Syncing with ServiceNow: ServiceNow: A Leader in Gartner® Magic Quadrant™ for IT Risk Management for Second Year

Show Notes

ServiceNow is proud to be named a Leader, for the second consecutive year, in the Gartner 2021 Magic Quadrant for IT Risk Management (ITRM).1 We’re especially pleased that our ability to execute has been recognized with the highest rating of all vendors evaluated.

Gartner also named ServiceNow a Leader in the August 2021 IT Vendor Risk Management Tools. Together, we believe these recognitions validate our leadership in helping businesses successfully navigate a challenging landscape, build resilience, and manage risk.

Host: Andy Whiteside
Co-host: Rebecca Whitten

Transcript

WEBVTT

1
00:00:02.240 --> 00:00:13.859
Andy Whiteside: Hello, everyone! Welcome to Episode 20 of syncing with service. Now I'm your host, Andy White. So I've got a very special return guest Becky written on with me with. And why did that screw up again?

2
00:00:13.910 --> 00:00:20.970
Andy Whiteside: No, I've got it in my head. It's like I know. I know I can't get it right. So hey, Becky, how are you?

3
00:00:21.020 --> 00:00:22.399a
Becky Whiten: Great? How are you?
a
4
00:00:22.580 --> 00:00:43.460
Andy Whiteside: I'm I'm gonna share a little something. Here. You were telling me your your mom's been blown up your phone all day special day for her. You could say what it is or not, and and you've got her anniversary, her wedding anniversary, and she wants to buy something for your dad or husband. I don't know. Awesome. No, that's so sweet. How how old is your mom?

5
00:00:43.770 --> 00:00:47.120
Becky Whiten: I, my mom is 73.

6
00:00:47.190 --> 00:00:58.110
Andy Whiteside: That makes it easy. I got married in 2,000, that's all. Well, that's one of the reasons why I can remember next day and

7
00:00:58.280 --> 00:01:04.210
Andy Whiteside: in 2,000. So I remember it. No problem. Also because I'm very proud of the day. That's

8
00:01:04.489 --> 00:01:17.579
Andy Whiteside: so. I ask you to bring a blog from the service. Now, block site to discuss today, and the one you brought is a service now named a leader in the Gartner Magic Quadrant for it. Vendor risk management tools. Why did you pick this one?

9
00:01:18.190 --> 00:01:32.930
Becky Whiten: Because we've had quite a few customers lately wanting to see demonstrations of vendor risk management and trying to understand why they might need it and so forth. A lot of times they're having to

10
00:01:33.410 --> 00:01:48.379
Becky Whiten: send offenders and and find out different things. They're more siloed and maybe not across the board, being able to see all of that data. They're working in spreadsheets and having to manage it that particular way.

11
00:01:48.550 --> 00:01:55.359
Becky Whiten: and service now has the vendor risk management out there. So it does allow for

12
00:01:55.430 --> 00:02:22.789
Becky Whiten: The this is gonna to the users to be able to go in and assign a vendor and an assessment. do a tearing onto them can look to see whether or not they have either third parties that they're bringing into their environment as well, and be able to send them different assessments based upon that and it brings about and can schedule or or

13
00:02:22.790 --> 00:02:49.190
Becky Whiten: calculate the risk of that. There's a portal that is available for those vendors to be able to go out and answer those questions there's follow up. If the vendors Sometimes those vendors are not very good at answering those and getting back to them timely. There's kpis onto all of that. And What's really nice is the vendor has the ability on the portal to be able to add their contact.

14
00:02:49.190 --> 00:03:01.080
Becky Whiten: And if there's questions that the main person does not necessarily know. They can assign questions in that questionnaire to others, into their

15
00:03:01.260 --> 00:03:11.999
Becky Whiten: environment, to be able to answer that So it really does help streamline that, and help to look at all the different risks that might be there. And and

16
00:03:12.200 --> 00:03:26.079
Becky Whiten: you know it. It kind of works in conjecture with the Prc. Piece of it. so, knowing that you have that risk with that vendor out there, and the vendor has to correct it. and keeping track of that.

