Escolar Documentos
Profissional Documentos
Cultura Documentos
WP
INFO@SERVICE-NOW.COM
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER
Table of Contents
Confidence Delivered 3
Physical Security 3
Communications & Network Security 3
Data Security & Preservation 3
Application Security 3
Data & Code Isolation 3
Audit & Compliance 3
Physical Security 4
SSL/TLS 4
Firewalls 4
VPN 5
Secure Integrations 5
LDAP 5
Data Security 6
Authentication 7
Access Control 8
Role-based Security 8
Contextual Security 8
Audit 8
Data & Code Isolation 8
Privacy 9
SAS 70 10
Regulations and Governance 10
i
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER
Confidence Delivered
We understand successful partnerships are built on confidence. Your confidence in our ability to provide a secure service
delivery platform is paramount. As an On Demand or Software as a Service (SaaS) solution provider, we recognize data
security and system integrity are first and foremost on our customer’s list of requirements.
Service-now.com is drastically different than legacy IT service management and On Demand software providers. IT serv-
ice management is not only something we deliver, it is our business. We live, breathe and practice ITIL in everything we
do – from the way we design our software to the way we manage your Service-now.com instance. We combine our
years of IT service management experience with world-class infrastructure technology and security to ensure you are pro-
tected. We deliver confidence in six key areas.
Physical Security
We offer the widest range of redundant physical security features available including fire alert and gaseous fire suppres-
sion, video camera surveillance, secured and escorted access with on-premise law enforcement, and ‘always-on’ power
systems.
Application Security
Service-now.com delivers acute application security functions focused on user authentication, access control and auditing.
Service-now.com is a user-based system governed by encrypted password protection, role-based security and contextual
security. Each interaction with the system is logged for auditing purposes.
1
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER
Physical Security
Our production hosting facilities offer multi-layered physical security features designed to thwart internal and external
threats, protect from natural and man-made disasters, and ensure our customer instances operate as expected.
SSL/TLS
We use 256 bit SSL encryption extensively throughout our system to ensure authorized communications. Access to
Service-now.com requires a combination of a valid username and password which is SSL encrypted during the transmis-
sion. We also encrypt LDAP communications using LDAPS or SLDAP forms of SSL.
Service-now.com inbound and outbound email support is one of the many unique features delivered in our solution. Our
customers use this functionality to log and update incidents, kickoff and approve change requests, assign work tasks and
deliver secured surveys. We encrypt communications between our mail server and a customer’s remote mail server
through Transport Layer Security (TLS).
Firewalls
Service-now.com detection and response services recognize and stop attempted intrusions, prevent further intrusions
from occurring, and provide real-time alerts to our security operations center. To protect our customer instances from ma-
licious network traffic we utilize firewall clusters located in front of the network and communicate with the backend data-
base via the application. Authorized Service-now.com personnel manage the firewalls and review debugging and packet
level information on a daily basis. In addition to hands-on monitoring, DDOS/IDS alerts are triggered and immediately
sent to Service-now.com for analysis and remediation.
2
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER
VPN
Service-now.com offers multiple secure communication vehicles including HTTPS protocols and VPN tunnels. Based on
customer preference, Service-now.com can provide AES (128/256), 3DES, MD5 or SHA-1 VPN tunnel options. VPN tun-
nels provide secure communications with systems located on the customer’s site including directory services, email, SMS,
CTI, monitoring, discovery, and ERP. It can also be configured so that all user traffic traverses the VPN.
Secure Integrations
Using HTTPS protocols and VPN tunnels, Service-now.com integrates with virtually any 3rd party application or data
source - whether the source is another On Demand system or located at the customer’s premise. A variety of techniques
are used to achieve 3rd party integration, most notably Web Services, JDBC, JMS and email. These are industry standard
technologies that also use SOAP and WSDL. All of our tables are exposed as a web-services document.
LDAP
Service-now.com uses directory services to help construct our user and organizational structures such as user, cost cen-
ter, department, location, etc. By using existing directory services, we help to ensure consistency across your systems.
Executing a secure LDAP integration is one of the first activities performed in the Sevice-now.com release management
process. This includes secure connections to Microsoft Active Directory, Novell, Domino Lotus Notes, and OpenLDAP. As
part of this process, we connect to LDAP from a single machine using a fixed IP address through a specific port on your
firewall and authenticate with a read-only LDAP account of your choice. Optional SSL encryption of LDAP traffic can be
added using LDAPS or SLDAP protocols. For those customers that require enhanced security layers, we offer IPSEC
tunneling options.
3
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER
Using credentials provided by our customers, a LDAP BIND is executed allowing the retrieval of user distinguished name
(DN) from the LDAP server. We do no store or capture LDAP passwords as they live entirely in the users HTTPS session.
