AppOmni today disclosed how sensitive data stored in knowledge bases hosted on the ServiceNow software-as-a-service (SaaS) application platform can be accessed because the proper controls have not been implemented.
Aaron Costello, chief of SaaS security research for AppOmni, said ServiceNow has now partially remediated the issue by requiring also its customers to upgrade to the latest instances of its SaaS application platform that provide access to the required controls that ServiceNow initially made available in 2023. AppOmni researchers have already discovered more than 1,000 instances of a ServiceNow knowledge base that could be compromised, representing 45% of the instances tested.
However, organizations still need to be aware of how and when to apply those controls to databases that, for example, might describe how to change an internal password or how the organization would respond to a ransomware attack, noted Costello.
In the absence of someone to apply those controls, organizations will continue to leave sensitive data exposed simply because the knowledge base residing on the ServiceNow platform has not been properly configured, he added.
More troubling still, this same configuration issue is likely to be encountered across multiple SaaS application platforms that are housing databases containing sensitive information, said Costello. Unfortunately, the administrators that often configure these platforms lack cybersecurity expertise, he added. It's often not even clear who in the organizations might be responsible for SaaS application security, noted Costello.
It's not clear to what degree SaaS applications might have been compromised because the proper security controls have not been implemented, but it's likely a systematic issue, added Costello. In the aftermath of the COVID-19 pandemic, reliance on SaaS applications that could be accessed from anywhere sharply increased. Now cybersecurity teams are being tasked with making sure those application environments are secure in the wake of a series of high-profile attacks aimed specifically at compromising SaaS applications relied on by thousands of organizations.
Ideally, organizations of all sizes should be embracing zero-trust IT principles but that can be challenging to achieve when application environments can be easily misconfigured. AppOmni late last year added an AskOmni assistant to provide access to a natural language chat interface for launching queries that reduce the level of expertise required to employ the SaaS security posture management (SSPM) platform developed by the company. Capabilities of the AskOmni assistant include risk assessments that surface remediation advice, notifications of excessive user access permissions to sensitive data and real-time threat intelligence.
Of course, it would be easier to protect SaaS applications if there were fewer of them. Organizations may want to review the number of SaaS applications they are using because, in the early days of the pandemic, many business leaders decided to adopt SaaS applications with little to no regard for any potential cybersecurity concerns that are now starting to raise their proverbial ugly heads. Many of those SaaS applications might not even be sanctioned by any IT team that has assumed responsibility for managing and securing them, at least until that first all but inevitable breach.