17
00:03:26.300 --> 00:03:46.159
Andy Whiteside: So let me let me walk through the blog with you, just to make sure we don't miss anything. A couple of things I want to highlight. So first of all, we've got this magic gardener, magic magic and service now on the vendor risk ended up somewhere in the upper right hand. Quadrant. Talk about the talk about service now, and what makes them different from the the players that are up there with them.

18
00:03:48.650 --> 00:04:12.860
Becky Whiten: So The nice thing about it is that service now has a way for the vendors to be able to go into a portal to be able to track all of that. Not all of these have all, all of those different features, and a lot of times. If they do then. Somebody within service now is having to add contacts and

19
00:04:12.860 --> 00:04:35.630
add users to be able to get in and out and maintain all of that, and it gets cumbersome. this tool allows them to invite people from their company to be able to answer those assessments and so forth, which is really nice. It also has several different plugins where you can do a sick or sig light and send that out as well.

20
00:04:35.630 --> 00:04:46.140
so it has a lot of different features. You can create your own assessments that some of the other ones might not have. that flexibility. You can have your own questions. You can

21
00:04:46.140 --> 00:04:58.529
Becky Whiten: allow different drop downs or different values to be selected. and then it stores that information. So you've got it from now on, and then, let's say, next year you wanted to do a different assessment.

22
00:04:58.530 --> 00:05:23.390
Andy Whiteside: for those users. It'll store that some of these other ones. It does not do all of those features. How about if I were to say the other people and the magic Quadrant here the upper right hand column, the whole quadrant, to be honest with the whole thing. But most of these, if not all of these, are a product specific for vendor risk management, whereas now is a is a module for the workflow of indoor. It's mismanagement, but it it's a bigger overall platform

23
00:05:23.550 --> 00:05:46.170
Andy Whiteside: for many, many more things. It's not a one like he's got their one trick ponies ish, whereas the platform has a module just for this. That is correct, that is correct, and then you can see all of your different vendors across the board. for what you have. So that is, that is a great statement. You can also take the knowledge you gain as part of this and spread it across other departments. If and when it's needed, which at some point it's going to be needed.

24
00:05:46.310 --> 00:06:00.320
Becky Whiten: That is correct versus, you know, just being in a silo. And no, I were just checking the vendors, not necessarily opening that up to all of those different departments and business areas that need to see what's happening.

25
00:06:00.350 --> 00:06:27.130
Andy Whiteside: Alright. So I want to go to paragraph 2 here. I love this one. I'm going to read it, and then we'll jump into what it says today. More than ever. Third parties are key partners in business success enterprises. I'm going to come back to that word. A minute enterprises continue to increase reliance on third party vendors to help accelerate innovation, digital transformation and growth but this greater reliance on third parties exposes organizations to higher risk, so that a third parties risk

26
00:06:27.220 --> 00:06:57.090
Andy Whiteside: and compliance posture becomes more important than ever to your own risk, posture and reliance and reputation. Kind of like that family thing that we're cut off about. Not that yours is an example of this, it might be might not be. But but your siblings, problems, whether you like it or not, are going to be your problems at some, so you only get so far separated from those things that are truly part of your part of your internal space, and those third-party vendors are part of. Let me let me hit the word enterprise. I got my screen. I'm sharing the screen with you. But

27
00:06:57.250 --> 00:06:59.010
Andy Whiteside: The word enterprises. I

28
00:06:59.020 --> 00:07:14.179
Andy Whiteside: I I want to argue this word real quick, because this isn't for enterprise. this is for enterprise, commercial mid market, even SMS. This statements being made in the second part The second paragraph applies to businesses of all shapes and sizes. What do you think

29
00:07:14.720 --> 00:07:44.470
Becky Whiten: I believe so too. That is correct. And just as you mentioned about all these different third parties, service now added a feature for those third parties, there can be different assessments. There's also subsidiaries. So you may have a really large company that has different subsidiaries of it, so that hierarchy, as we're talking it kind of rolls up to the top, so they might have been a lower level. But because they provide this product or relate to this, then, and this is a higher

30
00:07:44.470 --> 00:08:12.110
Andy Whiteside: level risk of being brought into your environment. It rolls up to the top. So whenever you see that vendor, it looks you. You now have that. So? it's really great to be able to determine those and also be able to do different assessments for each layer. Yeah, I love that you pointed out that whatever the risk is where it is along the way it it it definitely rolls downhill to every part of the organization, and when it comes to having to deal with the fallout it probably goes both ways up in. Now.

