WP

WP

Security is Job One

Service-now.com Infrastructure
& Application Security
white paper

INFO@SERVICE-NOW.COM
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER

Table of Contents
Confidence Delivered 3

Physical Security 3
Communications & Network Security 3
Data Security & Preservation 3
Application Security 3
Data & Code Isolation 3
Audit & Compliance 3
Physical Security 4

Data Center Facilities 4

Data Center Access Control 4
Communications & Network Security 4

SSL/TLS 4
Firewalls 4
VPN 5
Secure Integrations 5
LDAP 5
Data Security 6

Backup and Restore 6

Disaster Recovery 6
Business Continuity 6
System Integrity 7
Monitoring 7
Application Security 7

Authentication 7
Access Control 8
Role-based Security 8
Contextual Security 8
Audit 8
Data & Code Isolation 8

Audit & Compliance 9

Privacy 9
SAS 70 10
Regulations and Governance 10

Service-now.com White Paper Table of Contents

i
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER

Confidence Delivered
We understand successful partnerships are built on confidence. Your confidence in our ability to provide a secure service
delivery platform is paramount. As an On Demand or Software as a Service (SaaS) solution provider, we recognize data
security and system integrity are first and foremost on our customer’s list of requirements.

Service-now.com is drastically different than legacy IT service management and On Demand software providers. IT serv-
ice management is not only something we deliver, it is our business. We live, breathe and practice ITIL in everything we
do – from the way we design our software to the way we manage your Service-now.com instance. We combine our
years of IT service management experience with world-class infrastructure technology and security to ensure you are pro-
tected. We deliver confidence in six key areas.

Physical Security
We offer the widest range of redundant physical security features available including fire alert and gaseous fire suppres-
sion, video camera surveillance, secured and escorted access with on-premise law enforcement, and ‘always-on’ power
systems.

Communications & Network Security

Our communications and network security strategy includes comprehensive defense and response systems including
firewall protection, VPN tunneling, multiple layers of encryption (SSL/TLS), and LDAP security. We provide secure inte-
grations to prominent 3rd party systems and data sources.

Data Security & Preservation

We protect and preserve customer systems by employing scheduled backups to a geographically separated disaster re-
covery facility, formal Disaster Recovery and Business Continuity plans, and highly controlled access. Systems are
password protected and only accessed by our employees.

Application Security
Service-now.com delivers acute application security functions focused on user authentication, access control and auditing.
Service-now.com is a user-based system governed by encrypted password protection, role-based security and contextual
security. Each interaction with the system is logged for auditing purposes.

Data & Code Isolation

We provide our customers with their own set of applications and databases as part of our single-tenant platform strategy.
Customer databases are private and not intermixed with any other organization’s data. This is a key tenet of our architec-
ture that not only provides security, but also enhances manageability and reliability.

Audit & Compliance

We deploy governance strategies designed to ensure customer privacy, meet auditing standards including SAS-70 Type
II, and help support regulation initiatives.

Service-now.com White Paper

1
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER

Physical Security
Our production hosting facilities offer multi-layered physical security features designed to thwart internal and external
threats, protect from natural and man-made disasters, and ensure our customer instances operate as expected.

Data Center Facilities

Service-now.com data center facilities include state-of-the-art redundant power management, HVAC, and fire suppression
facilities. Each data suite or co-location room includes HVAC systems and redundant cooling, fire suppression units with
a pre-action dry pipe system and Very Early Smoke Detector Apparatus’ (VESDA). The facility includes ‘always-on’ power
delivered by Uninterruptable Power Supply (UPS) systems which are monitored 24x7.

