Data breaches seem to be more frequent than ever. The Equifax hack is a great example of how difficult it is to secure data at a large enterprise and how costly it can be when it happens.
As I understand, the Equifax hack was due to a vulnerability in their Apache Struts web-application software, a widely used enterprise platform. Apache had a patch for it, but they didn't get around to installing the patch.
Non-tech people don't always understand how many of these patches are and you are constantly trying to patch a leaky boat. Some places I have worked at have millions of patches go out every weekend. If you have ever read the Phoenix Project, you'll see the some of the fight between security and progress.
I don't know how many holes where in the Equifax boat, but cloud companies like ServiceNow do know how important the game is. They must be patched to address customer data and respond accordingly. ServiceNow keeps their infrastructure secure and only lets you get a few upgrades and patches behind on your individual ServiceNow instances software.
The real truth is that ServiceNow is as secure as you make it
It makes you wonder, how secure is your company's ServiceNow instance? How can I best protect my ServiceNow instances?
What YOU CAN DO RIGHT NOW
Visit the Security Center
Before you even finish reading this article, you should check out the new Security Center that ServiceNow provides.
The Security Center is kind of intimidating at first view, especially if your instances have a low percentage! However, with a few updates you can increase that percentage dramatically.
The Security Center provides a list of recommended and optional fixes to increase the security of your instance. They also include a Hardening Guide that explains the fixes in detail. Stepping though the fixes is pretty straightforward (to me anyway). Some of the fixes restrict functionality in ServiceNow, so you likely won't want to implement all of them. However you can get to 90% with some common sense fixes.
Please note the Security Center rescans every Saturday night, and your percentage doesn't update in real-time on the HI portal.
There is also an app you can install on your instance to do the same checks the Security Center provides. I have found the security center to be enough and didn't need the application myself, but I could see how people might like the app. The application can also be found in the Security Center.
Upgrade and Patch
ServiceNow only lets you get behind by two upgrades and certain number of patches. That might change as security becomes more of a concern. Some patches do contain critical security fixes and should be applied when released.
It is also important to upgrade to maximize your ServiceNow investment as well.
Some companies offer a health check of your instance for a nominal fee. These can really identify flaws with your instance, including security faults. I think it is good idea to do a complete review of your instances to fix these issues. Often we are stuck looking at the day-to-day operations, and forget to notice the overall issues that can affect an instance.
ServiceNow also offers Security Operations. It can help keep track of vulnerabilities and patches which I found to be very helpful in this era of security.
ServiceNow® Security Operations is an Enterprise Security Response engine offering security incident response, vulnerability response, and threat intelligence. It’s built on the intelligent workflows, automation, orchestration, and deep connection with IT of the ServiceNow platform.
I wrote an article on the Istanbul version of Security Operations, and it improves with each new release of ServiceNow. I think it is something most organizations should check out.