31
00:08:12.160 --> 00:08:20.260
Becky Whiten: alright. So what we're talking about here today is the vendor risk management. Do I call that a module, a workflow? What is that?

32
00:08:20.290 --> 00:08:33.019
Andy Whiteside: Okay, module? And then it highlights 4 bullets. Here. The first one is the integration between service, now product with all of their information in all of it all, essentially in one place, in other words, Platform.

33
00:08:33.610 --> 00:08:34.460
Becky Whiten: that's correct.

34
00:08:35.090 --> 00:08:38.700
Andy Whiteside: Any anything to add about that particular bullet besides that?

35
00:08:38.740 --> 00:08:58.820
Andy Whiteside:  yep, the next bullet says industry, specific, regulatory content. So does that mean if I'm a retail, or I'm a hospital when it comes to vendor risk management. There's things tailored within the module that align with what I need versus the other guy

36
00:08:59.010 --> 00:09:23.979
Becky Whiten: that is correct, so they can be categorized or tier, and then different assessments can go out to you, if you're, you know, retail or your banking, or it's financial, or whatever that it is. There can be you know, an it assessment does not be broken out, and then they can say how often that they ran so, whether or not they go out, you know, quarterly or twice a year, or once a year. All that can be automated

37
00:09:24.680 --> 00:09:35.070
Andy Whiteside: that I love that conversation with a lot of people that say I'm this, they're that we're different. And the truth is 80 to 90 is the same. But that's 10%. That they really are different is very applicable to their needs.

38
00:09:35.160 --> 00:09:36.340
Becky Whiten: That's correct.

39
00:09:36.690 --> 00:09:42.149
Andy Whiteside: an export is a global network of sales and support centers. What does that mean?

40
00:09:44.240 --> 00:09:47.679
Becky Whiten: Well, I would assume that

41
00:09:47.980 --> 00:10:03.380
Becky Whiten: across the board with vendors. There are vendors that are a you know, everywhere, so they may be in the United States. They may be globally that you're connecting with. Maybe there's some type of a product or something that you're bringing in

42
00:10:03.620 --> 00:10:16.330
Becky Whiten: to your environment. They could be elsewhere. There could be different types of regulatory things based upon that. So that's really where it's saying that it's more of a global network.

43
00:10:16.330 --> 00:10:40.239
Andy Whiteside: So I love that discussion because, you know, service now is a platform in the cloud. I don't know about all the other products that are over here in the Magic Quadrant off writing quarter. But I know some of them probably aren't truly cloud native cloud born in the Cloud service now is going to help us with this vendor management across every part of the organization, including that India or Chinese office or Chinese subsidiary that needs to have this, too.

44
00:10:40.550 --> 00:10:41.689
Becky Whiten: That is correct.

45
00:10:41.780 --> 00:10:51.210
Andy Whiteside: Yeah, all right, let me get back down to here. I've made the text so big. Now look at that pricing, inclusive of maintenance, hosting and licensing, with no additional cost. What does that mean?

46
00:10:51.540 --> 00:10:55.350
Becky Whiten: So the way that service, now

47
00:10:55.520 --> 00:11:08.210
Becky Whiten: licenses. The vendor risk is that it is up about the vendors that you have in the system. And so it doesn't matter if you have 20 different

48
00:11:08.230 --> 00:11:16.239
Becky Whiten:  contact users to be able to access the portal. It is one vendor, and you know.

49
00:11:16.690 --> 00:11:36.289
Becky Whiten: based upon how many vendors that you might have but you can have a lot more users into the application to be able to respond to these assessments and so forth. But there's no additional cost. for that it is all included. but it is based upon the vendors.

