Strengthening Security with MFA: Insights and Implementations

Show Notes

Join Andy Whiteside and guests Mike Sabia and Fred Reynolds where we dive deep into the pivotal topic of multi-factor authentication (MFA). As ServiceNow gears up for its new Yokohama release, enforcing MFA becomes not just a recommendation but a necessity.

Our experts discuss the criticality of MFA in safeguarding your digital infrastructure, how ServiceNow users can seamlessly transition to enhanced security protocols, and the implications of the upcoming changes. Whether you're a seasoned ServiceNow user or just getting started, this episode is packed with essential insights on making your security measures foolproof and future-ready. Don't miss out on the discussion about the various authentication methods, including biometrics and hardware security keys, and learn how these can be integrated into your daily operations. 

Transcript

WEBVTT

1
00:00:02.490 --> 00:00:21.140
Andy Whiteside: Hi, everyone welcome to episode 44 of syncing with service. Now, I'm your host today, Andy Whiteside, excited to be back. It's been a little while. We got a good topic around multi factor authentication, which, you know, ties into everything. I've got Mike Sabia with me. Mike is our master architect on the service. Now side, Mike, how are you.

2
00:00:21.140 --> 00:00:22.570
Mike Sabia: I'm doing well. Thanks, Andy.

3
00:00:23.574 --> 00:00:28.059
Andy Whiteside: We haven't spoke much lately. You guys have been busy. What's what's the most exciting thing you're working on.

4
00:00:29.200 --> 00:00:47.919
Mike Sabia: Most exciting thing for us is we just redid our service. Now, instance, we're eating our own dog food. We're we're intimately using service now we had a domain separated, instance, for our Msp. Business, and we've been utilizing a new stand up of service now for our service, now business, but now bringing the Msp. Team over.

5
00:00:48.257 --> 00:01:00.970
Mike Sabia: There's a lot of advantages with. Well, 1st of all, getting away from domain separation order to best support those Msp. Customers. But also we are using Hr service delivery, which doesn't work on domain steps. How it's licensed.

6
00:01:01.220 --> 00:01:02.759
Mike Sabia: It's a lot of good things happening.

7
00:01:03.080 --> 00:01:06.179
Andy Whiteside: I'm sorry. Did you say we were drinking all champagne? Is that what you said.

8
00:01:06.180 --> 00:01:09.220
Mike Sabia: Drink our own champagne. Yes, that's exactly what I said, Andy.

9
00:01:09.623 --> 00:01:15.276
Andy Whiteside: But I love saying it both ways, because it's important that we do that

10
00:01:15.800 --> 00:01:20.349
Andy Whiteside: when the A company, our size using it on the Hrsd. Is just unheard of.

11
00:01:20.530 --> 00:01:26.339
Andy Whiteside: but very applicable. Sorry I got cough going on. Amazing time, Fred Reynolds. How's it going.

12
00:01:26.340 --> 00:01:30.299
Fred Reynolds: It's going. Wonderful man excited. I'm glad to be back doing some of these

13
00:01:30.420 --> 00:01:46.990
Fred Reynolds: had a couple of eventful weeks, a lot of a lot of customer interactions and out and about talking to people. So it's very exciting to see how people are using it. Yeah, don't die. I had a looking at you coughing right there, Andy. I had one of those weekends, too, so I think I caught that stomach virus that was going around. So a lot of sickness going around.

14
00:01:47.370 --> 00:01:54.179
Andy Whiteside: Yeah, I just had this persistent call for a little bit, not not normally so bad that I have to cough during a, podcast but hey! Timing is everything.

15
00:01:54.360 --> 00:01:54.700
Fred Reynolds: Get some.

16
00:01:54.938 --> 00:02:00.429
Andy Whiteside: Brett, you may have said this, and I didn't catch it. What's what's the most exciting thing that you're working on these days?

