from that, certainly from the executive team. And then you have to go sell it to your organization as well. And I think that truly doesn't come from just talking about the vision or the business case. It's from actually delivering the software and delivering the services and doing in an incremental basis that allows them to see and gain value from that, that that's what you build your credibility up on. And I think then that's what helps sell it. >> So you've gone through a few changes personally, your company. So take us through the care works acquisition. Sure, so >> careless family companies was required by your Chris Services Group S O. We're now part of a larger organization and national organization, Although care works itself had a few of the companies that had national footprint, a majority of them were primarily based in Ohio. So strategically great fit a great company. I moved into the corporate CTO roll about Oh, a year, year and a half after the acquisition, and I've been really trying to build out the entire enterprise strategy from a night perspective because they just they had procured a lot of acquired a lot of companies over a two to three year time span. And so we need to really invest a lot of time on what the future state of it is going to look like. >> So it's interesting gone from CEO to CTO. People talk coming to Cuba to talk about the role of the CIA. He'LL talk about all the time, and there'd been someone put forth the notion that the CEO eventually is going to have to choose a path, technical path or business path. You know, maybe both at different times. Do you subscribe to that, or do you see the CEO role is continuing on a CZ? We've known it. Yeah, >> we don't have a separate CIA and CTO I oversee the including operations. To me from a title perspective, I just want to have the organization view that that role is part of innovation. We have a chief innovation officer as well, but from a technology perspective, I think it's very difficult to run operations if you don't have a good grass for the technology in the platform. So regardless of the roller or title that they gave me, I think it's more about what are you managing on? And I don't want to ever be broken up between sort of SETI role that may be more focused on newer technology projects and then a CIA on Lee based on building our run methods. I want to make sure that those organizations are always combined because you're going to build much better software if you also have to support it. We also want to make sure that the automation is in place so that we have our support organization in mind when we actually deploy new platforms, new applications, new systems. >> So you see yourself as a software company. >> You know we do. We're in the wrist services business, so we are, ah, services provider, two carriers to large self insured Teo Large Claims organization. So we see ourselves. A lot of what we do is differentiated by our technology. Whether that's, you know, better business process, outsourcing functions or ability to do Bill review faster, more accurately. So our CEO definitely sees us as a technology company, and that's why there's a lot of investment in time being put into sort of build out what that future state of it is going to look like. >> What what do you do with service now? These days? How did the acquisition affect that and where you had it? >> Well, so we just went live with Yorker Services Group on service now is Platform on Geneva, and that's actually a separate production instance that we have with care work. So we deployed the care works instance in early two thousand eleven, late two thousand ten in that time frame, and there were, you know, there's a ton of customization a lot, you know, very solid platform for that family of companies with the York. There's a much larger scope that we wanted to address so very lucky again to be in that situation because I had an opportunity to start a redo and any time that you worked on a platform and you do it for a few years and then you get a chance to actually build again. So we really took more of an enterprise. I till out of the box type of approach s O that it could be flexible enough to manage across the entire enterprise, including all the acquired companies that we plan to pull onto the platform. And then that gives us time to figure out what was really the best out of our other platform that we want to, you know, retrofit back in. But the main reason I did that is to make sure that we could get some benefit out of the platform now and work and migrate into the business. Shared services functions within York that I think we're going to benefit very, very much from the new platform. >> So you've got a mulligan of sorts a little bit. >> Yeah, I got lucky on that on a little bit of the mulligan. And, you know, again, it's all about trying to make sure that we can come in and we just went live. You know, we're gonna have our challenges, like with any organizational change management solution, even just on the same side. But the cadence in which we're putting out releases to actually improve and bring on other shared services functions, I think, is where we will gain the majority of buying. >> So this notion here talked about a lot of this conference. The single cmd b yeah, is that something that you're able to achieve or working toward? Are you there? And absolutely, it's the goal. >> I mean, I don't know if you ever achieve it. I think it does take a lot of time. So the goal is to have everything in one platform for all of our companies across the board and to help facilitate automation, whether it's with GRC with the new security product that's coming out, which is, you know, something we're looking to get deployed in. Q three Q. Three Q For hopefully sooner rather than later. I just see there's a bunch of play on the automation orchestration side as it relates to tying in and tying an audit. Tien and Security on then also looking at business shared services and you know that's a whole different world of figuring out how can we help them? And we have ah operations