Everyone knows that security is important. Still, there remains a notion floating around that if an organization is small enough or obscure enough, it’s not a target for malicious attacks. But with security threats as sophisticated and pervasive as they are today, the unfortunate truth is that obscurity itself isn’t protective anymore. In fact, cyberattacks on small businesses were up 424 percent in 2018. No organization is too small to be vulnerable. And of course, larger mid-size and enterprise organizations know all too well that security and risk reduction are absolutely essential in the modern cloud-centric world.
Microsoft Secure Score helps businesses small and large by highlighting where there are gaps and risks in their technology environment, providing a security score rating, and comprehensively prioritizing and suggesting how the business can take actions and make configuration changes to become as secure as possible. Even better? The new integration with ServiceNow helps businesses put these suggestions into practice in the best way possible. Here’s how these two platforms work together seamlessly, why an “assume breach” mentality is still important, and why the integration matters in the grand scheme of things.
For all businesses that use it, Secure Score provides a dashboard and recommended security configurations that helps them get a handle on security threats by alerting them to major gaps or high risks.Of course, once businesses have identified security threats, they need to do something about them. The new integration with ServiceNow makes this step much easier and more efficient for ServiceNow users.
The integration helps organizations process and route proactive security actions quickly and effectively. For example, if Secure Score identifies a riskdue to the lack of multifactor authentication capability in the environment, the admin in the organization can simply create a change request in ServiceNow right from within the Secure Score interface, triggering targeted efforts following ITIL processes and an attested completion of the change. The task leaves a record with a confirmation and date, which makes audits easier. Once the change is actually made, Secure Score will identify that the gap has been addressed, and update the score to reflect an improved security posture for the organization.
“From the very beginning, ServiceNow’s Now Platform was built to help digitize workflows and make work, work better for people,” says Matt Schvimmer, vice president and general manager of IT service management (ITSM) at ServiceNow. “The integration of ServiceNow’s ITSM capabilities with Microsoft Secure Score helps customers address one of the biggest challenges they face, which is maintaining and maximizing their security posture.”
Schvimmer is right: Every organization needs to continuously evaluate their security posture to stay on top of risks. The problem is that there is no magic tool or set of tools that can stop every risk. You can’t just install a security platform and expect to have eliminated all possible avenues of risk.
A good standby is to assume breach at all times. That might sound extreme, but Gartner has found that “the average time to detect a breach in the Americas is 99 days and the average cost is $4 million.” Assume breach because you might just be losing money and wasting time by not doing so. The true “trench war” is then fought through a “defense in depth” approach to security tools and capabilities, integrating layers of security elements that can hamper or significantly reduce the extent to which a malicious threat is able to penetrate into the environment. In other words, rather than avoiding the wound (which is nearly impossible), the focus is on limiting the bleeding and eradicating the threat before it’s been able to cause much damage.
The Secure Score service is a way to both help prevent breaches before they occur and also limit the damage of breaches that inevitably happen. Whether a malicious party is seeking data itself to encrypt and ransom back to you, or administrative rights that could lead to their ability to wreak havoc, Secure Score ensures that there is awareness of the layers of security depth available and to be accounted for, making it significantly more difficult and time-consuming to get to that eventuality. And the ServiceNow integration makes these changes easier on organizations.
The ServiceNow integration ensures that as Secure Score exposes areas of risk, there is a clear path for improvement. Whether you need to turn on audit data recording or enable multi-factor authentication or conditional access policies, ServiceNow provides validation and an ITIL-driven process that helps IT departments prioritize security tasks and take care of them efficiently and effectively.
This integration may have been a small change, but it’s one significant puzzle piece in a larger movement to better leverage multiple ecosystems for security and other purposes. For security personnel, continually having to learn different interfaces can be time-consuming and frustrating. We’re looking forward to a time when ServiceNow and Microsoft—and other great platforms—share context and provide continuity for their users
With this new integration, Microsoft and ServiceNow seamlessly work together and help users assume risk in a way that helps their companies stay secure. And while it’s a great new feature for Microsoft 365 and ServiceNow users, it’s just one small piece of a growing movement for more integrated, seamless services across platforms.
Crossfuze is an expert in both Microsoft and ServiceNow. As you jump into this new integration, see how we can help you manage and react to security threats to your organization.