17
00:02:01.836 --> 00:02:24.963
Fred Reynolds: Like, Mike. It's exciting to see that we're using more of the platform internally, seeing how we're using it. Hrsd, but again, what's really excited is, we're starting to help more and more customers as as a as a business unit, as a as integra. I think it's it's very nice to see that I get calls multiple times a week from customers saying, Hey, we want to do more. Need to learn about more. So I'm really enjoying that, Andy. You know it takes a while to

18
00:02:25.220 --> 00:02:43.009
Fred Reynolds: to to keep building this up. Our team keeps growing. Our work keeps becoming more evolved, and and learning, as we learn with our customers. So everything's exciting. More and more events are happening. Had a 3 events down in Florida last week. Got a service now. Summit coming to Charlotte next week, and happy hour with that. So

19
00:02:43.010 --> 00:02:45.529
Fred Reynolds: meeting a lot of people have a lot of good conversations.

20
00:02:45.530 --> 00:02:48.130
Andy Whiteside: Yeah, we're we're still doing what we do. And it's working.

21
00:02:48.790 --> 00:03:13.020
Fred Reynolds: You know what the customers are really appreciating, Andy? I mean. I can't tell you how many customers came up and commented. The fact that they love. How we do this! And several new customers came to my meet up in Raleigh that never met before. Was kind of what's the catch. Coming to our events, I said, there's no catch. We're trying to build a community. We're trying to build relationships. We're just trying to connect you with our vendors and connect you with partners and and customers. And so it's good to see that. But we still do that.

22
00:03:13.020 --> 00:03:32.610
Andy Whiteside: And then we do this podcast every other week or so. And you know, it's what I call content with context. It's just another thing we do to kind of give. And you know, if people want to come work with us great if they want to. Just listen to this and learn and have some talking points on their side, even other partners like. Occasionally I get a message from another partner that listens to these things, and it's we don't care like we just do what we do

23
00:03:32.610 --> 00:03:58.799
Andy Whiteside: along that line. We know there's a lot of customers out there working with an existing service now, partner, or directly with Servicenow or both. And if you're not feeling the love and feeling like you're being treated like a partner as a client partner is what I call them what I like to call a client for life opportunities. Then let us know, and we would love to kind of get you in the mix, Fred, I'm going to put you on the spot here. I asked you this question probably 3 or 4 months ago, and I said to date, have you lost the client? What's the answer as of today?

24
00:03:59.080 --> 00:04:00.830
Fred Reynolds: We still have not lost a client.

25
00:04:02.258 --> 00:04:15.530
Andy Whiteside: you know, things happen and companies get bought. And they have to move on to different products. But as far as people who've stayed on the service. Now Platform, I'm not aware of anybody that's, you know, gotten a hold of us and started working with us. That's left us, or service. Now, unless there was some acquisition or something that happened.

26
00:04:15.920 --> 00:04:32.259
Fred Reynolds: I think it's important, like you said, we like customers for life. We're going to work through goods and bads. We're gonna work through everything. And and it's about that relationship. So yes, we are. We're still. We still have a perfect Csat score to be honest with you, Andy. So I think that's 2 years 2 and a half years into the making here. That's a that's

27
00:04:32.520 --> 00:04:34.709
Fred Reynolds: something that's pretty impeccable, in my opinion.

28
00:04:35.340 --> 00:04:46.920
Andy Whiteside: So today's article blog that you guys brought forward is enforced multi-factor authentication. Mfa, what you need to know. So I think, Mike, we're gonna get into a little bit a little bit of technical here. But we're also gonna talk.

29
00:04:46.920 --> 00:04:47.860
Mike Sabia: Little bit technical.

30
00:04:47.860 --> 00:04:52.249
Andy Whiteside: High level. Mike, you chose this blog. Why did you choose this blog.

31
00:04:53.370 --> 00:05:13.409
Mike Sabia: Shake it up, you know. We have some great topics about different products. We certainly see a lot of topics being brought up from service now around Api. But sometimes you have to, you know, be aware of some things that are happening with service. Now, some things that you need to be aware of when you're you're selling or using, or or endeavoring to to.

32
00:05:13.760 --> 00:05:16.919
Mike Sabia: You know best use service now in your organization.

