Our communications and network security strategy includes firewall protection, VPN tunneling, multiple layers of encryption (SSL/TLS), and LDAP security.  As an SOA-based platform, we provide secure integrations to prominent 3rd party systems and data sources.

SSL/TLS

We use 256 bit SSL encryption extensively throughout our system to ensure authorized communications.  Access to Service-now.com requires a combination of a valid username and password which is SSL encrypted during the transmission.  We also encrypt LDAP communications using LDAPS or SLDAP forms of SSL.

Service-now.com inbound and outbound email support is one of the many unique features delivered in our solution.  Our customers use this functionality to log and update incidents, kickoff and approve change requests, assign work tasks and deliver secured surveys.  We encrypt communications between our mail server and a customer’s remote mail server through Transport Layer Security (TLS).

Firewalls

Service-now.com detection and response services recognize and stop attempted intrusions, prevent further intrusions from occurring, and provide real-time alerts to our security operations center.  To protect our customer instances from malicious network traffic we utilize firewall clusters located in front of the network and communicate with the backend database via the application.

Authorized Service-now.com personnel manage the firewalls and review debugging and packet level information on a daily basis.  DDOS/IDS alerts are triggered and immediately sent to Service-now.com for analysis and remediation. 

VPN

Service-now.com offers multiple secure communication vehicles including HTTPS protocols and VPN tunnels.  Based on customer preference, Service-now.com provides AES (128/256), 3DES, MD5 or SHA-1 VPN tunnel options.  VPN tunnels provide secure communications with systems located on the customer’s site including directory services, email, SMS, CTI, monitoring, discovery, and ERP.  It can also be configured so that all user traffic traverses the VPN. 

Secure Integrations

Using HTTPS protocols and VPN tunnels, Service-now.com integrates with virtually any 3rd party application or data source - whether the source is another On Demand system or located at the customer’s premise. A variety of techniques are used to achieve 3rd party integration, most notably Web Services, JDBC, JMS and email. These are industry standard technologies that also use SOAP and WSDL.  All of our tables are exposed as a web-services document. 

LDAP

Executing a secure LDAP integration is one of the first activities performed in the Sevice-now.com release management process.  This includes secure connections to Microsoft Active Directory, Novell, Domino Lotus Notes, and OpenLDAP.  We connect to LDAP from a single machine using a fixed IP address through a specific port on your firewall and authenticate with a read-only LDAP account of your choice.  Optional SSL encryption of LDAP traffic can be added using LDAPS or SLDAP protocols.  For those customers that require enhanced security layers, we offer IPsec tunneling options.

Using credentials provided by our customers, a LDAP BIND is executed allowing the retrieval of user distinguished name (DN) from the LDAP server.  We do not store or capture LDAP passwords as they live entirely in the users HTTPS session.

We use the ADNotify facility and a daily LDAP Browse to capture and store organization unit (OU) data within our system tables.  Because OU data provides key objects referenced within our system, we do not delete any stored data when data disappears from LDAP.  In the event our customers require the removal of OU data from Service-now.com, entries and all associations can be removed from our system by deleting the stored entry.