ServiceNow has published guidance for its customers related to Access Control List (ACL) misconfigurations after an AppOmni security report found that 70% of the instances they tested had the issue.
In a report released on Wednesday, AppOmni explained that the common misconfigurations come from a “combination of customer-managed ServiceNow ACL configurations and overprovisioning of permissions to guest users.”
A ServiceNow spokesperson told ZDNet that this is a “well-known” issue that happens when end users do not apply recommended configuration and governance controls to their SaaS platforms.
“ServiceNow regularly publishes security configuration and best practice guidance to help our customers. We recommend that customers continuously monitor their security settings and user permissions to ensure that their instances are configured as intended, with an emphasis on permission levels for external users,” the spokesperson said.
AppOmni said many major SaaS platforms have this issue because of how complex they are and noted that misconfigurations can happen during the initial implementation phase of a SaaS platform when users or settings change or as part of the regular cadence of SaaS updates that can impact current configurations.
AppOmni CEO Brendan O’Connor said securing SaaS is a lot more complicated than just checking a