Data Center Access Control

Service-now.com enforces strict security and access control polices to ensure only authorized personnel are granted ac-
cess to our data centers, cages and cabinets. All visitors and customers must have a valid driver’s license or passport
and a verified user name and password to enter our data center facilities. Upon verification, key cards are issued. All
personnel are escorted by data center staff to their cages and cabinets. Throughout the facility there are over 100 closed
circuit cameras capturing all traffic in and out of the center while key card readers log customer traffic through all exits and
doors. Traffic and activity data is permanently recorded and immediately delivered to Service-now.com. Data center ex-
ternal perimeters and equipment is protected by chain fencing, protection barriers, and monitored through video surveil-
lance.

Communications & Network Security

Our communications and network security strategy includes firewall protection, VPN tunneling, multiple layers of encryp-
tion (SSL/TLS), and LDAP security. As an SOA-based platform, we provide secure integrations to prominent 3rd party
systems and data sources.

SSL/TLS
We use 256 bit SSL encryption extensively throughout our system to ensure authorized communications. Access to
Service-now.com requires a combination of a valid username and password which is SSL encrypted during the transmis-
sion. We also encrypt LDAP communications using LDAPS or SLDAP forms of SSL.

Service-now.com inbound and outbound email support is one of the many unique features delivered in our solution. Our
customers use this functionality to log and update incidents, kickoff and approve change requests, assign work tasks and
deliver secured surveys. We encrypt communications between our mail server and a customer’s remote mail server
through Transport Layer Security (TLS).

Firewalls
Service-now.com detection and response services recognize and stop attempted intrusions, prevent further intrusions
from occurring, and provide real-time alerts to our security operations center. To protect our customer instances from ma-
licious network traffic we utilize firewall clusters located in front of the network and communicate with the backend data-
base via the application. Authorized Service-now.com personnel manage the firewalls and review debugging and packet
level information on a daily basis. In addition to hands-on monitoring, DDOS/IDS alerts are triggered and immediately
sent to Service-now.com for analysis and remediation.

Service-now.com White Paper

2
 SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER

VPN
Service-now.com offers multiple secure communication vehicles including HTTPS protocols and VPN tunnels. Based on
customer preference, Service-now.com can provide AES (128/256), 3DES, MD5 or SHA-1 VPN tunnel options. VPN tun-
nels provide secure communications with systems located on the customer’s site including directory services, email, SMS,
CTI, monitoring, discovery, and ERP. It can also be configured so that all user traffic traverses the VPN.

Secure Integrations
Using HTTPS protocols and VPN tunnels, Service-now.com integrates with virtually any 3rd party application or data
source - whether the source is another On Demand system or located at the customer’s premise. A variety of techniques
are used to achieve 3rd party integration, most notably Web Services, JDBC, JMS and email. These are industry standard
technologies that also use SOAP and WSDL. All of our tables are exposed as a web-services document.

Standard integrations for Service-now.com include:

Login ‣ Headers / URL Parameters ‣ Tomcat Valve

(Single Sign On) ‣ Encrypted / Digested

Data & Processes ‣ Java Database Connectivity (JDBC) ‣ Web Services

‣ MID Sever ‣ File
Communications ‣ Inbound & Outbound Email ‣ Java Messaging Services (JMS)
‣ Short Messaging Service (SMS) ‣ Computer Telephony Interface systems
‣ Text Messaging
LDAP ‣ Microsoft Active Directory ‣ Domino Lotus Notes
‣ Novell ‣ OpenLDAP
Monitoring ‣ HP OpenView ‣ Spectrum
‣ CA Unicenter ‣ Dell Silverback
‣ Tivoli TEC
Discovery ‣ Microsoft SMS and SystemCenter ‣ Avocent LANDesk
‣ Symantec Altiris ‣ Centennial
‣ IBM CCMDB
ERP ‣ Oracle Financials ‣ SAP
‣ Oracle PeopleSoft
Change Management ‣ Microsoft Outlook Calendar Integration

LDAP
Service-now.com uses directory services to help construct our user and organizational structures such as user, cost cen-
ter, department, location, etc. By using existing directory services, we help to ensure consistency across your systems.

