ServiceNow and NVIDIA Team Up: What to Know

A couple weeks ago, ServiceNow and NVIDIA announced a groundbreaking partnership to help expand ServiceNow’s generative AI use cases for their customers to strengthen workflow automation and rapidly increase productivity. ServiceNow is also helping NVIDIA streamline its IT operations by using NVIDIA data to customize NVIDIA NeMo foundation models running on hybrid-cloud infrastructure. This collaboration aims to redefine the boundaries of programming and automation, enabling individuals across diverse backgrounds to harness the power of technology. 

NVIDIA CEO Jensen Huang states, “This computer doesn’t care how you program it, it will try to understand what you mean, because it has this incredible large language model capability. And so the programming barrier is incredibly low…Everyone is a programmer.” The productivity and efficiency gains from this partnership are endless, but it rings alarm bells as far as security is concerned. 

Empowering Everyone as Programmers

The core objective of the ServiceNow and NVIDIA partnership is to democratize programming and development and make it accessible to as broad of an audience as possible. Traditionally, programming has been considered a specialized skill set, limited to a select group of individuals. However, this collaboration seeks to change that perception by leveraging the capabilities of NVIDIA’s powerful GPUs and ServiceNow’s workflow automation platform.

Through the integration of NVIDIA’s AI technology, ServiceNow aims to add to their visual, low-code development platform to further simplify the process of creating and implementing software applications. This development means that individuals without extensive coding knowledge can now participate in building innovative solutions and automating complex tasks. The vision is to empower business users from all departments to contribute to digital transformation initiatives, resulting in increased efficiency and productivity.

Don’t Let Security be an Afterthought 

While the ServiceNow and NVIDIA partnership presents exciting opportunities, it also introduces cybersecurity risks that cannot be ignored. When more individuals have the ability to create and modify software applications, it becomes crucial to ensure that adequate security measures are in place to safeguard against vulnerabilities and threats. Here are some key areas of concern:

1. Insecure by Design. The expanded pool of newly-minted developers means that many, particularly those less-technically inclined, may lack the expertise and experience required to produce secure code. Further, the speed at which people can create applications with low-code/no-code tools armed with generative AI and large language models is staggering. The traditional software development lifecycle does not exist in this development paradigm and can easily result in citizen developers hard-coding credentials, implicitly sharing apps, accepting risky default permissions, and more.
2. Increased Attack Surface. As more individuals become involved in application development, combined with the incredible velocity of which applications are created, the attack surface expands exponentially with tools like ServiceNow, Microsoft, Salesforce, Workato, etc. Each new program or automation increases the potential entry points for cyberattacks, demanding robust security practices to mitigate the risks.
3. Data Privacy Concerns. As the number of software applications grows, so does the volume of data being processed and stored. Organizations must be diligent in ensuring that appropriate data privacy and protection measures are implemented to safeguard sensitive information from unauthorized access or breaches.

Addressing the Challenges

The partnership between ServiceNow and NVIDIA signifies a pivotal shift in the tech industry, empowering individuals from various backgrounds to participate in software development and automation. Layering in generative AI into low-code/no-code platforms will only continue as technology vendors and enterprises both look for new ways to optimize productivity and efficiency. It is crucial to recognize the potential cybersecurity challenges that may arise when leveraging low-code/no-code and/or Generative AI tools, and pivotal to:

• Maintain continuous visibility so that as applications, automations, etc., are being built, you know what is out there
• Automatically assess risk to determine which resources present security risks, and prioritize those risks based on business criticality and impact
• Govern and secure application development using low-code/no-code by instituting playbooks and automated triage to ensure that as misconfigurations happen, or potential data leaks spring, you can take action before someone else does. 

To dive deeper, we’re hosting a webinar on June 28th, talking about the security ramifications of combining low-code/no-code with Generative AI, and what security leaders can do about it. Save your seat here!