service and are actually part of our next release. So I'll be very interested to see. You know, they do a lot of things manually like everybody does. He'LL be very keen to see how they see the platform and what they're going to come up with us, a strategy long term for them. >> So are you mentioned a couple times that York's made a number of acquisitions your company included, and don't give twenty four looking statements? Obviously, they're going to keep rolling up more things. But if you could speak to using service now as a vehicle to better integrate acquisitions, yeah, because for a lot of companies, that's a strategy. >> Yes, so and I actually have a strategy around that leveraging the platform is one of the main reasons that want to get it in now so that it could eventually build that. My whole goal there is the Leverage Performance Analytics on the way that I envisioned. Using that is, in many of the companies that we acquire, they will operate still, stand alone from a night perspective for some period of time. You know, whether that's six months, three months, two years until we can fully integrate him, whether it's network, you know, systems consolidation you name it. It takes a long time. It's not something that we have solved. So part of it is to be able to do modeling using Performance Analytics by pulling in the data so I can get them now onto this cloud platform because they don't need to be on network. I can have them operating their work within that platform for a period of a baseline period of time. And I could start to model that using Performance Analytics to say, How would that impact our enterprise? That's allies. Does it help our enterprise? That's always. Does it degrade our enterprise? That's the lace. Are they staffed appropriately to actually meet our enterprise? That's the lace and what our enterprises slaves. Once we start collecting all this data based on how we're staffed and how we're going to, you know, fund that transaction. So, >> Bart, if I understood it correctly, you have the dual role CEO slash CTO. Okay, is that there's the CSO report into you are he does. I saw Also he >> does. And so and that's ah, new rule that we established about a little less than a year ago. There was ah VP of corporate security. But we didn't have a chief information security officer s. So I we're not got a very season, see so and working not only as an internal what we do internally. Also within our tech company as well. We started cybersecurity practice. So everything we do, we try to make sure that we can actually support our technology investments from an enterprise perspective and be able to self serve ourselves as an enterprise. So very excited about that. That's why we're getting to the security components and some other products that we think will integrate extremely well into service. Now >> let's talk about that a little bit. I want to put forth the premise. You tell me, feel free to tell me the premise doesn't hold water. But it seems to us that there's been a shift in thinking about security from we'LL focus on you know, defense, defense, defense to one of you know we're going to get infiltrated. It's all about how we respond and I as the sea xo Whatever. See so CEO Seo, I can help lead that response. It's mechanism, but it's a team sport. Is that a valid premise? >> I think it's valid. I think you know, I think it's a little it is driving some change v f ear. But, you know, I think that, you know, is certainly from an external perspective can protect yourself pretty well. You know, a lot of the breaches were actually curve, and some of the cases were internal or through third party partners. So I think there's been a lot of additional due diligence being put on organization, especially as a service organization. We work with a lot of large insurance carriers as an example. So we are getting hit with a lot more requests and a lot more sort of assessments on what our controls are in that space. So we need to be mature, and that's based no matter what, since again, we're providing services to clients in this space, and we're collecting a good amount of claim data and bill data and medical data. So I'm not as going out staying okay, just when it's gonna happen and how we handle breach. If that's the case, I'm trying to figure out what are the ways that we can proactively manage our environment and be able to respond in a much faster fashion to isolate an issue as quickly as possible, which is why I'm really excited about the automation and security component within service now because properly integrated with similar tools that we have. There's a lot that the system conduce that a human can't get too fast enough that will actually shut down to manage that risk extremely well. >> Do you believe that the board level? There's sort of open and transparent communication that that it's not about If Wade get infiltrated, its we have been infiltrated and we will continue to be infiltrated. That discussion occur. >> I think, yeah, the board level. They're certainly more aware, and not just from their participation in our board for the companies that they run themselves, because many of these folks come from companies that their run themselves. So I think there's certainly an awareness I think they're demanding and wanting to have more concrete plans on what your corporate security strategy is going to be. So we've produced a three year plan on what that is and presented that our committee and are starting to communicate that all the way up, you know, through our CEO. So I think there's more awareness I I think that for whatever reason, people think that it hasn't been working on this for some time, but they have S o. You know, there's a lot of good things that we've already done and already put in place that people just need to be made aware of it and get up to speed if you will. And then there's. Here's what we're doing to invest in trying to stop future things or to be more proactive or tow, have better control. Is better auto practices this type of >> what's the right regime for a cyber security? In