Build your inventory
The previous post discussed software patching and updates, and why they are so important for security. Now, we will examine some additional tools ServiceNow has made available to help manage your instance security. Using these you can ensure you're working from a good security foundation and can assess and understand your instance's overall security posture.
The Instance Security Center (ISC) is like a dashboard, giving a near real-time view of the overall instance security level, security events and security-related configuration.
High Security Settings can be activated to set many baseline security properties and also exposes additional security controls such as a Security Administrator Role and Default Deny table access controls. The HSP is installed by default on all new instances but may need activating on those that are older and have been upgraded over time.
The Instance Hardening Guide is a very useful resource. This gives detailed, reference level information on around 200 security-related properties and their effects. The information can be used for detailed review and configuration of any security settings.
Finally, our Security Best Practice Guide is an essential handbook for anyone involved with securing a ServiceNow instance. It covers the main areas you need to know about, including associated technologies like Management, Instrumentation and Discovery (MID) servers, authentication and email. The BPG will arm you with overviews, recommendations and links to relevant documentation. Don’t leave home without it!
Essentials for your journey…
- Use the Instance Security Center (ISC) regularly so you can monitor overall instance security posture, keep track of security events and identify configuration gaps. Make a plan to investigate and resolve any potential weaknesses.
- Understand High Security Settings and how they affect baseline security on tables, the security admin role and other security features. Use the facilities to raise your security level. You can make a request for Customer Support to activate High Security Settings if needed.
- Be aware of the Instance Hardening Guide, what it contains and how you can use it. Review particular sections that apply to your situation. If you’re involved in securing a ServiceNow instance, this will help you manage configuration and implement security settings.
- Review the Security Best Practice Guide This is designed to be a handy reference and covers a most relevant security topics at high level and can help you understand whether you have all the main points covered and how certain things should be set up. It's also a quick reference for other more detailed documentation and resources
Equip yourself
There can be a lot to think about when it comes to security. It's important that you can understand and prioritize what needs to be done. ServiceNow takes the protection of your data security seriously, and this is why we provide essential tools and guidance to help you. Please ensure that you digest the information provided and put it into practice to ensure the security of your instance
In the next post…
We’ve covered a lot of ground so far, and built your security foundations. In the next post we’ll round up the series so far.