Executing a secure LDAP integration is one of the first activities performed in the Sevice-now.com release management
process. This includes secure connections to Microsoft Active Directory, Novell, Domino Lotus Notes, and OpenLDAP. As
part of this process, we connect to LDAP from a single machine using a fixed IP address through a specific port on your
firewall and authenticate with a read-only LDAP account of your choice. Optional SSL encryption of LDAP traffic can be
added using LDAPS or SLDAP protocols. For those customers that require enhanced security layers, we offer IPSEC
tunneling options.

Service-now.com White Paper

3
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER

Using credentials provided by our customers, a LDAP BIND is executed allowing the retrieval of user distinguished name
(DN) from the LDAP server. We do no store or capture LDAP passwords as they live entirely in the users HTTPS session.

We use the ADNotify facility and a daily LDAP Browse to capture and store organization unit (OU) data within our system
tables. Because OU data provides key objects referenced within our system, we do not delete any stored data when data
disappears from LDAP. In the event our customers require the removal of OU data from Service-now.com, entries and all
associations can be removed from our system by deleting the stored entry.

Data Security
We rely on redundant systems and procedures to ensure customer data is protected and available. Customer data is
backed up to geographically separated servers, system access uses encrypted passwords, and health and security are
proactively monitored. Our formal Disaster Recovery and Business Continuity plans are defined and tested.

Backup and Restore

All customer data is automatically backed up on a nightly basis to a second server and retained for seven days. The
backup is copied to a second data center for disaster recovery purposes. Data backup and disaster recovery may be ar-
ranged at a customer data center upon request.

For large deployments, we offer data replication technology that creates and maintains a second database in near real-
time (less than a second latency). The replication technology also establishes a hot standby server that can switch to
primary in a matter of minutes in the event of a physical disaster.

Disaster Recovery
We make every effort to meet our availability SLA of 99.97%. In the unlikely event that our production center should be-
come unavailable or our development staff determines it is not recoverable we enact our Disaster Recovery process.

While our Vice President of Operations is responsible for the Disaster Recovery program, Service-now.com senior cus-
tomer support technicians or development staff contain authority to declare a disaster. The manager of customer support
is responsible for executing the Disaster Recovery plan. Enactment of our Disaster Recovery plan involves notification to
development staff for problem resolution purposes as well as our CEO and all members of executive staff. We practice
our Disaster Recovery process once a quarter on non-production systems. All participators in our Disaster Recovery plan
are Service-now.com staff. We do not use 3rd party vendors or off-shore suppliers in the disaster recovery process.

Once a disaster is declared, customer URLs are redirected to our disaster recovery facility where we launch the DR
server using customer data captured during the previous backup. Affected customers are immediately notified and kept
informed of the exact status of the DR process via email and phone support. Upon restoration of the production server,
the customer is moved back to their production server while we make every attempt to recover lost data.

Business Continuity
Service-now.com has a formal BCP plan which enables us to conduct business operations from any remote location in the
event that our corporate headquarters are unusable for some reason. It is important to note that all customer systems and
data reside at a separate facility from our corporate headquarters. While our business is operationally run from our head-
quarters in Solana Beach, California, all customer systems and data are run and stored at a one of several data centers
located globally. In the event of an operational problem at one of our datacenters, we would enact our Disaster Recovery

Service-now.com White Paper

4
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER

plan. In the event of some natural or other disaster affecting our headquarters, we would enact our Business Continuity
Plan (BCP).

As an On Demand company, we are able to work in a very mobile, virtual environment. In the event of needing to enact
our BCP, communication would be sent to all personnel instructing them to source a remote work location (typically their
home). All telephonic communications would be redirected to secondary numbers (home offices or mobile phones) busi-
ness would be conducted remotely. We don’t run any critical business systems or services at our office so all systems can
be accessed remotely (we run virtually our entire business on our own internal instance of Service-now.com).

