ServiceNow + Guardrails: Context-aware cloud & security automation

Use Guardrails to connect your enterprise context in ServiceNow with your cloud infrastructure.

Turbot Team
5 min. read - Dec 11, 2023
Use Guardrails to connect your enterprise context in ServiceNow with your cloud infrastructure.

The integration between ServiceNow CMDB and Turbot Guardrails bridges the gap between your business context with your cloud & security controls.

Why sync ServiceNow CMDB data

Syncing ServiceNow CMDB data brings critical context to your cloud resources in Guardrails. Details like application ownership, data classification, and cost centers can then be used to:

  • Automatically tag resources with application context
  • Restrict access to groups, departments and business units
  • Enable security controls based on data sensitivity
  • Limit workload usage based on cost center budgets
  • And more...

Turbot Guardrails has thousands of OOTB controls to ensure security and optimize operations. Adding this additional context improves cloud visibility, cost optimization, and governance to enable automated policy enforcement.

How the integration works

Syncing data between systems is automated and continuous. Similar to how Guardrails captures cloud inventory and configs, now any ServiceNow CMDB table can sync in real-time as well.

For example, the ServiceNow Application table (cmdb_ci_appl):

These applications are now visible and managed in Guardrails:

The integration keeps data in sync in real-time as changes occur:

Enrich Guardrails Policies with Context

With ServiceNow data ingested, new possibilities open up for Guardrails automation, such as:

Auto-Tag Resources with enterprise context

Identifying who is responsible for the application, which cost center, and other CMDB details is simple to auto-tag on the cloud resource. For example, this Turbot Guardrails calculated policy template associates ServiceNow data such as application's ID, name and data classification:

app_id: "{{ $.application.u_id }}"
app_name: "{{ $.application.u_name }}"
data_classification: "{{ $.application.u_data_classification }}"

Which then applies the keys and values to be tagged anytime a cloud resource is created or updated, or when the ServiceNow Application details are updated.

"app_id": "APP0001"
"app_name": "CMS App FLX"
"data_classification": "Restricted"

Apply data protection rules with data sensitivity context

CMDB data can be used in policy logic to auto-configure resources appropriately. If an application is marked "Restricted" in ServiceNow, the associated AWS S3 Buckets can enforce versioning.

Using a calculated policy template, you can associate the context into the conditions of the policy enforcement:

{%- if $.resource.tags.data_classification == "Restricted" -%}
"Enforce: Enabled"
{%- else -%}
"Enforce: Disabled"
{%- endif -%}

See it in action

Get started with context-aware guardrails

With the integration between the ServiceNow and Turbot Guardrails, you can empower cloud resources with critical business context they've been lacking. This helps improve visibility, optimize costs, and enforce cloud governance best practices.

If you are new to Turbot Guardrails, reach out to us to get started. For existing customers, simply follow the ServiceNow integration guide to enable in your Turbot Guardrails workspace, and learn how you can also sync cloud resources to ServiceNow, further enriching your cloud & security controls.

Join our Slack community #guardrails channel to discuss your use cases and provide feedback as you leverage the integration.