33
00:05:17.650 --> 00:05:39.480
Andy Whiteside: You know, we if you talk about service now in the form of a help desk tool or itsm, maybe that's 1 thing, and super important to protect that with multi-factor authentication. When you talk about service now, the way we expect to use it, Fred, as a platform for running at least major aspects of your business. Extremely important that we get the multi-factor piece in front of it.

34
00:05:39.750 --> 00:05:55.080
Fred Reynolds: 100%. And I think what you'll find is not every customer is ready for that, or in position to do it. You know, they may have it. But again, it's it is something to go into like Mike said Enforce. So we jump into it. I think there's a there's a date a certain release might that are going to enforce it, so customers will have.

35
00:05:55.080 --> 00:05:57.660
Mike Sabia: Yes, yeah, I'll get into that.

36
00:05:57.660 --> 00:05:59.339
Andy Whiteside: It's gonna be required at some point. Then.

37
00:05:59.340 --> 00:06:04.129
Mike Sabia: It's being required for internal users. It's not yet being required for external users.

38
00:06:05.040 --> 00:06:30.029
Andy Whiteside: I'm gonna touch on something. And I was scanning the article earlier as we started to talk about it, and I wanted to make sure I brought something up, but I don't have to. It's actually in the very 1st sentence here it is. I'm excited to announce that with the upcoming new. Now platform Yokohama. Release service now will be enforcing multi-factor authentication as a default security measure for all internal users who log on without single sign on. I was gonna bring up the single sign on thing.

39
00:06:30.030 --> 00:06:46.189
Andy Whiteside: So many people are confused. There is multi-factor. Multifactor should be everywhere you go, but ideally you'd use multi-factor as a process to getting into a single sign on environment. And then from there your user has a nice, efficient way to go. Do everything they need to do for a certain period of time before that time's out.

40
00:06:46.190 --> 00:06:55.120
Andy Whiteside: But that whole multifactor is part of a blended single sign-on approach. It's super important to me that people understand that those 2 things go together. It's not one or the other.

41
00:06:55.950 --> 00:07:05.560
Mike Sabia: And if you're already have that single sign on or that Mfa through your single sign on, there's no need to do this additional Mfa. That source now is talking about in this article.

42
00:07:05.570 --> 00:07:15.620
Andy Whiteside: Never access a Sas platform without some type of single identity. Single sign on Sso initiative happening prior to that access.

43
00:07:15.620 --> 00:07:21.939
Mike Sabia: I would absolutely agree with anybody working within the system as a fulfiller. If you're a customer, that's a little fuzzier.

44
00:07:21.940 --> 00:07:24.880
Andy Whiteside: Yeah, absolutely, because you won't have that. You're not part of.

45
00:07:24.880 --> 00:07:27.260
Mike Sabia: You could, you could, but.

46
00:07:28.500 --> 00:07:29.479
Andy Whiteside: Not not likely.

47
00:07:29.880 --> 00:07:49.659
Andy Whiteside: It's not as normal, because here's the question, like, I'm a consumer of stuff. And occasionally I'll sign up for stuff under my Facebook id, and then I don't remember, or I can't get into my Facebook id at the moment. And I actually box myself out occasionally. So there's so many single. It's like, what is the single sign on? What is the single identity for everybody out there? The truth is, there's not one.

48
00:07:50.510 --> 00:08:14.800
Mike Sabia: Right. But it's also possible for our customers. In fact, one comes to mind where you know, they could be coming in as a customer and just use using local credentials, but they have actually shared their Sso with us, and they actually sso into our instance. So we support it. It's always a great idea, but it's hard to enforce it for all external customers. But again, this articles of focus a little bit more on the internal.

49
00:08:14.800 --> 00:08:35.309
Andy Whiteside: Well, I'm gonna I'm gonna actually jump on that and say this, we don't ever want to call them customers. I know you're calling customers, not client partners like that. Whoever that client is, we are so closely aligned with us that they've enabled their single sign on their their identity provider to talk to us. That's a real client, partner scenario right there.

50
00:08:36.710 --> 00:08:44.280
Andy Whiteside: Fred, before we jump into the meat of the article. Anything at a high level you want to talk about the general idea of why we brought this article, this blog.

