ServiceNow has always been committed to providing a highly secure strategic platform for streamlining business workflows. The Vancouver release solidifies this commitment to security with two key enhancements to the platform. The introduction of ServiceNow Zero Trust Access allows customers to build a zero-trust framework adhering to the highest levels of compliance required. Additionally, the expanded third-party risk management prepares customers to tackle modern threats related to automation and workflows with third-party businesses.
ITCE is here to guide you through these new security features and help you build a robust security foundation for your business.
Zero Trust Access – Elevate your security standards!
The Zero Trust Architecture (ZTA) framework offers best practices for companies to run smoothly with reduced risk and minimal friction. The ZTA model assumes no device or user is trusted by default. This implies that after the user’s identity has been confirmed and the request’s risk has been evaluated, access to all apps and data is only allowed on a least privilege basis.
If you follow the zero trust access model the Platform now offers you many additional options to restrict access to data. These options include:
Zero Trust – Location-Based Access and Adaptive Authentication
The ServiceNow platform currently provides the same level of access to users regardless of their network location or the device they use to access the platform. Zero trust location-based access provides an adaptive authorization model that dynamically reduces user privileges based on login context and environmental attributes.
This feature allows the use of geolocation to enforce various security controls using adaptive authentication policies. It considers factors like IP address, role, trusted device, and authentication methods. Access can be allowed, enforced with multi-factor authentication (MFA), or dynamically reduced based on user privileges.
Zero Trust – Policy-Based Session Access
Organizations can dynamically reduce user privilege in a web session using ServiceNow Zero Trust – Policy Based Session Access based on a range of factors, such as IP address, location, authentication method, role, group, and shared attributes from the Identity Provider (IDP). Even when high
–privileged accounts access apps from untrusted devices or places, this can help shield organizations against unauthorized access and data breaches. Using adaptive authentication policies gives security administrators the ability to restrict or limit user access in a session depending on IP, Location, Identity provider attributes, and user attributes.
Some use cases of Zero Trust access include limiting rights according to the session’s level of danger. For example, a user with the fulfiller role who logs in from a network that is not trusted can be set up only to have the requester role for the session. Or, if a user is using an untrusted device, limit access for that user session based on the IDP response.
Third-Party Risk Management
With our remote and international work styles, there is an increased risk associated with doing business with third parties. ServiceNow’s Third-party Risk Management (TPRM) transforms the traditional, tedious process by establishing meaningful links between third-party risk and business outcomes, enhancing overall risk management, and strengthening supplier resilience.
ServiceNow TPRM provides automated risk questionnaires, due diligence workflows, and secure, centralized information sources for immediate customer access. It helps establish a standardized, replicable, and auditable enterprise-wide strategy to manage third-party risk comprehensively. Beyond contract and relationship document management, ServiceNow TPRM streamlines communication, automates workflows, centralizes data, and enables insightful reporting for a consolidated, real-time view of the organization’s risk posture.
Continuous monitoring by ServiceNow TPRM ensures ongoing supervision of third parties between evaluations, keeping clients informed about any developments affecting their third-party portfolio. This proactive approach enhances visibility, enabling clients to assess the status of assessments, issues, and tasks within their third-party ecosystem. Additionally, it empowers clients to make better-informed decisions by identifying emerging risks through assessments and continuous monitoring, ultimately boosting efficiencies through improved collaboration and streamlined workflows across third parties.
Other platform security updates
The Access Analyzer makes it easy to diagnose why a user, group or role can or cannot access a resource. It can also allow you to drill into a specific operation to understand the access details. Moreover, you can now run reports in real-time to see how particular user Access Control Lists (ACLs) will be computed on every data point within the ServiceNow platform thanks to the Access Analyzer plugin. The Access Analyzer has a user-friendly interface for analyzing roles and user access and it does not require elevation to a security admin role or user impersonation.
Data Discovery allows you to discover sensitive data within the platform and take action on it. The Vancouver release provides four out-of-the-box data patterns – credit card number, Social Security number, phone number, email ID, and the ability to create and test your custom data pattern to help you discover sensitive data. These data patterns can now be scanned in up to ten thousand records simultaneously.
Leveraging ServiceNow’s Latest Capabilities
With the Vancouver release, ServiceNow’s security-enhancing capabilities have advanced significantly. While we’ve focused on the key features in this blog, there are additional noteworthy improvements to explore. For more details on the latest capabilities, feel free to reach out to us at email@example.com. We are excited to collaborate with you to put these developments into practice.