For many people, security on their ServiceNow instance ends with ACLs b maybe encryption if they have the need, but there’s more b oh, so much more. Joining me in this episode is someone to shed some light on the full spectrum of ServiceNow security capabilities as of 2023. Topics 00:00 Welcome/Introductions 07:32 Introduction to product family 09:51 Authorization and authentication 10:52 Security, identity, and privacy 18:25 Product overview 22:52 Data filtration plugin 23:58 Protected tables plugin 24:46 Log export service 25:33 MFA 26:00 Adaptive authentication 28:42 Data classification and data certification plugins 33:31 Vault 36:19 SCIM 39:30 Final grouping 42:28 Mile wide, inch deep 43:09 Words of advice 44:40 Outro Links Docs: Platform Security Landing Page Security Best Practice Guide Trust Site Trust Center Verizon Data Breach Investigations Report IDPro Body of Knowledge LinkedIn Email jarod.
Using KMF for HMAC Verification Hash-based message authentication code (or HMAC) is a common way to validate the authenticity of messages sent over the internet. For example, GitHub and Gitea rely on HMAC (SHA256) to secure webhooks. My team wanted to sync our Gitea Issues and Pull Requests to our ServiceNow instance, thus we wanted a Scripted REST API that verifies HMAC for those webhook messages. There have been a few posts describing how HMAC verification can be implemented (e.