51
00:08:45.130 --> 00:09:12.659
Fred Reynolds: Oh, I think we're covered. I think one. I think it's it's good, I think. Glad that Mike brought it forward because it's more technical. It's more awareness. Think it's more educational. And sometimes we have these to talk about like I said, General. And there's a lot of talk about AI. I think every conversation right now seems to be AI. So this may be a breath of fresh air to talk about something a little bit different for a moment. Because I know AI is everywhere. So to me, I think this is important, supported to know what's coming and anybody listen to this, podcast that has a service now, instance, and hasn't thought about it. I mean, it's

52
00:09:12.690 --> 00:09:19.940
Fred Reynolds: I. I would dare say there's gonna be people that don't have single sign on there, and and don't have it incorporated into their service now, so they'll have to address it.

53
00:09:20.200 --> 00:09:32.760
Andy Whiteside: So I'm glad you said that, because I don't think the article actually states it. If I had to ask you guys to give me a number, Mike, I'll go with you first.st What percentage of service now, customers, do you think don't currently have multi factor turned on by default?

54
00:09:33.570 --> 00:09:39.230
Mike Sabia: I I'd say it's very few internal don't have it. The question is the exceptions

55
00:09:40.120 --> 00:09:51.840
Mike Sabia: we use Sso. Ourselves, but sometimes we have some backdoor or ids that are set up just in case case Sso is down, we need to be able to get into into the instance. This covers those edge cases.

56
00:09:52.480 --> 00:09:54.419
Fred Reynolds: So, Mike, you think, can I ask a question.

57
00:09:54.420 --> 00:09:56.900
Mike Sabia: Did. Well, Mike, did you give me a number like, what do you think the.

58
00:09:57.620 --> 00:10:00.509
Andy Whiteside: Yeah, what do you think it is? Just guess, and nobody's holding you accountable for it.

59
00:10:00.864 --> 00:10:07.240
Mike Sabia: I'd say some of the unsophisticated are probably using ad versus Sso. So maybe upwards of 20%.

60
00:10:07.620 --> 00:10:09.710
Andy Whiteside: 20% have it, or 20% don't have it.

61
00:10:09.710 --> 00:10:28.999
Mike Sabia: Don't, just because they might be like my 1st large position under service now was a company where we weren't using Sso. We were using Ldap the Sync in the Ldap when you were Ldap. Credentials to log in rather than so. Nowadays you think everybody uses so in practices. Everybody, maybe not.

62
00:10:29.170 --> 00:10:34.260
Andy Whiteside: Okay, Fred, before you ask your question, and I do want to comment after you answer, what? What do you think the number is?

63
00:10:34.260 --> 00:10:51.110
Fred Reynolds: I think the numbers higher, because I honestly think you know I think definitely service now is enterprise type. Customers probably enforce it, have it. But I think there's a lot of, you know, mid market, and and smaller customers that that don't, because I think a lot of people still don't take those actions and and moving forward, I think the number is probably 35 to 40.

64
00:10:51.110 --> 00:11:02.785
Andy Whiteside: Yeah. And and look, I might uneducated guess, based on all of those systems that I'm around. I bet it's more like 70 that don't have true multi factor enabled, or multi factor as part of a single sign on approach.

65
00:11:03.250 --> 00:11:08.089
Andy Whiteside: I bet there's still a lot of those Ldap shops, Mike that still just hit Active Directory, or whatever.

66
00:11:08.090 --> 00:11:22.039
Fred Reynolds: We might think about it this way to a lot of the 1st conversation. We have a lot of these customers. They stand up their instance, they talk about Ldap and ad integration. My ad integration is not the same correct. That's that's the 1st integration they want to do. That's not talking about single sign on or multi factor.

67
00:11:22.460 --> 00:11:35.390
Mike Sabia: Right. And nowadays, you know in in the past you had on premise ad, and you could bring your users or your groups in nowadays a lot of people are using azure id where azure is pushing the those those accounts in.

68
00:11:36.020 --> 00:11:54.270
Andy Whiteside: I, I wonder, as service now goes further down the stack and works with smaller clients. I bet this problem continues to grow, even though they're addressing it with, say, like, releases like this court, I guess. Oh, that's what I want to ask, Mike. Does this release enforce the fact you have to use multi factor, and there's no way around it. Or is it just by default turned on.

