Cloud Security
Overview
The nature of public cloud infrastructure creates additional risk, as well as new ways for security teams to efficiently manage that risk. ServiceNow Security Operations (SecOps) helps protect cloud environments by providing a centralized platform for managing vulnerability exposures, misconfigurations, security incidents, and threats. It integrates IT and security workflows, automates processes, and enhances visibility across hybrid and multi-cloud infrastructures.
This article focuses on top-level insights and best practices for Container Vulnerability Response, Cloud Configuration Compliance, and Security Posture Control.
FAQ
| Which SecOps products are most relevant to the topic of Cloud Security? |
Vulnerability Response, Container Vulnerability Response, Configuration Compliance, and Security Posture Control |
| Why is Cloud Security important? |
Public cloud environments offer increased flexibility with the cost of greater cyber risk. It is common for cloud environments to have unvalidated software/dependencies, insecure configurations, and their ephemeral nature makes them hard to track. There are also different ways to attack them, such as poisoning container registries and repositories. |
| What is different about managing vulnerabilities in the cloud? |
These assets are (often) short-lived, making typical remediation workflows ineffective in many cases. The assets are created by a base image, with optional layers of additional functionality. The first step is hardening base images, but this does not fully solve the problem, because the layers chosen for any given asset can add exposures unique to that deployment. |
| How should customers operationalize fixing exposures on short-lived assets? | After hardening the base images, prioritization is key to sorting through the noise on these ephemeral assets. Ideally, there will be a CI in the CMDB sharing this information, but this is harder to maintain with public cloud assets. So, identify patterns for business-critical areas (where possible) and drive action on those first. Consider parts of hostnames, image names, and app details within the scan results themselves, and look for matches to increase criticality/impact. |
| What role does a CMDB have in ensuring cloud security? | While not required, populating the CMDB with ServiceNow Cloud Discovery, and integrated third-party cloud providers, increases the accuracy of automatic assignment and prioritization. In combination with the pattern-based approach above, customers can maximize the effectiveness of remediation efforts. |
| Which steps do we recommend to better track exposures across ephemeral cloud resources? |
When container images or Virtual Machines are replaced, we recommend consistent tagging practices to help maintain exposure relationships across versions. This is helpful because base images cannot be changed, and thus many of them are created and need to be tracked together. Also, defining the area of operation of the asset, such as application container image or platform/OS VM image (separation between business applications and technical services), will help in assigning the ownership of the vulnerabilities/misconfigurations to the right teams (through a CSDM model). |
Getting Started Guide
The attached Getting Started Guide provides additional technical guidance on managing cloud security exposures using ServiceNow.
Resources
|
Base Knowledge
|
|
Implementation Resources
|
|
Webinars & Training
|
|
Additional Resources
|
