ServiceNow, Inc. (NOW) Earnings Call Transcript & Summary

All right. Good morning. Thanks for joining, everybody. I'm going to start to share my screen. All right. Hopefully, you can all see that. Let me see if I can pop up my chat so I can keep an eye on everybody as we go through today's presentation. All right. I think we are right at the top of the hour. So good morning, and thanks so much for joining us today in the Demo Center. My name is Lorin Miller. I'm one of the solutions consultants here at ServiceNow, and I specialize in our IT operations management area, or ITOM as I'll be referring to it throughout today's presentation. So thanks again for joining us. Really excited to talk to you about a few of our IT operations management features. We're going to be focusing today on visibility and AIOps as it comes to event management. So just a few housekeeping items as we are in a Zoom webinar. As you have thoughts, questions that come up, if you can't see my screen, if I go on mute or cut out, feel free to throw that in the chat. I'll have it in my left screen here, and we'll be answering those questions as they come up and also at the end. Let's get started here. All right. So just a brief overview of our agenda. I promise I won't bore you with too many slides today, just a few to kind of level set how ITOM evolves into our overall ServiceNow platform. And then I'll do a brief overview of visibility, how ServiceNow approaches visibility when it comes to discovery and laying that foundation through your CMDB. And then we're also going to look at AIOps, and that's going to be the bulk of our live demo today. We're going to be looking at AIOps as it pertains to event management and how to be more proactive in that. All right. So this is a busy slide to start. So it's just getting your brain warmed up this morning. So don't squint your eyes too hard. But really what I want to call out here is that at ServiceNow, we're really focused on being the platform of platforms. And we're doing that through workflows that are guiding our customers through their digital transformations. So really prioritizing these integrations into our platform from various monitoring tools, your third-party sources, and that's going to become really important as we talk about operations and event management today. So as you can see, we have quite a few suites of offerings, ITOM is just one of those areas. But as we're looking at providing high available services, that's going to be a really important piece, and it's just one part of our puzzle across the ServiceNow platform. So let's narrow down a bit. As we're talking about AIOps and our ITOM suite as a whole, we're really looking at 3 key pieces here. So our customers have seen these results but we're focusing on providing proactive operations, and this is done through the AIOps features. So we're predicting these issues before they occur. We're doing this by detecting our anomalies through our AIOps and machine learning. We're then focusing on preventing that impact on the end users, focusing on preventing it from specific end user groups, preventing that impact at all, right? And then most importantly, automation comes into play quite a bit. We're going to look at that today in our demo. But automation in the sense of getting those alerts to the right groups of folks, getting those alerts to the right areas. And then when it comes to response, remediating those alerts directly from the Now Platform and having us automated workflows available so we can take action proactively. So we're going to dive into these pieces a bit more in depth throughout today's presentation and in our demo. So as promised, I really want to just set the table here when it comes to visibility. So discovery and setting a strong CMDB truly is going to be the foundation. AIOps is layering on top of that. But having a strong CMDB and having visibility that's current, correct, thorough, of what's going on across your network from a customer network standpoint is going to lay that foundation so we can layer on that machine learning capability. So a question that we get a lot of times is what is ServiceNow's approach? How is this actually happening from a discovery standpoint to get that data from our network back into ServiceNow? And we do this in an agentless way. We do this with a MID Server, which is essentially a lightweight Java application. We install that on to the customer network. And typically, it can be on a Windows, Linux, doesn't matter. But typically, we see it on a virtual machine. So we installed that MID Server on the customer network. And then it's sending up all kinds of protocols across the network to detect all the devices that you have, laptops, storage, what applications are running. And it's sending that back to ServiceNow through port 443. I'd like to call that out. If there's any folks from a security background on the call, you can take a deep breath here. We do not expect our customers to open any additional ports on their firewalls for this information to pass back to ServiceNow. We do it through the HTTPS protocol because it's an outbound communication port. So we don't need any additional ports open on that firewall from a security standpoint. So you can see from this illustration here, all the protocols about MID Server sending out to collect the data on your network, scan all those CIs and pull it back into ServiceNow instance. The MID Server