How can hackers best target and breach ServiceNow software? The answer often involves customers and service providers incorrectly configuring popular IT service management (ITSM) software.
In fact, 70 percent of ServiceNow customer instances suffer from Access Control List (ACL) incorrect configurations, according to targeted testing from AppOmni. Those incorrect configurations, in turn, could allow eye-popping viewers to potentially extract Personal Identifiable Information (PII) from ServiceNow instances, the research found.
Incorrect configurations are especially dangerous for midmarket MSPs-many of which now offer ServiceNow capabilities to their end-customers. Also, some MSSPs are increasingly integrating their security software into ServiceNow dashboards to automate incident response. In theory, incorrect ServiceNow configurations between shared ITSM systems could trigger supply chain software attacks that spread upstream or downstream between MSPs/MSSPs and end-customers.
Valid Service Now ACL Configuration Settings: ServiceNow responded quickly to the AppOmni report. MSSPs and MSPs seeking guidance should refer to the software company’s ServiceNow Shared Security Model and Access Control Information.
Customers Software Misconfiguration: Cloud Services Increases Security Problem
Essentially, customer error is a major security issue that goes beyond the customer and partner ecosystem of ServiceNow.
In fact, 90 percent of organizations are susceptible to security breaches due to incorrect cloud configurations, according to the “2021 Cloud Security Report: Cloud Configuration Risks Exposed” from application lifecycle security company Aqua Security.
As a result, end-customers are pursuing MSSP and MSP partnerships to address areas such as cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM).
In fact, annual spending on CSPM will reach $ 9 billion by 2026, up from $ 4 billion in 2020, according to Markets and Markets. That’s a 14.4 percent compound annual growth rate.
MSSPs have adopted Cloud Security Posture Management
On a related note, 41 percent of our Top 250 MSSP survey participants already offer CSPM to their end customers, MSSP Alert research found in September 2021.