ServiceNow's Stock Faces Downward Pressure Amid Data Security Concerns

Mover TrackerWednesday, Sep 25, 2024 6:30 pm ET

1min read

Recently, ServiceNow has faced significant challenges regarding data security. Over 1,000 instances of enterprise knowledge bases hosted by ServiceNow were found to have exposed sensitive corporate information to external users and potential threats. The exposed data includes personal identity information, internal system details, user credentials, and access tokens for live production systems.

Despite implementing updates in 2023 aimed at improving access control lists (ACL), the issue persists. The problem lies primarily in misconfigurations and the use of standard user permissions instead of ACLs. This situation has raised concerns about the effectiveness of these updates and the broader understanding among organizations of how to properly configure access controls.

Security research by AppOmni highlighted that nearly 45% of ServiceNow's total instances had similar data exposure issues due to outdated configurations. These vulnerabilities suggest a systemic misunderstanding or improper replication of access controls across instances. Organizations with multiple ServiceNow instances often misconfigure access controls consistently.

ServiceNow's knowledge base functionality, designed to store sensitive internal data, should not be accessible to external parties. Yet, without the proper ACL implementation, such data remains vulnerable. AppOmni's research emphasizes the necessity of accurate configurations to prevent unauthorized access to sensitive information.

To address these issues, ServiceNow collaborated with clients to evaluate and appropriately configure knowledge base access. While improvements have been made, organizations continue to struggle with securing knowledge bases. The report stresses the importance of regularly diagnosing access controls and updating security settings to prevent breaches.

AppOmni's findings underline the shared responsibility between SaaS providers like ServiceNow and their clients to ensure data security. Organizations must take proactive measures, including understanding security attributes and maintaining up-to-date security efforts in coordination with providers like ServiceNow.

Disclaimer: the above is a summary showing certain market information. AInvest is not responsible for any data errors, omissions or other information that may be displayed incorrectly as the data is derived from a third party source. Communications displaying market prices, data and other information available in this post are meant for informational purposes only and are not intended as an offer or solicitation for the purchase or sale of any security. Please do your own research when investing. All investments involve risk and the past performance of a security, or financial product does not guarantee future results or returns. Keep in mind that while diversification may help spread risk, it does not assure a profit, or protect against loss in a down market.