Secure ServiceNow integrations, permissions & KB widgets with Obsidian Security

Get a demoFree Trial

Misconfigured ServiceNow Knowledge Bases and public widgets expose sensitive data

ServiceNow contains complex customizations, granular permissions, and broad integrations, making it a significant challenge to secure.

Obsidian secures your ServiceNow environment by identifying every threat and posture gap.

ServiceNow’s access control and integration complexity creates posture gaps

Manually reviewing ticketing, communications, reporting, third-party apps, custom integrations, and external data leaves serious risks undetected.

  • Weak controls let low-privileged users access sensitive data from unauthorized tables 
  • Shadow public tables without defined access controls can allow unauthorized access 
  • Misconfigured Knowledge Base widgets allows unauthorized access to sensitive content (e.g. employee comp plans accidentally shown in Company Benefits knowledge base article)

Audit and monitor every access point across ServiceNow

  • Identify widgets that bypass allowlist system properties, unintentionally exposing data to the public
  • Revoke dormant accounts and unnecessary access permissions
  • Audit access controls for ServiceNow assigned roles, groups, and ACLs across Dev, Staging, and Production
  • Enforce Read and Cannot Read user and guest criteria at the article level

Mitigating Modern SaaS Threats in ServiceNow with Obsidian

ServiceNow empowers data innovation, but also introduces risks from excessive access and third-party code. Obsidian’s SaaS-native security stack continuously monitors token usage, enforces secure configurations, and delivers identity-aware detection to help organizations mitigate modern SaaS threats.

Related Resources

Incident Watch Cover

Incident Watch

ServiceNow Vulnerability Exposes Sensitive Data to Unauthorized Users

Incident Watch Cover

Blog

SaaS Security Shared Responsibility Model: Who’s Responsible for SaaS Security?

Blog

Salesforce Misconfiguration Continues to Expose Links to the Public