1© 2017 ServiceNow, Inc. All Rights ReservedConfidential© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Build your wings before jumping into the cloud

2© 2017 ServiceNow, Inc. All Rights ReservedConfidential

SECURITY & COMPLIANCENOW ON NOW AVAILABILITY OPERATIONS

3© 2017 ServiceNow, Inc. All Rights ReservedConfidential

SECURITY & COMPLIANCENOW ON NOW AVAILABILITY OPERATIONS

4© 2017 ServiceNow, Inc. All Rights ReservedConfidential

ServiceNow Is A Fast-Growing, Global Company

~4,800 Employees

Major SitesSilicon Valley, San Diego, Seattle

Amsterdam, London Sydney, Tel Aviv, Hyderabad

$28M $64M$128M

$683M

$1B

’16

$1.38B*

‘09

$244M

$425M

* Wall Street Consensus Estimates For Full Year 2016 Revenue As Of 1/22/17

$1+ Billion In Annual Revenue

‘10 ‘11 ‘12 ‘13 ‘14 ‘15

5© 2017 ServiceNow, Inc. All Rights ReservedConfidential© 2017 ServiceNow All Rights Reserved

Cloud Infrastructure

BUSINESS APPSIT SECURITY HRCUSTOMER SERVICE

Create Your Lightspeed Enterprise™ With ServiceNow

Platform

WorkflowEngine

SingleDatabase

ContextualCollaboration

ServiceCatalog

ServicePortal

Subscription & Notification

KnowledgeBase

DeveloperTools

Intelligent Automation

Machine IntelligenceBenchmarks Analytics

. .. .....

... .....

.

.. .. ....

.... .....

.

..... ..

. .. ..........

. .. .....

... .....

.

..... .. . .. ..

Secure & Compliant ScalableMulti-Instance

6© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Global Enterprises In Every Industry Rely on ServiceNow

Construction Federal Financial Services Healthcare Higher Education Insurance IT Services Manufacturing Media MSPs Oil and Gas Retail Services Technology

7© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Three Tenets of Cloud ArchitectureAvailability

• Distributed paired data centers

• Load balanced application tier

• Separated tiers

• High availability

• Disaster Recovery

Ensure measureable redundancy and failover capabilities

Integrity

• Centralized logging and event monitoring

• Intrusion detection system (IDS)

• Continuous monitoring

• Open source intelligence

• Independent auditing

Maintain trustworthiness of systems and data

Confidentiality

• Multi-tenant architecture vssingle tenant architecture

• Customer-level isolation

• Strong encryption to protect data while in transit and at rest

• ACL engine built into platform

Protect information from disclosure to unauthorized parties

8© 2017 ServiceNow, Inc. All Rights ReservedConfidential

SECURITY & COMPLIANCENOW ON NOW AVAILABILITY OPERATIONS

9© 2017 ServiceNow, Inc. All Rights ReservedConfidential

DevelopersEnterprise

Department

ConsumerEntertainmentShopping

Sales Human Resources

Enterprise IT Infrastructure

The world has changed just in the last 2 years – clouds everywhere

Finance

Communications

10© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Availability

• Availability numbers can be misleading

• What is planned uptime?• Planned maintenance?• What is the definition of an outage?

• Recovery Point Objective (RPO)?

• Recovery Time Objective (RTO)?

• How is availability monitored?

• What is real availability?

Demand Transparency

11© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Data CenterLocations

Redundant Pair

USCanadaEuropeSwitzerlandAustraliaAsiaBrazilUS-FISMA

USJapan

USEurope

US USEuropeJapanBrazilUS-FISMA

USEurope

US

Defining Availability Standards

Average Uptime % 99.995% 99.800% 99.500% 99.960% 99.950% 99.000% 99.900%

Planned Maintenance Per Quarter 6 hours 68 hours 182 hours 14 hours 6.5 hours 65 hours 39 hours

Total Availability % 99.720% 96.686% 91.167% 99.304% 99.652% 96.024% 98.114%

Recovery Time Objective (RTO) 2 hours 12 hours 12 hours Not Published Not Published Not Published Not Published

Recovery Point Objective (RPO) 1 hour 4 hours 1 hour Not Published Not Published Not Published Not Published

12© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Definition of availability - Is this System Up?

13© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Cloud Availability & Real Availability

Uptime %

SaaS provider failurenetwork or hardware

SaaS provider failureserious software defect

3rd Partyissue

Customer Createdissue

Real AvailabilityAll issues that make a cloud offering unusable

14© 2017 ServiceNow, Inc. All Rights ReservedConfidential

What type of transparency do you have into availability?

prod1

prod2

training

test

dev

15© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Additional Availability Questions?• Ask for application and infrastructure documentation• Don’t get hung up on versions of software, etc• High availability architecture?• Definition of high availability?• Disaster recovery?

– Definition of disaster– Datacenter?– Core router?– POD?

• How often DR/high availability tested?• Can you test DR with cloud service provider?

16© 2017 ServiceNow, Inc. All Rights ReservedConfidential

SECURITY & COMPLIANCENOW ON NOW AVAILABILITY OPERATIONS

17© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Security Excellence is NOT Optional

18© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Look for Investments in ComplianceComprehensive compliance strategy delivers confidence, reduces audit burden

ServiceNow Certifications Date Achieved

SSAE 16 / SOC 1 Type 1 October 2012

PCI DSS Level 2 October 2012

ISO 27001 December 2012

SSAE 16 / SOC 1 Type 2 October 2013

SOC 2 Type 2 October 2013

FISMA Moderate Government-wide Authorization (ATO) March 2013

FedRAMP February 2015

19© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Customer data isolationTenancy Model:• Logically single-tenant

– Customer-specific Application instance– Customer-dedicated Database instance

• Physically “multi-instance”– Server hardware and infrastructure are multi-

tenant

Dedicated Hardware Option?:• Physically separated (i.e. dedicated)

hardware for a single customer

20© 2017 ServiceNow, Inc. All Rights ReservedConfidential

ISO 27001

FISMA

SSAE16 / SOC 1

Independent Audits

SOC 2

Nightly Build Security Testing

Code Analysis

Code Reviews and Training

Product Features

3rd Party Penetration Testing

3rd Party Code Inspection

Security Event Monitoring

Vulnerability Scanning

Perimeter Countermeasures

Security is an integral part of . . .

Operations3rd Party Audits

ReleaseDevelopment

Cloud Security Program

21© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Resolve Real Security Threats FastAlign security & IT to resolve security threats on a single platform

Prioritize incidents by business impact

Automatically integrate threat intelligence

Hand off tasks between security & IT

Speed remediation with orchestration

22© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Resolve Real Security Threats FastIntegrate Your

Security Products

Automatically Prioritize Security Incidents

Utilize Threat Intelligence

Determine Response Action

Remediate Threats Fast

1 3

4

5

6

Review Post Incident Reports

!

2

23© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Expect security transparency

Internal pen-testing

3rd party pen-testing Every release! Annual Annual *Unknown Annual Annual Annual

Customer pen-testing *

Continuous DR testing

Customer DR testing

24© 2017 ServiceNow, Inc. All Rights ReservedConfidential

SECURITY & COMPLIANCENOW ON NOW AVAILABILITY OPERATIONS

25© 2017 ServiceNow, Inc. All Rights ReservedConfidential

Operations• How are upgrades applied?• Patch management process

– Operational impact

• Change management– What percentage of changes are automated?

• Backups– Media– 3rd party

26© 2017 ServiceNow, Inc. All Rights ReservedConfidential© 2017 ServiceNow All Rights Reserved

www.servicenow.com/sec-ops