69
00:11:54.470 --> 00:12:00.989
Mike Sabia: So it's gonna be default turned on. And what they're gonna do is in the 1st 90 day, the 1st 90 days

70
00:12:01.600 --> 00:12:16.130
Mike Sabia: for the 1st 30 days you are logged in. It's gonna warn you. But allow you to log in normally 30 days after your 1st login. Then they're gonna require it to have been set up, and then I expect that at the at the end of that 90 days everybody's gonna have to do it immediately.

71
00:12:16.320 --> 00:12:16.970
Andy Whiteside: Wow!

72
00:12:17.440 --> 00:12:28.050
Fred Reynolds: But it looks like they give you a lot of options, as you see right here with with how to set it up, and it's not hard to set those up, but I would. I'm glad to do it honestly. I mean, it's more security, but I guess we'll get into that in the conversation.

73
00:12:28.050 --> 00:12:37.740
Andy Whiteside: Yeah, okay, let's do this. Let's let's progress to here the next. The 1st section. After the introduction, it says, How does Mfa help Mike, you want to just kind of address the general concept here.

74
00:12:37.740 --> 00:13:03.949
Mike Sabia: I I mean, it's it's pretty straightforward, you know. Credentials can be lost. Credentials can be stolen. Credentials can be, you know, intercepted in between, you could accidentally, you know, put your credentials in as a your password in as credential as your login Id. And some system, and then somebody has it. This is that second fast factor to make sure you are who you are. You say you are not just the fact, you know the id and password, but an additional authentication or verification.

75
00:13:03.950 --> 00:13:08.050
Andy Whiteside: People still put their like passwords on a post-it note on their desk anymore. Do you.

76
00:13:08.820 --> 00:13:11.490
Mike Sabia: I think they do. I think they do, for sure.

77
00:13:11.490 --> 00:13:12.419
Fred Reynolds: Guarantee it in this.

78
00:13:12.420 --> 00:13:33.170
Mike Sabia: And they reuse it. But you know, as I'll get into a little bit, you know, some of these Mfa methods are not super super secure either. So a lot of traditional Mfa is like, Oh, send me a text message. But those text messages can be intercepted. And so you know, they're definitely recommending, use things like Google, authenticator or pass keys.

79
00:13:33.170 --> 00:13:52.580
Andy Whiteside: Well, I'm glad you brought that up. Let me just roll through the ones they list. Here. Pass keys is one authenticator app, such as Google or Microsoft, authenticator, hardware security keys such as Yubikey biometrics, biometric authenticators. Such authenticators face Id touch id windows. Hello. And then, of course, there's email and text. One time, passwords.

80
00:13:52.814 --> 00:13:55.630
Mike Sabia: Last one, I would say, is probably the least secure nowadays, and

81
00:13:55.740 --> 00:13:57.889
Mike Sabia: the security experts do not recommend that.

82
00:13:58.280 --> 00:13:58.840
Fred Reynolds: Oh!

83
00:14:00.553 --> 00:14:01.560
Andy Whiteside: For anything.

84
00:14:01.560 --> 00:14:08.700
Fred Reynolds: Let me ask a question about the biometrics, just because I'm curious about that. If you go back up the biometrics to touch Id face. That's all just based on that computer that you have correct.

85
00:14:08.820 --> 00:14:09.710
Mike Sabia: Well, right?

86
00:14:09.710 --> 00:14:11.050
Fred Reynolds: You were somewhere else.

87
00:14:11.420 --> 00:14:35.070
Mike Sabia: Right? So like, if you were on your phone because you can access service. Now through the phone just as you log in with your your thumb print or the like, you could set it up. So that that is your second factor, authentication. The fact that you've authenticated confirmed yourself on that device would be that second factor. And with windows, Hello! You know, that's the where you log in windows. It looks. Your camera looks at your your picture can do that second factor that way.

88
00:14:35.070 --> 00:14:35.650
Andy Whiteside: No.

