CUSTOMER STORY

ServiceNow Establishes Digital Trust at Scale with Keyfactor

Interview with Joseph Schoenith, Senior Security Engineer, ServiceNow
and Kapil Gupta, Principal Security Architect, ServiceNow

THE CHALLENGES

ServiceNow faced significant challenges managing PKI certificates as they scaled, relying on a manual, error-prone process with limited visibility and control. Their existing solution lacked the automation and API capabilities needed to efficiently issue and renew certificates across services. To address these limitations, they sought a more flexible, automated PKI solution capable of supporting secure identity issuance at scale for every service, user, and workload.

Company Overview

ServiceNow is one of the world’s largest Platform as a Service (PaaS) platforms, automating workflows for core business operations. The company provides ITSM tools such as asset management, IT operations management, HR management, and customer relationship management to 85% of global Fortune 500 companies. ServiceNow upholds its mission of “making the world work better for everyone” by continuously innovating and identifying ways to improve. Today, the company grosses over $10 billion in revenue and is committed to expanding automation internally and externally.

Challenges

Modernizing PKI and certificate management with built-in automation

As the world’s largest provider of ITSM services, ServiceNow issues millions of public key infrastructure (PKI) certificates for internal and customer-facing services. This process became increasingly difficult as the company grew and needed to issue certificates at scale.

“Our previous PKI solution required manual management of certificates, including the issuance and renewal. Every single piece was manually human-driven,” says ServiceNow Senior Security Engineer Joseph Schoenith. “With few checks and balances, we had very little control around who was requesting, issuing, and renewing, which was a huge blind spot.”

ServiceNow Principal Security Architect Kapil Gupta was keen to automate the process, but their previous solution didn’t offer complete automation capabilities.

“What we really required were APIs to set up automation for generating and renewing certificates at scale,” Gupta says.

ServiceNow began looking for a turnkey PKI solution that would allow them to issue identities for every service, user, and workload. That meant migrating from their existing vendor to a more flexible option that met their high expectations.

[Keyfactor] has really enabled us to be more free. Now, we can do more engineering and solve much larger problems than we ever could have before.

Joseph Schoenith, Senior Security Engineer, ServiceNow

Solution

An API-based framework removes human dependencies

ServiceNow evaluated several PKI software platforms, and Keyfactor came out on top, in part due to its REST API-based framework. Keyfactor offered the capabilities the ServiceNow team needed to build and integrate automated workflows and roll them out at scale. These features were crucial for Schoenith and Gupta, who wanted to alleviate time-intensive work for their teams.

The team also appreciated Keyfactor’s audit trail, which allowed for more certificate management observability.

“We could go back and check to make sure that we know what we think we know,” Schoenith says. “It would allow us to be more mindful of what our clients need, but also how to deliver a service that actually reflects the actual footprint of the environment.”

With these factors in mind, ServiceNow decided to migrate to Keyfactor EJBCA. Keyfactor made a good impression from the start with swift, friendly support during implementation. Confidence grew from there.

“With ServiceNow, we would know that every day, every week, every month, we had a certificate endpoint where clients can go and have a trusted platform secured by HSMs and all the niceties of the standards that you want in the industry today,” Schoenith says.

Keyfactor has opened up the door for us to be more effective as an engineering group because PKI management is no longer a weight over our heads.

Kapil Gupta, Principal Security Architect, ServiceNow

Business Impact

Streamlining certificates with fully automated workflows

Freeing up time to solve more pressing problems

Using Keyfactor has saved the ServiceNow team hours of precious time to spend on more pressing tasks.

“With ServiceNow’s previous solution, PKI management was completely manual, so it required tens of dozens of hours for engineers to figure out where these things were, how they were installed, why they were there, and whether they were even needed anymore,” Schoenith explains. “With Keyfactor, we save dozens of hours not only in engineering time but by eliminating unnecessary meetings and solving preventable issues.”

Keyfactor’s flexible PKI automation also gives engineers more time to innovate.

“ServiceNow has allowed us to identify pain points, work through them, and produce something that, at the end of the day, engineers are spending less time thinking about and managing,” Kapil says.

Boosting efficiency to build a better product

ServiceNow has used Keyfactor EJBCA to boost speed and efficiency so they can exceed the expectations of its Fortune 500 customers.

“We can serve very demanding teams with very demanding certificate needs, which can range from ‘I need one every day’ to ‘I need one every hour’ and any infinite variation in between,” Schoenith explains. Gupta adds that the company offers “a more secure footprint because we’re now able to issue certificates more dynamically for specific purposes.”

In addition to streamlining resources and improving security, Keyfactor has increased the capacity to develop new solutions. The ServiceNow team is more effective and can access data and metrics their previous PKI solution never offered.

“We can get ideas of how much volume we’re seeing in our client activity, which really allows us to identify what things we need to solve for or give our customers,” Schoenith says.

Increasing visibility and awareness

Switching to Keyfactor has provided significant improvements in observability, ensuring teams understand the breadth and scope of certificates issued. Now, nothing falls through the cracks.

“We’ve been able to go from a complete black hole of certificates and lifecycle management to a pinpointed, dashboard-driven view of what certificates we’re issuing and who it’s going to in the corresponding team,” Schoenith explains. “This operational improvement has been a huge uplift for us because our security partners are able to know where these things are going as well as find the service owners who need to maintain them.”

With increased visibility, automation capabilities, and efficiency, ServiceNow’s team is confident that Keyfactor can support their evolving security demands—no matter how fast they scale.

“EJBCA has given us the ability to look at our problems and start eliminating them one by one. Without it, we would not have the technology or the insights to grow anywhere near the scale that ServiceNow is growing,” Gupta said. “I cannot think of running the ServiceNow ecosystem without Keyfactor.”

Take the
next step

Learn how we can help you establish digital
trust with a highly scalable, reliable PKI solution