other words, who should be responsible for should be a single tech group? We Should it be a wider group. What responsibility? >> And no, it's it's it's It's by committee. So our committee included, you know, our general counsel, our CEO, our chief human resource officer, our CEO. So it it's a joint effort. Certainly there's a large component of it because many of it is about your defenses in your ability to manage and maintain and keep your data secure. But security is a company wide initiative. You know everything from training all the way down the associate level to not, you know, click on bad email links, right that no matter what you do and what type of in a virus you have and you're still going to get some of those fishing emails and some of those ransomware emails in those type of components. So there's a whole education put component that goes all the way down to the associate level. If that's not understood by the management over those groups, then you know how is it going to actually be distilled down and supported? So it's a complete company effort when it comes to corporate security. >> And how about >> the business lines? Because our research shows that a lot of organizations don't you don't even have the specifically answer for your organization. Just in your experience is the CEO and the CEO. If it seems as though a lot of businesses don't understand the value of their data or the value of their I p, and as a result, don't really know how to protect it, is that something that is challenging for organism >> Asians? I think it is least when I've talked to other clients potentially, I think less today than it was even five years ago. We certainly know the value of our data. I mean, there's been too many breaches in the large breaches in the past three years to not be aware. I have had that question asked ofyou on, even for a business perspective, understand the exposure. So you know they what is that? Hundred fifty hundred twenty five dollars per claim? Potentially on the data side. So people even put metrics around. It's you, Khun. Quickly go through and established what you think your overall exposure is from a dollar perspective and that starts toe. You know, open eyes when you have millions of claims, are even more millions of bills. >> And that's your business. So you would think you have a better understanding everything most. But so for those who don't how should they go about achieving that knowledge? That awareness, >> They should find someone that, you know, maybe some type of trusted advisor. You know, whether they need to hire a consulting company whether they need to go and just converse with another AA group like a CEO group and ask Hey, have you guys done this before? There's a ton of collaboration at that level where people are asking, Hey, how did you guys come up with your security road map on What did that >> look like? Because Because the value then drives your investment decisions, right, because that's the other thing is kind of like insurance. When is enough enough, You could always been Mohr, but at some point you're gonna have diminishing returns relative to the value. But you've gotta have a basis to set a budget. So I would imagine the value of the data, the value of the risk, whether its >> value brand right, so outside of the hard costs of potentially, you know, getting credit rating or those type of components. You know, there's there's the brand discussion, and I think that's somewhat invaluable. So, you know, budgets are just over. Go spend what you want, but there's certainly a lot of awareness that money needs to be spent that area. It needs to be spent wisely, but there hasn't been an issue as to either one. We're coming up with wild budgets for security but explaining what we're doing and why, and how cost effectively we're doing. It has been very well >> in thinking about how you communicate to the board Yeah, about cyber security. What would be the top two or three things that you would recommend that a C XO should have on his or her checklist? >> One is, you know, understanding all your end point, so understanding everything that's in your network. And it's an easy to say, but it's a very hard thing to do, especially when you have external facing applications. And you have a lot of different networks, so understanding your scope of devices and understand. You know, that way you could understand, to start to collect and fill up that C M G B and understand. Okay, if I have a patch that wasn't applied, how many devices were impacted? You know, how quickly can I get those remediated s so that you know, I think understanding the technical scope of your organization is important because it's very difficult to understand your risks, you know, rating if you will. If you don't understand the tools you have in place and where your potential holes maybe, ah, and then understanding you know your core data. So you know what is in your data that would potentially create a potential risk, even a financial risk? Certainly we go through all the insurance process, right? And even insurance now for cyber liability insurance. You know, the forms for five years ago were much different than the forms that are being filled out today. Much different. A lot more detail, a lot more drill down. So even just going through that process alone drives you to actually go and collect all this information that I'm talking about today, you know, so understanding your internal environment in understanding you know, those endpoints understanding the scope of your data management. And then I think it's around developing a sound strategy that is not just short term but short term and long term, with investments not just in tools, but also processes training those components. >> Did you look a tte security and responding to security is part of, ah, business continuity, as opposed to sort of a bespoke initiative. It is, There's business >> continuity and d are both have components of security, but it is truly what a way to ensure that you're you stay in business, right, and and And if people don't view it