First things first

The Security Top Tips blog series provides practical security advice and describes the tools available in the Now Platform® to help you keep your data safe.

ServiceNow provides a powerful, scalable platform that you can use to store and process almost any type and amount of data, for any number of purposes. But with that enormous potential comes a responsibility to ensure the data remains safe at all times.

As you’d expect, the service has been designed from the ground up to be secure by default, but the story doesn’t—and shouldn’t—end there. Although we do our utmost to provide best-in-class security for our environments, customers also have a crucial role to play in ensuring the data they store is protected from unauthorized access. It may seem like trying to find your way through a maze, but we’re here to help guide you.

The first step is understanding that ServiceNow (as data processor) and the customer (as data controller) have distinct roles, which combine to provide complete security coverage. This is known as a Shared Responsibility model – but what does this actually mean?

Stronger together

An easy way to understand this is with a simple analogy: we provide a box and secure it (hosting), and you, as our customer, decide what is put in the box and who can access it (storing). The diagram below shows each of our responsibilities, and how we must work together to ensure a stronger, more effective security posture.

In the next post…

Now that we have covered the basics of shared responsibility, in the next post we will take a look at the fundamentals of password security: what is the latest advice on choosing passwords? What do users need to know about keeping passwords secure? What controls are available to assist you? And more!