89
00:14:35.900 --> 00:14:56.270
Fred Reynolds: Yeah, I I'll bring that up, Andy. I think a lot of thought has to go into how people want to set this up, and that's why I said it. Because I mean, you look at the way we work these days. I mean, I've seen Andy go into a hotel log into his Vdi and get to everything he wants to get to. If you have those type of biometric setup, I think you'd be limited in those spaces, and and the way service now set up in the cloud. Yes, we can work from a mobile app or any PC. As long as we can get to it.

90
00:14:56.880 --> 00:14:59.199
Andy Whiteside: Yeah, I'm just Googling now. Some

91
00:14:59.500 --> 00:15:24.750
Andy Whiteside: I don't know. Maybe it's been. It's literally been 20 years actually, there was a product that we were selling and demonstrating that was based on the speed at which you typed. So you had your password, and not only would it have your password, but it'd be it would. It would measure and monitor the cadence at which you typed your password. It would use that as a factor to determine if it was really you or not pretty cool. I don't know what happened to that technology. Maybe it just didn't prove to be viable or not, but it was one way.

92
00:15:26.120 --> 00:15:50.290
Andy Whiteside: All right, Mike, 1 min. Let me do let me read the quote here. I usually do that Mfa significantly reduces the risk of unauthorized access. Even if a password is compromised by up to 99%, I'm massive believer. I think it's integra is somewhere in the approach of this of just eliminating passwords altogether, and rely on a multi-factor solution or 2 in order to get people in. I hate

93
00:15:50.290 --> 00:16:02.550
Andy Whiteside: passwords, and you know the the company as a whole is not really. We don't use passwords anymore. We use pass phrases. And that gets really hard for people. I really would like to just move to some type of.

94
00:16:02.870 --> 00:16:07.299
Mike Sabia: Yeah, and use the password, or passcode, or pass password rather, is still

95
00:16:07.410 --> 00:16:17.440
Mike Sabia: often your 1st entry in there. But then, if you come back to the PC. The next day. You don't have to reenter that you have your your biometrics, or your PIN, or or what have you.

96
00:16:17.440 --> 00:16:17.980
Andy Whiteside: No?

97
00:16:18.705 --> 00:16:24.239
Andy Whiteside: This next section is titled. How does Mfa affect service now? Customers, Mike, you wanna hit that.

98
00:16:24.280 --> 00:16:31.940
Mike Sabia: So this is where I mentioned the fact that during the 1st 90 days after the upgrade to Yokohama, all internal users

99
00:16:32.588 --> 00:16:45.339
Mike Sabia: those are people without the external role of Snc external logging in with either local or Ldap credentials will need to set up Mfa within 30 days of their 1st login.

100
00:16:46.425 --> 00:17:14.230
Mike Sabia: So if you log in for the very 1st time on the 45th day of that 90 days, you'd you'd have to do it in the next, you know, 30 days after your 45 days you could still log in normally, but you you'd have to do the next 30 if after that, 90 days, or after the 30 days after 1st login, you'll be forced to do the Mfa setup. I think that a lot of people are at this point are fairly familiar with Google, authenticator or Microsoft authenticator, pretty straightforward. But you know, there are, as we just spoke, a number of other methods.

101
00:17:15.030 --> 00:17:31.380
Andy Whiteside: So, Fred, I would expect us to be getting lots of phone calls from people that aren't ready for this. You know that lower tier. Maybe some small enterprises. Large commercial this is probably something to get with our security team on and maybe get a get the word out that if you're on the service now, Platform, you you better be ready for this, or we, or need our help.

102
00:17:31.620 --> 00:17:36.309
Mike Sabia: Right. And again, this is strictly internal focus. We said that it's internal users without the S

103
00:17:36.670 --> 00:17:46.869
Mike Sabia: from a role. So if you were like a custom, a client who, was logging into your system to raise a ticket or something else. Service now is not

104
00:17:47.360 --> 00:18:09.259
Mike Sabia: requiring that at this point, however, if you were a health system where people are logging in to verify your your doctor's appointment, or or your details of your medical appointment that is where you would want to consider enforcing an Mfa for those external users. But today, for Yokohama internal is focus.