50
00:11:37.130 --> 00:11:38.570
Andy Whiteside: Yeah. Awesome.

51
00:11:39.210 --> 00:11:45.720
Andy Whiteside: all right. This next section did. Did you integrate seamlessly with other risk products

52
00:11:46.360 --> 00:11:50.819
Andy Whiteside: on the now platform. I think I probably said the work platform 10 times in this, podcast

53
00:11:50.990 --> 00:11:54.800
Andy Whiteside: I think that's extremely valuable, because

54
00:11:54.940 --> 00:12:03.809
Andy Whiteside: what you get in this vendor procurement system or this vendor system of management. it's got to be able to get to other places, and it's got to be able to get there easily.

55
00:12:04.450 --> 00:12:06.030
Andy Whiteside: How do you see that?

56
00:12:06.050 --> 00:12:14.200
Becky Whiten: So this is a great example. So let's say that offender has an application, and maybe

57
00:12:14.420 --> 00:12:31.279
Becky Whiten: we have a policy where the passwords need to be 12 characters, and there's still 8, or are not very complex. so we can go out. Find out that information. we can bring that into the Grc or the Iom

58
00:12:31.280 --> 00:12:54.819
Becky Whiten: application now. And so then we know it's a risk, so we can move that as a risk. we can monitor it. We can go back to them, give them an issue and have them to address it. we can track all that information, find out when they do do their updates throughout their port company to make sure that the password is now characters, or complex, or whatever that it is.

59
00:12:54.820 --> 00:13:13.830
Becky Whiten: But the nice thing about it is, it does allow us to put it into grc, or iron, I believe, is now what search now is calling it, and we can market as a risk. We know it's a risk. We know it's out there. And so by knowing what we have in our environment gives us a lot more.

60
00:13:13.920 --> 00:13:42.779
Becky Whiten: you know, I site into everything that we have, and again we would market. It would be addressed. We would be following up with them to find out when they would be correcting those issues. It would be at least our option at that point to the business to determine whether or not we were going to continue, or if we needed to do something else based upon the vendor response onto making that change.

61
00:13:43.240 --> 00:13:55.439
Andy Whiteside: So Becky, the last paragraph, talks about the, you know, proud to be recognized by Gartner and independent supply reviewer of suppliers of technologies like this. What What is if I'm a customer?

62
00:13:55.530 --> 00:14:05.580
Andy Whiteside: Why does the vendor risk management solution from service now recognized by Gartner as a leader. Why does that matter to me?

63
00:14:06.750 --> 00:14:23.339
Becky Whiten: Well, Gartner is a leader, and so a lot of different companies look to determine where your product might or your company might be on to based upon what type of a a tool or what you

64
00:14:23.660 --> 00:14:34.550
Becky Whiten: checking on to it. It it seems to be more of the standard nowadays that you know. Companies do look for to be able to see where you're rated.

65
00:14:34.740 --> 00:14:49.489
Andy Whiteside: Yeah, I mean. So if Carter says you're good, you're probably good. Someone, you if you pick somebody who's not in the right hand quadrant with partner you, you you better have a really good reason. Cause if it goes wrong, somebody's gonna ask you why.

66
00:14:49.530 --> 00:15:11.139
Andy Whiteside: Yeah, hey, Becky, thanks for joining me on Friday, I know. I know I had to schedule a Monday. I think I was doing some. I don't remember, but thank you very much for doing this, taking your Friday. Go go pick up your mom and take her to get her hair done. Maybe she's getting there and makes you get a hair set. I didn't think about that, but there goes my afternoon. That's that's a few hours worth again that said, I'm just. I'm envisioning this.

67
00:15:11.270 --> 00:15:25.249
Becky Whiten: You're you're closer to my age. Then you're not, I guess. I don't know. But but I remember my mom, who was older, and she mostly people's grandmother's age going and getting her set every Wednesday. There you go. There'll be hive set.

68
00:15:25.300 --> 00:15:34.540
Becky Whiten: I hope she has fun, has a good time. Enjoy your anniversary. I. You have a good weekend, and we'll do it again next week.