- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2019 09:16 PM
How to use Database Encryption within serviceNow?
Solved! Go to Solution.
- Labels:
-
Best Practices
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2019 11:26 AM
Hi Mike,
Thank you for posting your question to the community. To use Database Encryption, you would have ServiceNow activate Database Encryption for the instances running in your ServiceNow environment. With Database Encryption, the data for those instances remains encrypted while at rest in the database. Therefore, there is nothing for the end users or the Servicenow instance admin to do in that respect because data is decrypted (i.e. in the clear) whenever it is needed by an application running on the instance. Database Encryption is available for purchase as an add-on option through your ServiceNow account executive.
With respect to the discussion here, Database Encryption solves a different requirement which is encryption of data at rest only at the database tier whereas Edge Encryption ensures application tier encryption in transit, in use and at rest. Therefore, both of these options can work in tandem.
To learn more about either of these options and the impact, you might want to check out the recent update to the ServiceNow Data Encryption white paper.
Could you please kindly mark my response as correct and/or helpful if you found it useful?
Kind regards,
Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2019 09:24 PM
Well... kinda depends.
ServiceNow can provide you with disk level encryption, but that only defends against someone walking off with your little part of the cloud.
Most of hte time people are talking about Edge Encryption, which is a proxy that encrypts data before it goes out tot he cloud. Meaning: the data is encrypted before it even touches ServiceNow.
I've found customers tend to look at encryption as "encrypt everything", but practically that's not always a good option. Here are some threads I've written on encryption in the past:
Encryption: How not to get \$#%&ed
Encryption: How not to get \$#%&ed Part 2
Encryption: How not to get \$#%&ed Part 4 - Understanding Variables
(Part 3 is irrelevant now). I wrote these a couple years back before Edge Encryption really blossomed, so please ignore anything that suggests Edge isn't mature yet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2019 09:26 PM
And now that I see you're with a partner, you may want to check out the Edge Encryption material offered via Saba.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2019 09:40 PM
Thanks for reply, but i know edge encryption has some limitations : Encrypted data cannot be processed by back-end logic, what is the impact?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2019 09:39 PM
Thanks for reply, but i know edge encryption has some limitations : Encrypted data cannot be processed by back-end logic, what is the impact?
