As I've written about before, we take security exceptionally seriously at ServiceNow. We know that your company trusts us to both secure your data on our platform and to operate our cloud in a secure manner. Given the multi-faceted nature of building secure applications and infrastructure, we believe that a shared responsibility and partnership between ServiceNow and our customers is essential to maintaining our security profile.

This partnership has led us to publish several security-related KB articles and notices that we have proactively sent to our customers. We then observed the amount of activity that this information generated and the results were not what we expected. We expected that our customers would be reading this information and promptly securing their instances against known issues. But, this was not happening at a satisfactory rate. Looking into the reasons for this behavior, we found that the ServiceNow Admin was receiving the information but unclear as to the right course of action for their company. The right person to receive this information is your Information Security office - and that was often not the same team or department as the ServiceNow Admin.

The Dawn of the Security Contact

This brings us to the dawn of a new multi-user field in each company account called the Security Contact. This is an important new contact that we would urge each of you to add to your company account today (may require your ServiceNow Admin to grant you permission). You can learn how to add this security contact in this KB: ServiceNow KB: Security Contacts in HI (KB0621516).

The security contact field gives the ServiceNow Security Office (SSO) a way to directly communicate with your security personnel on security-related issues. Our SSO wants to communicate with their security counterparts in your organization and be able to disclose any potential security issues with proper urgency and priority. Setting up a security contact is a critically important piece of the shared responsibility and partnership that we want to have with every customer to help secure their instance.

We describe the ideal security contact in detail ServiceNow KB: Security Contacts in HI (KB0621516). If you are a ServiceNow Admin, please read this KB and seek out the person(s) in your company and add them to your company account.

New in Jakarta - The Instance Security Dashboard

While I have your attention on the topic of security, we cannot wait to show you the new Instance Security Dashboard coming in our Jakarta release (planned general availability is Q2 2017)! This dashboard will guide you through securing your instance across many critical areas, such as authentication, input validation, access controls and much more. Here is a screenshot from a demo instance running Jakarta to give you an idea of the dashboard you will see:

I look forward to seeing you at Knowledge17 in Orlando, FL in May!