Case Study

servicenow thumbnail

ServiceNow creates a secure multi-cloud environment while maintaining developer freedom

ServiceNow has been a cloud-based organization from the beginning. It needed a security partner to protect its multi-cloud environment while giving its development and product teams the autonomy to build new solutions fast.

Challenge

  • ServiceNow needed improved visibility into its complex multi-cloud environment to quickly identify and remediate vulnerabilities.
  • The ServiceNow security team found it challenging to effectively deploy and maintain agents across a growing cloud environment.
  • Developers were moving quickly and spinning up new resources, and security needed a way to understand these changes in real time.

Solution

  • ServiceNow replaced a legacy solution with Wiz to give the company a more seamless user experience and provide deeper insight into its security posture across a multi-cloud environment.
  • With the support of an agentless solution, the security team saves time manually maintaining agents and can instead focus on new projects, like expanding security’s reach via “security champions” throughout the company.
  • Developers have more autonomy to innovate, even in highly regulated industries, because security has a single pane of glass across all cloud environments to monitor changes as they’re made.

Unifying organizations with more efficient workflows

ServiceNow is committed to making work better for everyone. The company’s cloud-based platform and solutions help digitize and unify organizations so they can find smarter, faster, and better ways to make work flow. As an organization born in the cloud and committed to innovation, ServiceNow keeps an intense focus on implementing best-in-class technologies, but part of managing a growing cloud environment is ensuring it remains secure.

“We want to give our developers the tools they need to succeed while ensuring the projects they’re working on and the tools they’re using are secure,” says Jatinder Thukral, Senior Staff Security Architect at ServiceNow. ServiceNow’s challenge in working across a multi-cloud environment was understanding its overall security posture.

Before Wiz, it was challenging to secure everything because we’re managing different clouds and working with so many markets.

Jatinder Thukral, Senior Staff Security Architect, ServiceNow

With the scope of their environment, it was challenging for the security team to identify and remediate vulnerabilities, know when resources were being spun up, or to keep tabs on the regulatory requirements of some of their government clients. Also, in attempting to remain cloud agnostic, they had to ensure that changes made in one cloud environment could also be made securely in another.

They needed an agentless solution that would help them analyze and manage everything across these environments, including short-lived resources and virtual machine templates. To unify its security management and help the team focus on secure development, ServiceNow turned to Wiz.

Growing more securely with improved visibility and context

To maintain its high regulatory standards while deploying a new security technology, ServiceNow first deployed Wiz through Outpost, letting the company scan its virtual machines and container clusters with its own cloud infrastructure and permissions. Once it was clear they could maintain compliance for all of its clients, ServiceNow was able to fully implement Wiz across all of its cloud environments in just six hours.

With Wiz in place, ServiceNow’s security team focused on its goal of giving people the autonomy to build in the cloud and ensure it stayed secure. Wiz’s Security Graph gives the security team a complete overview of their entire IT infrastructure, so it can easily review vulnerabilities and address them quickly as it grows. “I can double click on a vulnerability to see how critical the exposure is and understand why we should fix it. Then, when I give it to the owners, I also help them understand and prioritize it,” says Hemanath Baskaran, Senior Staff Security Engineer at ServiceNow.

The team has also integrated Wiz into ServiceNow’s vulnerability response module to make the remediation process more efficient. With a unified dashboard, ServiceNow can quickly understand where to look for the critical vulnerabilities and how to address them. It can now prioritize vulnerabilities and ensure the remediation steps are shared with the proper owners so they can take action, no matter where in their environment the issues are.

Sign up for Prowler Updates

Please enable JavaScript in your browser to complete this form.