We use the ADNotify facility and a daily LDAP Browse to capture and store organization unit (OU) data within our system
tables. Because OU data provides key objects referenced within our system, we do not delete any stored data when data
disappears from LDAP. In the event our customers require the removal of OU data from Service-now.com, entries and all
associations can be removed from our system by deleting the stored entry.
Data Security
We rely on redundant systems and procedures to ensure customer data is protected and available. Customer data is
backed up to geographically separated servers, system access uses encrypted passwords, and health and security are
proactively monitored. Our formal Disaster Recovery and Business Continuity plans are defined and tested.
For large deployments, we offer data replication technology that creates and maintains a second database in near real-
time (less than a second latency). The replication technology also establishes a hot standby server that can switch to
primary in a matter of minutes in the event of a physical disaster.
Disaster Recovery
We make every effort to meet our availability SLA of 99.97%. In the unlikely event that our production center should be-
come unavailable or our development staff determines it is not recoverable we enact our Disaster Recovery process.
While our Vice President of Operations is responsible for the Disaster Recovery program, Service-now.com senior cus-
tomer support technicians or development staff contain authority to declare a disaster. The manager of customer support
is responsible for executing the Disaster Recovery plan. Enactment of our Disaster Recovery plan involves notification to
development staff for problem resolution purposes as well as our CEO and all members of executive staff. We practice
our Disaster Recovery process once a quarter on non-production systems. All participators in our Disaster Recovery plan
are Service-now.com staff. We do not use 3rd party vendors or off-shore suppliers in the disaster recovery process.
Once a disaster is declared, customer URLs are redirected to our disaster recovery facility where we launch the DR
server using customer data captured during the previous backup. Affected customers are immediately notified and kept
informed of the exact status of the DR process via email and phone support. Upon restoration of the production server,
the customer is moved back to their production server while we make every attempt to recover lost data.
Business Continuity
Service-now.com has a formal BCP plan which enables us to conduct business operations from any remote location in the
event that our corporate headquarters are unusable for some reason. It is important to note that all customer systems and
data reside at a separate facility from our corporate headquarters. While our business is operationally run from our head-
quarters in Solana Beach, California, all customer systems and data are run and stored at a one of several data centers
located globally. In the event of an operational problem at one of our datacenters, we would enact our Disaster Recovery
4
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER
plan. In the event of some natural or other disaster affecting our headquarters, we would enact our Business Continuity
Plan (BCP).
As an On Demand company, we are able to work in a very mobile, virtual environment. In the event of needing to enact
our BCP, communication would be sent to all personnel instructing them to source a remote work location (typically their
home). All telephonic communications would be redirected to secondary numbers (home offices or mobile phones) busi-
ness would be conducted remotely. We don’t run any critical business systems or services at our office so all systems can
be accessed remotely (we run virtually our entire business on our own internal instance of Service-now.com).
During the Southern California wildfires of October 2007 many employees were evacuated from their homes and the of-
fice was completely inaccessible to all but a few employees due to traffic and travel restrictions. For a three day period the
company operated without problem from any number of hotel rooms, home offices and other remote locations.
System Integrity
Our Vice President of Operations serves as our Chief Security Officer and as such bears full responsibility for the policies
and procedures governing our customer systems as well as our stewardship of all customer data. This role reports directly
to the CEO.
Service-now.com development and support work is conducted in Solana Beach, California. The vast majority of the devel-
opment work is done by Service-now.com employees although we do employee contractors for very specific work from
time to time. Customer support is conducted by Service-now.com employees with no contractors or third parties utilized.
A limited number of Service-now.com employees maintain highly controlled access to customer instances for the purpose
of trouble-shooting, customization and general customer support. Our employees access customer systems via a single
Logon ID and Password. Additionally, customer systems automatically maintain an auditable log of developer or support
access which tracks all changes made to the system. Service-now.com employees are background checked and drug
screened. 3rd party or subcontractors do not have access to any customer systems.
Monitoring
Service-now.com utilizes our own, internally developed monitoring technology to monitor all of our customer systems. This
monitoring technology monitors CPU utilization, response time, and memory utilization. Additionally, we utilize the
datacenter-provided system to monitor for spoofing, hijacking, and replay.
Performance and security monitoring alerts are sent to Service-now.com for analysis and potential remediation. As alerts
and events are generated, they are reviewed by our support and development staff. Formal monitoring takes place on a
daily basis.
Application Security
We deliver acute application security functions focused on user authentication, access control and auditing.
Service-now.com is a user-based system governed by encrypted password protection, role-based security and contextual
security. Each interaction with the system is logged for auditing purposes.
