Over the past few months, ServiceNow announced two major acquisitions, Veza (acquired for over $1B) and Armis (acquired for $7.75B). The latter also happens to be the largest acquisition in ServiceNow’s history which is quite impressive for a $150-billion company not widely known as a security player.

Some people read these events as ServiceNow trying to become a security vendor, but this is not at all the case. Instead, it looks like the company is betting on “workflow gravity” to become a leader in security. In this piece, I am explaining what ServiceNow bet is and why it stands a real chance of becoming a sizable player in cyber.

This issue is brought to you by… Drata.

Real-Time Visibility for Modern Security Teams

In a world where cyber threats evolve faster than manual audits, visibility and automation are key to reducing risk. Drata empowers security and compliance teams to continuously monitor and prove compliance across frameworks like SOC 2 and ISO 27001—without slowing business operations.

Our platform integrates with your existing tech stack to surface real-time risk insights, streamline evidence collection, and eliminate the manual overhead of compliance readiness.

Whether you’re protecting your organization’s reputation or building trust with customers and stakeholders, Drata helps you stay audit-ready and resilient—continuously.

The concept of workflow gravity effect

To make sense of the strategy ServiceNow is going after, it’s important to understand the concept of workflow gravity and why it matters.

If you have read my previous deep dive about control points, this is going to sound very familiar, but if you haven’t, here’s a quick context. Every function of security has a centralized system where most of the work happens (I call these control points). For example, the entirety of security operations currently lives in a security information and event management (SIEM), while identity governance platforms like SailPoint remain the main operating system for enterprise identity.

Image Source: Owning the control point in cybersecurity

If we take a few steps back and look at the entirety of the enterprise, it’s easy to see that where work happens is largely defined by two factors: data gravity and workflow gravity.

I have previously talked about data gravity, and although years have passed, the idea remains as relevant today as it was then. In simple words, data gravity is what we see when something becomes a system of record for a function, and