typically runs on schedules, but it can also be run on demand. Another piece that gets brought up quite a bit is, okay, we're running these schedules on our MID Server, potentially daily, weekly, whatever that looks like, to keep your CMDB current. Sounds like a lot of bandwidth on our network, completely understandable, but that's why ServiceNow has implemented a phased approach for discovery. So the first phase of the four, we're going to scan your network with that Shazzam probe. It's really scanning the port to see what's responding, what services are active on the customer network. It's then going to go in, if it detects anything, grabs any fishes, the classified probe is going to kick in. And that's just looking to see what kind of service is this, what kind of operating system are we working with, really determining what specific table in the CMDB does this fit into. The identity probe and the identification phase is our third phase, and that's going to see have we had this CI pop up before. Have we seen this item before? We don't want to have many duplicates in our CMDB. So it's using that intelligence to make sure we haven't had a replicate of this one. And if so, how do we remediate that. So we only have one unique identifier for each CI on the network. And then our last phase of the four is the exploration probe that kicks in, and that's really looking for any additional details we can gather about the CIs gathering. So this is where file-based discovery might come into play. If it's detecting any tracked configuration files that we want to keep up to date in our CMDB. This phase is really enabling us to have the most detailed and thorough CMDB, possible, which is, again, laying that foundation for AIOps. Take a breath there. I know it's a lot of information. If you have any questions, feel free to throw those in the chat. But on this next slide here, I want to illustrate that as our discovery is running, it's not only looking for those CIs to populate the CMDB, but it's also looking for the relationships between the CIs. So the middle panel there, you can see the application dependency maps that are populated as part of discovery. That's taking a horizontal mapping approach. And it's looking at what connections exist from application to application, from application to host perspective. But on the right of that, you can see our service mapping capability. This is another feature included in our ITOM visibility suite, and this is taking a top-down mapping approach. It's really giving you that business service context. So it helps you filter from each individual business service that's running from a troubleshooting perspective, this becomes very important, right, being able to look top down from the service level all the way down to which CIs are supporting that specific service. It's at the top level, at the middle level and all the way down to the server level. So this becomes really important in operations. And I always laugh to myself at this piece, service mapping has a warm place in my heart. At one of my past companies, we did this every quarter manually from memory to manually map our services and see what CI supported it. So having this feature out of the box and run automatically scan and be current across your network is really special to me. So we'll take a look at that in our demo portion today. All right. So hopefully, that helped us set the stage a little bit when it comes to visibility, laying that foundation with discovery, having a current, accurate CMDB available on ServiceNow to support these AIOps capabilities for event management. So I have one more slide talking about AIOps, and I want to jump right into our demo portion today. So AIOps, what we're talking about here, it's 3 key areas. But what we're focusing on, as I mentioned earlier, is really being proactive. So preventing these issues before the users are impacted, before they even occur, right, and addressing them proactively. So the first area in how we achieve that really comes into play when we're talking about data collection. So the more data sources we can bring into this platform of platform, right, going back to that first crazy slide, the single platform idea. The more data we can bring into ServiceNow, the stronger analytics capability will be. So we want to leverage the data available to us from logs, from events, from all your third-party monitoring systems. Even if they're siloed, we want to integrate to bring that data into the single platform. The second piece is where the AIOps and machine learning engine is going to come into play to analyze all that data, analyze the logs, the tickets, the actions. And it's generating not only insights but also gives the users ability to take action directly from the same platform. So we're going to look at that in our demo. How do you act proactively and within the same screen. We'll go through that in our demo. But the last piece is having all of this data, all this information. Not only the sources but the insights, the actions that come out of it, all of that data in a usable, ingestible format. And that's where our operator workspace is going to come into play. So having this data available on a dashboard that gives you a good understanding of what's going on in the business service level and helps you to quickly prioritize so you can take action effectively. All right, if there's any questions, throw those in the chat. I'm going