that way, then there's a lot of organizations that have been either crippled, not necessary put out of business but impacted extremely large. You know, financial impact with unmanaged breaches that actually went on way too long, right? And they weren't able to detect it, you know? So I think that there's a component there where you have to really think about what's the scope of the work, what the scope of the risk and how much do we need to invest? >> And you see service now. And I'm spending so much time in security this week because I'm excited about what I saw on Monday at the financial analyst meeting and who, talking to folks about this very important topic, you see, service now is playing a role in solving this problem. >> I do because we're a big user of GRC. So we already went down the audit route with service now years ago s Oh, this is just another extension I see of not just audit controls but being more proactive on the security side. And so, since all of our information is in this platform anyhow, we have a ton of opportunity toe automate and manage a lot of the things that again could have potentially gone unnoticed for a period of time simply because a manpower or logs if you ever had a review logs from some of these devices. I mean, trying to find the needle in the haystack is very difficult. So tools are extremely important in this space. Humans cannot meet this challenge alone at all. >> You just make a tad cloud. You wish, right? Awesome. Bart, this is I'LL give you the last word so that your impressions on knowledge sixteen. >> I'm excited, You know, the way it's grown again The way that they're really being purposeful about how they're building out their platform and truly trying to solve the enterprise problems to me is just it shows a very strategic, well thought out plan by service now. And as customers, you know and partners, you know, that's that's what you want to see from a company. So for me, I'm just very pleased where the platforms going. It's exciting how much they've grown. But the way that they've been able to invest in the right things, I feel and truly integrate things into the platform, even acquisitions that they had on and truly make it part of the platform versus and add on, I think, is really differentiating them from a lot of products that have grown in a similar matter but become unwieldy to manage because they're just pieced together. So I'm very, very excited, >> Fantastic. The cube securing knowledge for our audience that Bart, you have full of a lot of knowledge and really appreciate you coming on the Cuban and sharing. >> Yeah, appreciate it. Nice seeing you guys. >> All right, Keep it right there, everybody. We'LL be back with our next guests right after this. We're live knowledge. Sixteen from the Mandalay Bay Hotel in Las Vegas, right back. >> Every once in a while.

live from Las Vegas it's the cute covering knowledge 60 brought to you by service now here your host dave vellante and Jeff Frick I very welcome to service now knowledge this is knowledge 16 know hashtag no 16 we're here in Las Vegas the Mandalay Bay Hotel Jeff feels like our second home with his cube season and conference season this is day one actually of our coverage really day two of the conference it kicked off yesterday with a lot of the technical sessions but the keynotes started today in the General Sessions we heard Frank's luqman laying out the vision of service now yesterday I happen to sit in the financial analyst meeting this is a billion dollar company baster passed a billion dollars last year grew in excess of sixty percent they're on track in my view to do a billion and a half this year service now is laid out of vision by 2020 of it being a four billion dollar company so Jeff we've been covering service now since the early days when they're a relatively small company with large ambitions and they've been executing nearly flawlessly on the vision that they set out and they continue to expand that vision expand the total available market bring out new products bring on acquisitions but the real story of service now is around the customers the core customers would sleep and calls our peeps the the IT folks within the you know the heart of IT bringing service management discipline not only 2i t but throughout the organization the other big vector of of stories at any knowledge conference of course is the founder Fred ludie and his core team the team of innovators we're in Iquitos today I swear Fred ludie was coding on his laptop he loves to code the guy's a programmer by heart but you're seeing things like elegant design we saw the announcement of a of a service now SmartWatch today a wearable device basically an enterprise you know system to predict to be informed to take your favorite KPIs and bring them right to your wrist so Jeff it's kind of more the same just bigger and badder this year they just keep clipping along right just like he said it's an execution game I talked to Chris Pope a little bit in the hallways this morning during breakfast and he said kind of what's the magic and it did it just get stuff done right people can just get their job done using service now and and as you said Frank loves to talk about the IT pros as their peeps but he made an interesting comment in the keynote that there's a lot more IT functioned discipline execution outside of the core I team structure so that obviously both really well for for service now but again we've like I said they've this our fourth year here run into the same customers every year the passion keeps growing and then you know the other thing I think it's interesting looking at the little service providers that are no longer little service providers Cloud Sherpas and fruition partners both now part of accenture and CSC so when you see the big Ian wise here service integrators they don't make a play unless they see a really big opportunity yeah they like to eat from the trough as it was as it were and so the trough is getting larger but I remember Jeff the first service now knowledge we went to knowledge 13 which was here in Vegas the