Thousands of enterprises rely on ServiceNow to customize and automate their workflows, facilitating better communication and collaboration with IT teams, employees, and customers. To help security teams protect this critical service and the sensitive data that it contains, Obsidian is announcing that our comprehensive SaaS security platform now supports ServiceNow security.
ServiceNow has a wide variety of capabilities that include ticketing, communications, and reporting, with the option to connect any number of third-party applications, custom in-house integrations, and data sources. Because the platform is so customizable and open-ended, ServiceNow security can prove challenging to teams as they try to limit public exposure to sensitive data, monitor risky integrations, and harden the application’s posture. Obsidian’s deep understanding of the SaaS environment allows us to surface clear, actionable threat and posture recommendations to help your team address those ServiceNow security challenges from a single, easily navigable interface.
Identify Publicly Exposed Data
Because the ServiceNow platform offers various specialized applications for serving both internal teams and external customers, understanding which parties have access to specific resources can be incredibly complex. Monitoring and regulating public exposure to data is a critical component of Obsidian’s approach to ServiceNow security—especially when it comes to protecting sensitive personally identifiable information.
Obsidian identifies ServiceNow pages, tables, and APIs that are accessible by the general public and can detect the export or publication of reports that are publicly visible. We also highlight areas where personally identifiable information (PII) is exposed to help your team ensure that only authorized parties can access it. ServiceNow’s complex permission structure and overwhelming number of integrations can make it difficult to identify the gaps which are exposing your data. Obsidian details the exact causes of public data exposure—whether they’re the result of over privileged users or public APIs—and provides your team with the steps needed for corrective action.
Close Risky Integration Gaps
ServiceNow workflows can be integrated with virtually any API-enabled system, and enterprises typically connect tens, hundreds, or even thousands of third-party applications, custom in-house integrations, and data sources to their instances. This open-ended functionality is what makes ServiceNow such a powerful automation tool; at the same time, improperly configured integrations can put your sensitive data at serious risk. Obsidian helps your team identify vulnerable connections and monitor the flow of data to minimize this risk and improve your ServiceNow security posture.
Obsidian flags custom APIs which use weak authentication methods or don’t require authentication at all. By scanning through the source code of APIs communicating with ServiceNow, our platform highlights authorization gaps and makes your team aware of unintended side effects of API calls which may otherwise go unnoticed. Our understanding of activity within ServiceNow and across your SaaS environment provides insight into the flow of data into and out of your instance, so your team can confidently manage ServiceNow security without any guesswork or ambiguity.
Harden Your SaaS Posture
Reducing unnecessary privileges and tightening your controls are important proactive measures your team can take to improve your ServiceNow security posture, but identifying these vulnerabilities can be overwhelming and complex. Besides, permission or configuration changes can impact users in unexpected ways, and security teams might hesitate to take decisions that would impede critical business operations. Obsidian not only highlights opportunities to improve your ServiceNow posture, but provides context around affected users and integrations to help your team ascertain the exact impact of any decision beforehand.
Obsidian helps your team identify and close gaps in your ServiceNow security configurations to proactively minimize the risk of a breach—these include vulnerabilities like accounts with weak or nonexistent authentication protocols. When your team hardens controls, we monitor for configuration drift to ensure these don’t later change from your preferred settings without your knowledge. Obsidian navigates and simplifies ServiceNow’s complex privilege model to flag permission issues such as the over-provisioning of administrative roles or recurring scheduled tasks running for users who are no longer part of your organization.