to switch gears here into our live demo. Hopefully, my screen share stays with me. All right. Hopefully, you're tracking my screen, I have shifted gears into our operator workspace. So this is now in our live ServiceNow instance, let me skip this down a bit. And what you're looking at here, you can see several different colored panels. What these panels represent, this is a service view. So in our hypothetical demo data situation, this is our organization, and these are each of the individual business services that are running in our organization. So we have that service level view. We're no longer lost in that CI view. We can see right away the name of our services and most importantly, these colors of the tiles. So the colors are representing the level of alerts currently impacting those services. So for example, red panel in this order side of service means there's a critical alert impacting. And all the way down to green, meaning we're okay. We can see some filter opportunities here to go through and filter our services. We can also pop out this panel here. And this is going to sort our verbatim alerts or groups of alerts by priority. We can select each of those alerts, and it's going to automatically filter to show me which specific business services are impacted by that specific alert. So again, really honing in on the business service view here. All right. So let's navigate into one of our services that's being impacted by a critical alert at this time. I've already popped this out because my Wi-Fi has been real slow today, but essentially, you would just click in here to see the specific alerts impacting that service. All right. So here, we still are at that service level. We've popped it open. We can get some information on our service in general as we need it. But it's by default, going to bring me to this related alerts tab. And the first thing I want to call out is the source. This is a group alert. And so you might be wondering what does the group alert mean? How is the group? What does that even mean from a ServiceNow perspective? What we're talking about here -- and I've navigated to that group of alerts, and I can see all of my alerts in this group. It's exactly what it sounds like. These alerts were grouped automatically by the system, and that happens using CI-based patterns. So you can see from this source panel here, all of these group alerts were brought in from the siloed monitoring tools across our network. They're clearly siloed. They're from a bunch of different things, one being our ITOM agent. But they're all brought in and automatically correlated because they're essentially telling the same story, they're impacting the same CI or group of CI at the service level. So our system was able to use those patterns to group them automatically. This results in quite a bit of noise reduction for our agents. And so you can tell, for our example here, we had one alert in this form of a group alert, but that consolidated was a 7 group, 7 alerts. So you can imagine that at an enterprise scale. And if you look at our customer stories, our customers have had this noise reduction at such a drastic level, but it's actually resulting in reduced mean time to resolution for them as well, because they're able to troubleshoot and respond more effectively because they're no longer lost and all the noise coming in from all these different alerts, from every angle that are essentially saying the same thing, right? They're grouped automatically with this capability. I'm going to go to my details tab here. We're still at this group level for the alerts. And I want to point out this collaboration feature here. So this is our activity log. If my coworkers were also collaborating with me on this alert to take action, I'd see that here. But more importantly, if I want to get some additional details on how the specific pattern group these alerts, set this specific alert as the primary for the group, I can navigate here and get some additional information on how the pattern made those decisions. So in our case, this specific alert was set to priority because it was the oldest of these specific alerts. We can see an incident was created based on the status. We can see all the activities that have taken place on this group of alerts so far. All right, I'm going to navigate now into our primary alert that I pointed out. This is going to be this one at the top of the list of our group. And again, we don't lose visibility. We can still navigate into each of these individual alerts if we need to. But for convenience, it groups these alerts so we can navigate more effectively. All right. So right away, now I've navigated to my specific primary alert level. So we have one alert view here. Again, we can see quite a bit of information available to me throughout all these tabs. I'm going to start with our metrics tab here. And this helps us get a better idea of what's going on at the alert level. I can see there was a drastic change, something happened that caused a sharp increase in our disk usage for this specific CI. So this tells me that in about a 5-minute window, something happened that changed this disk. So you have all these different metrics available to me that I can look at. But I like to work smarter, not harder, if you will. So this is one of my favorite features available, which is the probable root cause tab. So what this is doing, the AI is scanning our entire ServiceNow