During the Southern California wildfires of October 2007 many employees were evacuated from their homes and the of-
fice was completely inaccessible to all but a few employees due to traffic and travel restrictions. For a three day period the
company operated without problem from any number of hotel rooms, home offices and other remote locations.

System Integrity
Our Vice President of Operations serves as our Chief Security Officer and as such bears full responsibility for the policies
and procedures governing our customer systems as well as our stewardship of all customer data. This role reports directly
to the CEO.

Service-now.com development and support work is conducted in Solana Beach, California. The vast majority of the devel-
opment work is done by Service-now.com employees although we do employee contractors for very specific work from
time to time. Customer support is conducted by Service-now.com employees with no contractors or third parties utilized.

A limited number of Service-now.com employees maintain highly controlled access to customer instances for the purpose
of trouble-shooting, customization and general customer support. Our employees access customer systems via a single
Logon ID and Password. Additionally, customer systems automatically maintain an auditable log of developer or support
access which tracks all changes made to the system. Service-now.com employees are background checked and drug
screened. 3rd party or subcontractors do not have access to any customer systems.

Monitoring
Service-now.com utilizes our own, internally developed monitoring technology to monitor all of our customer systems. This
monitoring technology monitors CPU utilization, response time, and memory utilization. Additionally, we utilize the
datacenter-provided system to monitor for spoofing, hijacking, and replay.

Performance and security monitoring alerts are sent to Service-now.com for analysis and potential remediation. As alerts
and events are generated, they are reviewed by our support and development staff. Formal monitoring takes place on a
daily basis.

Application Security
We deliver acute application security functions focused on user authentication, access control and auditing.
Service-now.com is a user-based system governed by encrypted password protection, role-based security and contextual
security. Each interaction with the system is logged for auditing purposes.

Authentication
Service-now.com is a fully password protected, encrypted system. Our belief is that our authentication policies should be
configurable and able to meet your corporate security guidelines. We leave it up to our customers to define password
length, character types, and change frequency. Users access Service-now.com only with a valid username and password
Service-now.com White Paper

5
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER

combination which is SSL-encrypted while in transmission. An encrypted session ID cookie is used to uniquely identify
each user. Passwords are encrypted using the Secure Hash Standard (SHS) described in FIPS PUB 180-1. SHS is a
one-way encryption algorithm, which means that once encrypted, the clear text password is no longer available. For more
information on FIPS, please visit here.

Access Control
Service-now.com is widely adopted within our customer base for all facets of IT service Management. Additionally, many
of our customers have extended Service-now.com to support HR, Facilities, and Finance business processes. This wide
adoption of our solution set within our customer environments means that many different people with many different roles
are using the system. Service-now.com provides extensive role-based security and contextual security to ensure users
are presented the tools and information they need to do their job while setting limits to what they can and cannot do within
the system.

Role-based Security
Service-now.com is a user-based system governed by role-based security. User authentication is coupled with granular
role-based security to control functionality and views available to users.

Although we have defined a number of pre-configured roles within Service-now.com, our customers have many personnel
types and roles that are unique to their operations. We provide extensive facilities to allow our customers to create an
unlimited number of unique, secured roles.

Contextual Security
In addition to password authentication and role-based security, Service-now.com delivers a deeper level of system access
control - contextual security. Our contextual security manager uses a number of parameters to secure records based on
contents and apply security rules to any level in our object hierarchy.

Audit
Each customer instance of Service-now.com automatically maintains an auditable log of all interactions with the system,
including login attempts. Service-now.com operations team reviews log files for invalid login attempts and file permission
changes on a daily basis. Our customers also have access to these same log files for auditing purposes.

Data & Code Isolation

Our architecture is startlingly different, even for On Demand software. We question how things were done before and
how they will be done in the future – this is the basis of our innovation. We challenged the concept that On Demand soft-
ware had to be multi-tenant based – and proved there is a better way.