smaller hotels any rate the area and we walked the floor that time and we were sort of asking ourselves well where is Accenture you know where are the big sis and we saw a cloud Sherpa syrup risen from companies like fruition who had a big presence there both of those companies were required Accenture acquired cloud sherpas of CSC acquired fruition the other thing I want to point out for those unit may not be is familiar with service now the company started with this sort of help desk you know mentality really try to automate and improve on help desk Frank's lubin said years ago he said at one of these conferences desk is a four-letter word and he got some booze because people hanging on to their help desk but it started with a relatively sort of legacy attacking a legacy business you know back then Gartner group was talking about how this is you know the the end of that business it's kind of going to go away and you know sloop Minh came in and really was the right guy for the job helped energize you know the vision that was set forth in the early days by Fred ludie but what you've seen consistently is the company has expanded its total available market going from you no problem man management change management help desk etc expanding that out into IT Service Management IT operations management now bringing service management across other parts of the enterprise what service now laid out today in the general session was essentially you had the the first software estate was ERP and that was brought to fore by the likes of Oracle and and of course s AP and then the next greatest state were skipping over some estates were sort of fast forwarding to you know the open systems world but the second greatest date was really that brought on by CRM and and one by Salesforce and what you're seeing service now is positioning is service management across the enterprise for everything in between back office operations and the sales and customer engagement like facilities HR but touching upon sales and marketing and some of the back office stuff so they are laying out a vision of the third greatest state which is service now everything is a service enterprise services service management where I t is the backbone of all of those operations in Jeff we're seeing that I mean I T we've talked for years IT touches every part of the organization but increasingly companies are becoming cloud ified and sassa fide across the enterprise and that's really a tailwind for service now it's the theme we talked about over and over every company has to be an IT company just what services or products to they wrap their IT around so important for a competitive advantage if i go back to abe to the our day at the Aria a couple days with Aria and I rewatched our interview with with Fred our day to interview we did a couple with them and he talks about the story of this platform vision that he had from day one and talking about the to the initial investors they said well was it do well does everything what do you want to do and really you know kind of a classic platform application play were then he you know built the application around a very specific use case and go to market and now you're seeing that vision that he had back then as the platform capabilities expand to do so much more and the other thing I remember from that that interview with him was talking about the copy room all the papers the different color papers in the copy room I need a vacation I need a new laptop I need to do this thing and really enabling everyone to build those little processes that were all encumbered by over and over again using this platform yeah so I remember again going back to the early days we had walked the floor in the early knowledge 13 days and said wow look at all these companies in the ecosystem watch that's the key to this is watching the ecosystem grow and specifically trying to understand which those companies in the ecosystem service now is going to require remember we had asked Fred about acquisitions and do they have to fit in do they have to be already running on the ServiceNow platform and he said well that's kind of interesting and what we've seen now is Andy related answer the question back then but what we seen because you didn't want to show his cards what we've seen is when service now makes an acquisition like they did with with with I tap and some others they brought in service watch with another company they purchased the GRC capability they completely replat form the company the software into service now same UX using the CMDB the the the CMDB using the same user interface everything is the same experience that's it that's huge now I want to dig into that a little bit and see how much how the service now do that so quickly I mean because basically it's taken out a year to replat form these maybe nine months 12 months 14 months but it's not the the nine years that we see with for instance oracle fusion which is sort of everything rewritten in java so it's gonna be really interesting to see that what else Jeff should we be looking for the other piece of that I picked up from Frank in the keynote was really kind of the different engagement models he specifically contrasted CRM versus the service management approach and you know you take care of the problem he keeps going back to the I fallen and I can't get up use case over and over so I'm not that it's kind of funny but but he takes it to the next level within a service management which is to do the analysis and to do the root cause analysis so that you don't have this thing's repeating over and over so it's a very different way to kind of approach customer engagement i look forward to kind of digging a little bit deeper with Frank on that great all right keep right there everybody we got wall-to-wall coverage three days of coverage from knowledge 16 check out well the hashtag is no 16 check out crowd chat / no 16 we've got burnt Lattimore documenting the cube interviews in there keep right the everybody will be right back after this brief word it's always fun to come back to the cube because