Brief IA

ServiceNow: Revolutionizing University AI Risk Management

⚖️ Regulation & Ethics·Tom Levy·

ServiceNow: Revolutionizing University AI Risk Management

ServiceNow: Revolutionizing University AI Risk Management
Key Takeaways
1University IT leaders are cautiously adopting AI, seeking to balance innovation and security.
2ServiceNow integrates Armis and Veza to provide centralized and effective AI risk management.
3Continuous Threat Exposure Management (CTEM) is becoming crucial for navigating the complex environments of campuses.
💡Why it mattersImplementing AI risk frameworks enables universities to drive innovation while protecting sensitive student data.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

The Cautious Optimism of IT Leaders Regarding AI

In the higher education sector, IT leaders approach the integration of artificial intelligence with a degree of caution. While AI promises to transform student services, research, and campus operations, it also raises concerns about data management and institutional exposure. In this regard, universities are not much different from large corporations. A small fraction of major commercial organizations believes they have a handle on AI-related risks, but even these are still discovering blind spots. The rest fall somewhere on a spectrum ranging from "We are trying to get there" to "We don't know where to start."

Some large institutions and flagship systems have dedicated resources and personnel for AI governance, while many others still struggle with fundamental questions of scope, ownership, and accountability.

The Importance of AI Risk Frameworks

AI risk frameworks, including Continuous Threat Exposure Management (CTEM), are essential for managing these challenges. An AI framework is a set of tools that supports an environment for designing, training, and implementing AI models. It forces you to question the systems involved, the types of data they handle, who holds decision-making power, and how you will determine if your efforts are paying off. This facilitates the application of consistent criteria and controls across AI initiatives on campus.

Some AI tools come from centrally purchased platforms, while others arrive through departmental projects or teacher-led pilots. Some emerge as shadow AI, when students or staff adopt new tools outside the purview of IT. A framework allows you to manage all of this without having to personally inspect every new initiative.

Continuous Threat Exposure Management (CTEM)

CTEM is becoming a central element for universities seeking to manage AI risks. It involves continuously answering three questions: What is in my environment? Which assets among these are most critical to my risk posture? How do I continuously reduce this risk as new technologies and use cases emerge?

These questions are particularly challenging in higher education due to the diversity of the environment. You are dealing with on-premises and cloud systems, as well as IoT and operational technologies on campus. You have departmental applications that may have never gone through central IT. Additionally, you have agent-based AI tools that staff, teachers, and students integrate to solve their own problems.

Most institutions can see elements of this landscape, but not enough to reliably separate harmless noise from serious threats. This is where CTEM comes into play. Before you can govern AI, you need to understand your assets. You must know what systems exist, where they are located, what data they process, and how they connect to one another. In higher education, this includes student support tools, analytics and research environments, identity platforms, and learning management systems—anywhere AI interacts with sensitive data.

ServiceNow and Its Strategic Acquisitions

ServiceNow positions itself as a key platform for CTEM by integrating Armis and Veza. These acquisitions enable institutions to centralize asset management and apply consistent governance controls. The goal is to move away from piecing together multiple tools and provide IT teams with a unified environment where CTEM-style asset visibility and AI risk management work together, thus facilitating the identification of real threats.

These capabilities will be available in several ways. If a client already has ServiceNow, we can effectively add these components to their existing platform. If they do not, we can still provide the same risk capabilities through ServiceNow's Integrated Risk Management offerings as a standalone deployment.

Encouraging Innovation with Boundaries

Universities must balance innovation and security. AI risk frameworks allow for transforming "no" into "yes, with boundaries," creating a secure environment for experimentation. IT teams do not want to be seen as the "no" department, systematically shutting down AI initiatives because the risk seems too difficult to manage. The true promise of CTEM and structured risk frameworks is that they enable you to transform "no" into "yes—within these boundaries."

Once you have visibility into your environment and a way to prioritize what is important, you can start to create a walled garden, encouraging experimentation with AI in an environment where you have visibility, safeguards, and control. The goal is not to lock everything down; it is to create conditions where the adoption of AI does not exceed your capacity to protect the institution.

My advice to IT leaders is to start with your AI-powered help desk and student support agents. This is the quickest path to real operational gain—and the quickest path to risk—because these tools rely on identity, tickets, human resources, and student records, and they often take automated actions. First, apply an AI risk framework there: map every use case and data flow, classify the decisions that AI can influence, and establish safeguards such as human approval for high-impact actions, least privilege access, complete audit logging, and clear retention policies. If you can govern AI in support workflows, you can govern it anywhere on campus.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.