SaaS is fast becoming the new enterprise operating system. Given the pervasiveness of SaaS app usage and the high degree of customizability within each SaaS app, there are bound to be customer-side SaaS app misconfigurations. These misconfigurations can include over-permissioned end-user roles and data exposed to the public internet.
In this regard, a recent article titled “Data Exposure and ServiceNow: The Elephant in the ITSM Room” discusses the risk of misconfigured ACLs that may lead to open or anonymous access to data in a ServiceNow instance. The article points out how data exfiltration can occur due to potential misconfigurations performed by customers in their ServiceNow deployments. There are no zero-day risks in the potential misconfigurations mentioned in the article.
While this research was published independently, many organizations have made inquiries to AppOmni on other detection and mitigation measures they can take to ensure their deployments are secured.
ServiceNow has issued the following guidance to their customers:
“ServiceNow works with customers on the ongoing safety of their security configurations, including Access Control Lists (ACLs), to ensure…