platform. So again, we're bringing it back to that platform of platform idea. The single platform is looking across our ITSM capability. It's looking at changes that could have occurred, right? Past changes, plan changes, past incidents that may have occurred similar to this, and scanning the entire platform to see what might have resulted in this alert. So right away, the one that's catching my eye here is this unauthorized change, right? And so this -- my experience in operations, this is often the culprit for alerts coming in, these unauthorized changes that happen. So we can navigate into this change record to see what happened, and we will. But before we do that, I want to take a step back and as promised, show you that service map view where we could come to this conclusion as well, looking at all the CIs impacting this service. So I want to take note for a second before we go there, this specific unauthorized change is focused on this specific Oracle CI. So let's keep that in mind as we pull up our service map. Yes, we can see right away. This again from our slides, probably looks familiar. This is a map of all of -- our top-down view, right, of the CIs impacting our order status service. And we can see again this color system here, we can see our Oracle database CI is in the red, meaning the alert is specifically impacting that CI supporting our service. If we want to pop out our advanced view of the service map, we'd go here. I've done that for the sake of time. And it just pops out a more detailed view of our same service map. We have our alerts impact in the CI as we can see here. We can uncorrelate those alerts and see them verbatim. We can group them back. And so we have a more detailed view here. I also want to highlight this ability to compare. So this is our time line. And we can set 0.1 and 0.2. We can see at some point, the CIs putting our service went from a green status to a red, which we know because we got the alert. But if we want to directly compare between two points in time to see what might have changed, we can set those time points and click compare. Again, for the sake of time, I've populated that already, but it's going to pop out this comparison view. And so right away, we can see it's highlighting the specific CI, that Oracle database, same here. And in that specific time frame, that 5-minute interval that I just set, this CI was updated. Something on it changed. So again, the AI told me in our possible root cause tab, right, that there was an unauthorized change, but I can get to that same idea here in the service map. I can see which specific track configuration file on that CI, let's scroll down here, was updated. I can navigate to that specific configuration file if I need to, get some additional data here, see what things might have changed. But again, working smarter, not harder. I'm just going to go back to that probable root cause tab and open up that changed record, so it tells me what was changed. So opening up the unauthorized change record that it told me, but it's probably the root cause. I can scroll down here. And instead of navigating through the data from the service map, it tells me right away that in this unauthorized change, the SQL trace was turned on to true from false. This is most likely the culprit for that sharp increase in disk usage. A lot more data is now being kept on that disk because of the SQL-trace status. Got it. All right. All right. Now we know our culprit, like I said, it's typically the unauthorized changes that do that. No worries. We don't necessarily want to change that status back. Not sure what was needed, why that was turned on. But we still want to avoid that outage, right? We don't want that disk to spill up, to fill up and cause in an outage. So closing that change request, I want to shift now. We can close our service map. We know our root cause. I want to shift back into remediation mode. I mentioned we have all this great data. We have the analytics capabilities. But what sets ServiceNow apart is the ability to take action from the same screen, same platform, right, to prevent those outages from happening. So I'm back at this group of alerts level because, again, they've been grouped for a reason. We want to remediate at the group level. I'm going to go ahead and assign that group of alerts to me. Going back to that details, activity log. We can see that happening. I've assigned it to me. I know what's going on, but I don't necessarily know how to remediate. So I'm going to pop open this agent assist feature here, this little red cap all the way to the right-hand side. And what it's doing is it's populating -- let's go back here, it's populating knowledge-based articles for me. Now I laugh again because in the past, sorting through knowledge-based articles has honestly been more hassle than it's worth, depending on how your libraries have been set up for you. So again, I love this feature. It's close to home for me. Because what it's doing here is using artificial intelligence, using machine learning to scan the details of this group of alerts. And it's populating for me only the 2 KB articles that are specifically relevant for what I'm working on. So it's reducing the time it takes me to read a KB article. It's giving the only options that are relevant. I can again pop those open and review them right in the platform, quick read. It sounds like what we're working with now is pretty similar. And