Part 1 - Building Secure Solutions from the Start

Security isn’t something you bolt on at the end, it needs to be baked into the solution from the beginning. As Solution Architects, we’re responsible for designing solutions that are not only functional and scalable but also secure. That means every solution plan should include a dedicated section for security considerations.

This section isn’t about Security Operations or IT security workflow applications, it’s about the platform’s security capabilities that will be implemented as part of the solution. These include things like authentication methods, encryption, access controls, and integration with identity management platforms. It’s important to distinguish between platform-level security and security products.

Security should follow the guidance outlined in the ServiceNow Instance Security Best Practices white paper. That includes aligning with the Shared Responsibility Model, which clarifies what ServiceNow secures and what the customer is responsible for. As Solution Architects, we act as trusted advisors, helping clients understand how ServiceNow’s security offerings fit into their broader security strategy and providing technical details, as well as documentation on ServiceNow’s security and regulatory compliance.

Security is a technical topic, so it’s best discussed with technical architects, security leads, and client-side security teams. The solution must integrate well with the customer’s existing security technologies—whether that’s Okta, CyberArk, or another platform.

Security is a core part of solutioning. It should be addressed early, documented clearly, and aligned with both ServiceNow best practices and the client’s security ecosystem.

Continue reading in Part 2: A Layered Approach to Security in ServiceNow Solutions.