105
00:18:10.040 --> 00:18:17.110
Andy Whiteside: But, Fred, you know I'm always thinking about it from a marketing perspective. I think it's a great opportunity to kind of get the word out and see if we can't find some clients that are on service. Now

106
00:18:17.260 --> 00:18:22.090
Andy Whiteside: don't have multi-factor need help with multi-factor. The combination between our security team and you guys.

107
00:18:25.358 --> 00:18:29.540
Andy Whiteside: okay, Mike, next section says how to get started with Mfa.

108
00:18:32.730 --> 00:18:56.979
Mike Sabia: it's pretty straightforward, I mean, you'll read the documentation and and set up your default. I mean the Google authenticator Microsoft authenticator is the default. That is what you can do. But if you'd like to have some some better conversations with us, we are absolutely here, and willing and able to help you out. But if you're using, you know, Sso, and you just need to also have Mfa set up for some of those edge conditions

109
00:18:56.980 --> 00:19:04.709
Mike Sabia: such as your, you know, back out admin account just in case you have to log in, or maybe some testing users. You're gonna have to do this.

110
00:19:05.350 --> 00:19:11.300
Fred Reynolds: Like it. Just to be clear right? I mean, nobody has to wait at this point, so they can set up Mfa today whether whatever.

111
00:19:11.670 --> 00:19:12.210
Fred Reynolds: This is.

112
00:19:12.210 --> 00:19:25.880
Fred Reynolds: just making them aware that in that release, and to your point, Andy, I think us making sure we educate our current customer base and all the ones that we we meet, at events and stuff that we making sure they're aware of this, and we can also assist with their upgrades and making sure they have it handled.

113
00:19:26.320 --> 00:19:31.179
Andy Whiteside: You know the the lunch I had today. We kind of talked a little bit about how service now.

114
00:19:31.200 --> 00:19:45.489
Andy Whiteside: historically, has been all about. You know, servicenow partners that basically focused on service now. And the person I was meeting with I said, Yeah, that's changed, though, because a lot of these service. Now, partners are being acquired by these larger value, added resellers that do more than just servicenow.

115
00:19:45.490 --> 00:20:02.139
Andy Whiteside: This is a great example of where you'd have an identity team within the partner like us that would fall under our security practice. That needs to be in parallel helping customers get ready for platforms that are going to need multi-factor, and in this case literally start to require it, and there's nowhere around it.

116
00:20:02.300 --> 00:20:03.170
Fred Reynolds: Little Chip.

117
00:20:04.150 --> 00:20:09.580
Andy Whiteside: Alright, Mike, this is one I've been kind of talking around. You've been answering. How can I disable this thing? Multi.

118
00:20:09.580 --> 00:20:21.980
Mike Sabia: You. The answer is, you shouldn't. I I suppose it's possible it absolutely is not recommended. That's the way you get these security breaches allowing exceptions to good policy.

119
00:20:22.560 --> 00:20:24.740
Andy Whiteside: Yeah, Fred, anything to add to that.

120
00:20:24.740 --> 00:20:37.650
Fred Reynolds: No, I think it's the truth, and I think it's it's time for these enforcement to start happen, because you're still starting to see some security breaches. And so at some point, you got to draw the line in the sand, and I'm glad to see them doing it and saying that this release. That's gonna happen.

121
00:20:37.780 --> 00:20:38.330
Andy Whiteside: You know.

122
00:20:39.544 --> 00:20:40.660
Fred Reynolds: Oh, I can't.

123
00:20:41.160 --> 00:21:04.410
Fred Reynolds: and it's probably a good time to say this. I think the reason why some of this is happening, and Mike alluded to it like, get into a little bit of a Csm or other things, you know. Service now, historically right, itsm focus internal it. And yes, this is starting internal. I'm sure you'll see it start to go further out as well, because I think, Mike, in our last company we were at. We had to do. 2 factor authentication to our customers as well right.

124
00:21:04.410 --> 00:21:04.770
Mike Sabia: We did.

