Guidance on Access Control List Misconfigurations Released by ServiceNow

Read about exposure of data to external resources due to ServiceNow ACL Misconfigurations and guidelines from ServiceNow to manage the risk.
IT Operations Management | Binmile

Cloud-based workflow automation platform ServiceNow has announced guidance for global customers concerning misconfigurations of access control lists (ACL). These guidelines were released after an AppOmni security report by AppOmni, a leading SaaS Security Management platform, discovered that about 70% of the tested instances had the issue. ServiceNow ACL misconfigurations are related to the exposure of external interfaces that malicious actors could utilize for extracting valuable data from records. Generally, this issue arises when end users do not employ recommended configuration and governance controls to their SaaS platforms.

What Happened Exactly?

In a statement, the SaaS platform described that the misconfigured ACLs of ServiceNow instances facilitated data breaches. The vulnerability permitted unauthorized users to tap data. This happened due to an amalgamation of misconfigured ACLs and excessive permissions to guest users. A ServiceNow spokesperson said, “ServiceNow regularly publishes security configuration and best practice guidance to help our customers. We recommend that customers continuously monitor their security settings and user permissions to ensure that their instances are configured as intended, with an emphasis on permission levels for external users.”

This sort of issue is likely to induce due to the complexity level of many major SaaS platforms. It has been seen that such a misconfiguration issue can happen during the initial implementation phase of a SaaS platform. Current configurations get messy when there is a change in settings, users, and SaaS updates. Here, SaaS security matters the most as SaaS platforms are complicated. Checking a few scenes or recommending strong authentication is not enough for users.

AppOmni CEO Brendan O’Connor says, “SaaS platforms have become business operating systems because they are so flexible and powerful. There are many valid reasons for workloads and applications running on a SaaS platform to communicate externally, such as to integrate with emails and text messages or host a support portal for your customers.”

“SaaS adoption skyrocketed during the pandemic, but unfortunately, investments in people, processes, and technology to secure and monitor SaaS has not kept up. In AppOmni’s experience, significant data exposures like this are far more common than customers realize,” O’Connor added.

Professional ServiceNow technical consultants can also help you solve the issue of ServiceNow ACL Misconfigurations.

ServiceNow ACL Misconfigurations and SaaS platforms

Users get permission to access resources on a SaaS platform through Role-Based Access Control (RBAC). The major challenge is ensuring the proper access level while customizing and updating SaaS apps by organizations. The same can happen while onboarding new users on the app. Surprisingly, ServiceNow external interfaces are exposed to the public, affecting data security. Brian Soby, CTO of AppOmni, says, “The high degree of flexibility in modern SaaS platforms has made misconfiguration one of the largest security risks businesses currently face. Our goal is to shed light on common misconfigurations and other potential risks in SaaS platforms so users can ensure their system posture and configuration matches their business intent.”

If you face any sort of ServiceNow instance vulnerability to misconfigurations and data breaches, you can get help from the ServiceNow support team.

Author
Binmile Technologies
May Sanders
Content Contributor

    Latest Post

    FinTech App Development Cost | Binmile
    Feb 23, 2024

    Budgeting for Success: FinTech App Development Cost Breakdown

    Emerging technologies such as generative AI, APIs, or blockchain in the FinTech industry have transformed how the industry operates or interacts with its customers. From online banking, digital wallets, and automated investment management, to cryptocurrency […]

    AI in Search Engine | Binmile
    Feb 21, 2024

    AI in Search Engines: How AI is Transforming Search Engine Technology

    With the advent of technologies such as Generative Artificial Intelligence, Hyperautomation, ML, or AI, the internet has seen a paradigm shift. The way we consume information or search for it is also constantly evolving. Forget […]

    AI in Healthcare | Binmile
    Feb 15, 2024

    AI in Healthcare Shows Great Promise, But Needs Regulation

    Discussion about implementing AI in Healthcare has been doing the rounds for quite some time. Experts believe that this particular technology has huge potential to transform the healthcare sector by leveraging plenty of medical data […]

    Our Presence Around the World

    • USA Flag
      Claymont, Delaware

      2803 Philadelphia Pike, Suite B 191, Claymont, DE 19703

    • UK Flag
      Borehamwood

      Unit 4, Imperial Place, Maxwell Road, Borehamwood, WD6 1JN

    • India Flag
      Delhi NCR

      EMIT Building, D-42, Sector 59, Noida, Uttar Pradesh 201301, India

    • Indonesia Flag
      Jakarta

      Equity Tower 26th Floor Unit H, JI. Jendral Sudirman Kav. 52-53, SCBD, Senayan, South Jakarta, 12190

    • India Flag
      Mumbai

      Plot No. D-5 Road No. 20, Marol MIDC, Andheri East, Mumbai, Maharashtra 400069

    • UAE Flag
      Dubai

      DSO-IFZA Properties, Dubai Silicon Oasis, Industrial Area, Dubai, United Arab Emirates 341041