ServiceNow Zero Trust Access The business challenge In today's rapidly evolving digital landscape, organizations face increas ing cybersecurity threats due to complex IT environments, growing numbers of user identities, and sophisticated attack strategies. Traditional security models relying on perimeter defenses are no longer sufficient to protect sensitive data and systems. Key challenges include: • The shift from VPNs to more modern security f rameworks • Hybrid cloud integration complexities • The rise of remote work and insider threats • Compliance with stringent privacy and security regulations • An ever-evolving cyberthreat landscape To address these challenges, organizations need a modern, holistic security approach, such as Zero Trust. Zero Trust operates on the principle of "never trust, always verify," meaning access is granted based on user identity, device security posture, and the context of the request, rather than simply network location. The ServiceNow solution ServiceNow Zero Trust Access (ZTA) empowers organizations to enforce least- privilege access control in their ServiceNow instances, to continuously verify trust, and perform ongoing security inspections—ensuring that users, devices, applications, and data remain protected no matter where they are. Built on the National Institute of Standards and Technology (NIST) SP 800-207 Zero Trust reference architecture, ServiceNow ZTA provides four key capabilit ies to strengthen your security posture: 1. Dynamic Policy-Based Session Access Automatically adjust user privileges in real time based on risk factors such as network, location, authentication method, and identity provider attr ibutes. This approach: • Reduces the risk of data breaches • Enhances compliance with security regulations • Improves the user experience by streamlining secure access 2. Continuous Authentication Enhance security by enforcing step-up authentication or re-authentication based on the sensitivity of accessed data and ongoing user activities. Controlled access reduces the attack surface by enforcing fine-grained contextual access policies an d ensures “least- privilege” access Improved security posture through trusted identity verification of users an d devices access privileges Protect against insider threats and mitigate risks by consistently verifying the identity and access privileges of all users, regardless of location or affiliation Increase compliance levels for regulatory mandates by ensuring secure access and da ta protection. Protect against hijacked sessions by enforcing step-up authentication as a prerequisite to accessing sensitive information Continuous Authenticat ion 3. Geolocation-Based Access Control Use a user ’s location as a cr iter ion for d ynam ic access polic ies , restr icting or gran ting access based on geograph ic r isk fa ctors. 4. Identity Provider Attribute-Based Filtering Leverage attributes f rom identity providers—su ch as r isk scores—to dynam icall y determ ine access levels, integrating seamless ly with exis ting security metr ics . Use Cases: Securing Remote Work & Hybrid Access With rem ote an d h yb rid work mod el s becoming the n orm , organi zations requi re a secure way to gra nt access to emp loyees wi thou t expos in g enti re networks . Un li ke VPNs, which prov ide broad access, ServiceNow ZTA en su res users can only access speci fic app lica tions relevan t to their role, location, and device secur ity posture. Th is ap proa ch: • Prevents over-prov is ioning of pr i vi leges • Red uces secu r ity r isks by enforcin g dynam ic, role - based policies • Enables better corporate in fra stru cture control throu gh a daptive au thentication m ea su res • Allows employees to access non-sens iti ve compa ny in form ation f rom personal devices wh ile removing access to sens iti ve informa tion Third-Party Cont ractor & Partn er Access Organi zations f requentl y n eed to grant access to con tractors , partners , and customers who m ay use personal or u nsa nction ed devices. With ServiceNow ZTA, system adminis trators can def ine granula r p ol ic ies th at allow th ird parties to access on ly the appl ications they n eed, based on contextua l attr ibutes like device type, user group, a nd location. Additiona lly , Serv iceNow ZTA: • Integrates with th ird-party identi ty providers (IdPs) • Supports multi -factor auth en tication (MFA) • Prov ides s ingle s ign-on (SSO) for a seamless and secu re u ser exper ience Why ServiceNow Zero Trust Access? Serv iceNow ZTA delivers a proactive and comprehensive security framework designed to safeguard critical assets, reduce the attack surface, and mitigate risks in an increasingly interconnected world. By adopting Zero Trust principles, organizations can: • Strengthen cybersecurity defenses • Maintain secur ity across the authentication landscape while adapting to user exper ience needs • Protect sensitive data with dynamic access controls • Ensure secure and seamless access for employees, partners, and customers For more information, vis it: ServiceNow Zero Trust Access. © 2025 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, Now Platform, an d other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other compan y names, product names, and logos may be trademarks of the respective companies with which they are associated. servicenow.com Adaptive Authentication Policy-based Session Access