if this is helpful to me, I want to continue to feed the machine learning and feed the accuracy of the system by attaching this KB article to the ticket. I can add certain comments if I need to, but I'm just going to go ahead and attach that article. We can see that refresh in our activity log again at the group of alert level, and we can see that I've attached that to the log. This will help feed collaboration, help my coworkers understand what I did, why I did that, whatever reason. Have my KB article, it's telling me what I need to do. Now it's time to take action. So I go back to my pop out here, suggested actions I can take. And what I'm looking at are a list of available workflows, digital workflows that I can single click to run or remediate this group of alerts. So in our case for today, I want to avoid that outages by expanding the disk space, so it doesn't fill up on me. I'm going to click run remediation to expand that disk space. And it's just going to take a second. You can see it thinking about it. That flow designer is running the steps to do so. And so what just happened is that workflow ticked off and it's automatically going to take that alert and remediate it as I've recommended it to do. So it's thinking about it. We can see a list of all of our steps that took place to make that happen. But going back to our details tab, our activity log, we can see what just happened, right? The group of alerts was closed because I remediated effectively. That disk space was expanded by 50 gigabytes, tracked into change logs. We have that for consistency across our system, going back to that platform of platform ideas. Each of the individual alerts in our group was effectively closed as well, and we can go back and track that from the very beginning. But at this point, I've remediated from the platform. I've closed the alerts and I can go back to my operator workspace. That refreshes. And I can see my order status system has now changed status colors back to yellow. So there's one more minor alert impacting it, and we can troubleshoot using the same capabilities we just went through. But it's now no longer in the red, no longer pending an outage right away. I know that was a lot to go through. Hopefully, that wasn't too quick. If there's anything you want to see again or any questions you have, toss those in the chat. But I'm going to go back to our slides just to close out here, if I can get it. There we go. All right. So just to quickly recap what we saw, and I know it's fast, which in a way is kind of a way to illustrate the capability, right? It's effective, proactive resolutions. But essentially, we overviewed our operator workspace and automatic capability to go ahead and group those alerts for the sake of noise reduction, right? Group those correlated alerts, so we tell the same story in the form of one alert as opposed to seven. And at an enterprise level that noise reduction can become critical. We were able to visualize with our service maps, looking at how the different CIs support the service and the status of those, we can pinpoint and troubleshoot more effectively. And then from a remediation standpoint, we had our KB articles how those automatically populated. We are able to take action from the same screen, from the same platform by running our digital workflows. That helped us to avoid an outage and remediate faster. All right. So I'm going to close out here before I go back to the questions. But the key takeaways as we look at ITOM, AIOps and specific areas, but overall, from an ITOM perspective, what we're focusing on is enhancing the visibility. So we looked at discovery, service mapping, laying that foundation from a visibility perspective, managing the service health with Event Management, we use the AIOps capability and analytics. And then optimizing your cloud spend, right, staying agile, improving your efficiency across your cloud environment with the features that we demoed today. And that wraps us up. So thank you so much to everybody for joining us this morning. I'm going to go ahead and close out my screen here so I can take a look at the chat thing. If you have any questions, feel free to throw those in. And if not, you can always e-mail us later with any questions you have. But feel free to drop off if you didn't have any questions, and have a great rest of your week. I'm going to look at the chat here.

All right. How do KB articles and the remediation stay current as time goes on? So that's all about how you configure them into your ServiceNow system. So as you update your KB articles in ServiceNow they will update accordingly. And same with your remediations. It's all about the options you provide into your system. So as you change those, they'll stay current from an AI perspective as well. Great question. Any other questions from the chat? All right. I'll stay on an additional couple of minutes to keep an eye on it. But again, if not, thank you so much for your time, everybody. Really appreciate you joining us this morning. Yes, a link to the recording will be sent out. It may not be this specific recording, but it will be the same content will be sent out to you from demo center. All right. I don't see any other questions trickling into the chat. I'm going to go ahead and close out the webinar if I don't see anything else. Again, thank you so much for your time, and have a great rest of your week, everybody. Appreciate it. Take care.