Authentication
Service-now.com is a fully password protected, encrypted system. Our belief is that our authentication policies should be
configurable and able to meet your corporate security guidelines. We leave it up to our customers to define password
length, character types, and change frequency. Users access Service-now.com only with a valid username and password
Service-now.com White Paper
5
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER
combination which is SSL-encrypted while in transmission. An encrypted session ID cookie is used to uniquely identify
each user. Passwords are encrypted using the Secure Hash Standard (SHS) described in FIPS PUB 180-1. SHS is a
one-way encryption algorithm, which means that once encrypted, the clear text password is no longer available. For more
information on FIPS, please visit here.
Access Control
Service-now.com is widely adopted within our customer base for all facets of IT service Management. Additionally, many
of our customers have extended Service-now.com to support HR, Facilities, and Finance business processes. This wide
adoption of our solution set within our customer environments means that many different people with many different roles
are using the system. Service-now.com provides extensive role-based security and contextual security to ensure users
are presented the tools and information they need to do their job while setting limits to what they can and cannot do within
the system.
Role-based Security
Service-now.com is a user-based system governed by role-based security. User authentication is coupled with granular
role-based security to control functionality and views available to users.
Although we have defined a number of pre-configured roles within Service-now.com, our customers have many personnel
types and roles that are unique to their operations. We provide extensive facilities to allow our customers to create an
unlimited number of unique, secured roles.
Contextual Security
In addition to password authentication and role-based security, Service-now.com delivers a deeper level of system access
control - contextual security. Our contextual security manager uses a number of parameters to secure records based on
contents and apply security rules to any level in our object hierarchy.
Audit
Each customer instance of Service-now.com automatically maintains an auditable log of all interactions with the system,
including login attempts. Service-now.com operations team reviews log files for invalid login attempts and file permission
changes on a daily basis. Our customers also have access to these same log files for auditing purposes.
Traditional enterprise On Demand multi-tenant architectures were designed to reduce vendor management and mainte-
nance costs. In theory, multi-tenancy would help the vendor’s business scale. But at what cost to the customer? Virtuali-
zation, cheaper hardware costs, Open Source, and new platform technologies have allowed for a shift in the way On De-
mand software is delivered.
At Service-now.com, we provide our customers with their own set of applications and databases as part of our single-
tenant platform strategy. Each Service-now.com instance runs under a separate Java Virtual Machine accessing a sepa-
rate relational database.
6
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER
‣ Greater scalability
At the instance level, Service-now.com is architected to support multi-tenant deployments allowing customer data, work-
flow, customizations, views and roles to be segregated. Our approach is ideal for our Managed Service Provider partners
– providing ultimate flexibility in fulfilling customer requirements.
Additionally, we provide our customers and service provider partners the choice to deploy Service-now.com on premise.
The same On Demand architectural philosophies are implemented in on premise deployments – auto-upgrades, pre-
served customizations, secure connections, application security, and multi-tenancy.
For additional information on our system and its general architecture, please see our Wiki at:
Privacy
Privacy on the Service-now.com website is of great importance to us. Because we gather important information from our
visitors and customers, we have established this privacy statement as a means to communicate our information gathering
and dissemination practices. We reserve the right to change this privacy statement, and we will provide notification of any
change at least thirty (30) business days prior to the change taking effect.
‣ Through the course of doing business with you or your organization, from time to time we may ask for personal in-
formation in an effort to better serve your needs.
‣ We will only collect information that you voluntarily submit to us, such as names, phone numbers and email ad-
dresses.
‣ We will only use your volunteered personal information to more proactively respond to your requests for information
regarding our services.
Service-now.com pledges to guard and protect your personal information as you would, with the respect and security we
hope you would have for us. We will never, under any circumstances, sell or share your personal information to a third
party, and any data we collect will only be used to facilitate a more responsive relationship between our two organizations
As a California-based corporation, Service-now.com is required to be compliant with California Law 1386 which stipulates
that we are required to report any breach or potential breach of customer information. Additionally, this is standard corpo-
rate policy.
7
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER
SAS 70
Statement on Auditing Standards No. 70 (commonly referred to as SAS 70) is an auditing standard and publication used
to evaluate the design and effective operation of provider internal controls. Service-now.com recognizes SAS 70 as an
industry standard. We offer customers the ability to operate their Service-now.com instance in our SAS 70 Type II certi-
fied data centers.
These applications may support the audit process itself in one of three manners:
Configuration Management - a Configuration Management Database (CMDB) can identify the financial Business Serv-
ices and their components that either control or manage financial data
Change Management - document and verify approvals for, and, any changes made, to a financial Business Service veri-
fying access and data integrity
Release Management - document and verify approvals for, and, any changes made, to commercial or proprietary soft-
ware managing financial data