125
00:21:04.770 --> 00:21:29.670
Fred Reynolds: External to make sure they was safe. So, Andy, I think what you'll see is now that you're starting to see the platform being utilized as a platform across organization and across the different business units. You're bringing a lot more different data. You actually, security is brought into here. You know, your customer data is being brought into service now. So I think more and more. This security is important, and I think you'll see in this release, internal to internal Mfa. Being required in the future. I bet you see it external as well.

126
00:21:30.670 --> 00:21:48.460
Andy Whiteside: So, Fred, I'm actually gonna take credit for bringing that up as a platform conversation. Because and I'm sure Mike either said the same thing or would say the same thing. You know. It's 1 thing we're talking about a help desk tool, or maybe itsm, maybe. Kinda but this thing is a platform. They're running a big chunk of the business on. If you're doing it right, we need to make sure we know who's coming in.

127
00:21:48.750 --> 00:21:49.699
Fred Reynolds: 100%.

128
00:21:50.860 --> 00:22:11.570
Andy Whiteside: Mike. The last section here says, how should I prepare for enforced Mfa. Going back to the conversation earlier? There should be most companies already doing this, but we know that's probably not true. My number was really high. Y'alls was somewhat high, massive, addressable customer base out there, client base that isn't prepared for this. What should people do?

129
00:22:12.510 --> 00:22:33.650
Mike Sabia: Start now. Don't wait for Yokohama. There's no reason to say, hey, we only have to worry about it later. Set it up now, and if you're concerned about enforcing it right away, just as Yokohama says. You know you have the option for your 1st 30 days not to set it up. You could start that. Now get people familiar or or speed it up as your security team best desires.

130
00:22:33.810 --> 00:22:36.829
Andy Whiteside: Yeah. I bet there's people out that wait till day. 25.

131
00:22:37.110 --> 00:22:38.250
Fred Reynolds: Oh, for sure!

132
00:22:38.250 --> 00:22:42.789
Andy Whiteside: You know, for anything on the what to do. Now, kind of message.

133
00:22:42.790 --> 00:22:55.380
Fred Reynolds: Well, I'll just say, if anybody wants to help, whether to have that conversation we're here and able to help and like, Andy said, I mean, we. We have a network and security practice as well. That security practice can jump in and help all along the way.

134
00:22:55.550 --> 00:22:56.150
Andy Whiteside: Yeah.

135
00:22:56.580 --> 00:23:22.170
Andy Whiteside: yeah, we got the whole stack covered. I mean, I I literally hesitate when people say, you know, what what do you guys do, and I literally have to hesitate and think to myself, is it okay to say we do it all? And then I say, we pretty much do it all, and I can say that with a straight face, as someone who knows what's going on over here. There's there's Ceos that work for much larger companies, they'll say without hesitation, and I bet they don't really know.

136
00:23:22.640 --> 00:23:28.787
Fred Reynolds: Well, I work in one practice within this company, and I still say that when people ask me, What do you guys do? We can do it all. What do you need?

137
00:23:28.980 --> 00:23:34.660
Andy Whiteside: Yeah, Fred Mike, I appreciate the time today. Anything that we didn't cover around this.

138
00:23:35.520 --> 00:23:43.770
Fred Reynolds: Nope, just another shout out, if you're in the Charlotte area next week, come to the summit. So next Wednesday, 25.th

139
00:23:44.310 --> 00:24:07.319
Andy Whiteside: I would probably be remiss if I didn't bring up that. It won't be long before the service. Now. Knowledge Conference in May in Las Vegas is upon us. If you would like to go, reach out to your integra folks and find out what it would take to get one of our deeply, deeply discounted passes. I expect us to either bring or influence 30 to 40 customers there this year, and we're gonna make a big deal out of it.

140
00:24:07.940 --> 00:24:08.690
Fred Reynolds: Indeed.

141
00:24:09.230 --> 00:24:11.760
Andy Whiteside: Alright guys appreciate the time. We'll talk next week.

142
00:24:11.950 --> 00:24:12.310
Fred Reynolds: Thank you.

143
00:24:12.310 --> 00:24:12.810
Mike Sabia: Thank you.