Traditional enterprise On Demand multi-tenant architectures were designed to reduce vendor management and mainte-
nance costs. In theory, multi-tenancy would help the vendor’s business scale. But at what cost to the customer? Virtuali-
zation, cheaper hardware costs, Open Source, and new platform technologies have allowed for a shift in the way On De-
mand software is delivered.

At Service-now.com, we provide our customers with their own set of applications and databases as part of our single-
tenant platform strategy. Each Service-now.com instance runs under a separate Java Virtual Machine accessing a sepa-
rate relational database.

Service-now.com White Paper

6
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER

Based on our experience, we found that our single-tenant platform enables:

‣ Elevated customer security by not mixing customer data in a single database

‣ Faster application response times

‣ Greater scalability

‣ Extensive application customization (which is always preserved through upgrades)

At the instance level, Service-now.com is architected to support multi-tenant deployments allowing customer data, work-
flow, customizations, views and roles to be segregated. Our approach is ideal for our Managed Service Provider partners
– providing ultimate flexibility in fulfilling customer requirements.

Additionally, we provide our customers and service provider partners the choice to deploy Service-now.com on premise.
The same On Demand architectural philosophies are implemented in on premise deployments – auto-upgrades, pre-
served customizations, secure connections, application security, and multi-tenancy.

For additional information on our system and its general architecture, please see our Wiki at:

Audit & Compliance

We deploy governance strategies designed to ensure customer privacy, meet auditing standards including SAS-70 Type
II, and help support regulation initiatives.

Privacy
Privacy on the Service-now.com website is of great importance to us. Because we gather important information from our
visitors and customers, we have established this privacy statement as a means to communicate our information gathering
and dissemination practices. We reserve the right to change this privacy statement, and we will provide notification of any
change at least thirty (30) business days prior to the change taking effect.

The basic tenets of our privacy policy are very straightforward:

‣ Through the course of doing business with you or your organization, from time to time we may ask for personal in-
formation in an effort to better serve your needs.

‣ We will only collect information that you voluntarily submit to us, such as names, phone numbers and email ad-
dresses.

‣ We will only use your volunteered personal information to more proactively respond to your requests for information
regarding our services.

Service-now.com pledges to guard and protect your personal information as you would, with the respect and security we
hope you would have for us. We will never, under any circumstances, sell or share your personal information to a third
party, and any data we collect will only be used to facilitate a more responsive relationship between our two organizations

As a California-based corporation, Service-now.com is required to be compliant with California Law 1386 which stipulates
that we are required to report any breach or potential breach of customer information. Additionally, this is standard corpo-
rate policy.

Service-now.com White Paper

7
SERVICE-NOW.COM INFRASTRUCTURE AND APPLICATION SECURITY - WHITE PAPER

SAS 70
Statement on Auditing Standards No. 70 (commonly referred to as SAS 70) is an auditing standard and publication used
to evaluate the design and effective operation of provider internal controls. Service-now.com recognizes SAS 70 as an
industry standard. We offer customers the ability to operate their Service-now.com instance in our SAS 70 Type II certi-
fied data centers.

Regulations and Governance

There are many regulations that affect our customers in many different verticals including the Sarbanes-Oxley Act (SOX),
Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI) Data Security Standard (DSS), Health Insurance Portabil-
ity and Accountability Act (HIPAA). IT service and asset management applications, like Service-now.com, are not subject
to regulatory audits. These systems do not store or manage financial, health care or credit card data; however they do
play a role in maintaining system availability and provide a valuable source for auditing system changes.

These applications may support the audit process itself in one of three manners:

Configuration Management - a Configuration Management Database (CMDB) can identify the financial Business Serv-
ices and their components that either control or manage financial data

Change Management - document and verify approvals for, and, any changes made, to a financial Business Service veri-
fying access and data integrity

Release Management - document and verify approvals for, and, any changes made, to commercial or proprietary soft-
ware managing financial data

Service-now.com White Paper