Database Encryption Support

Mike_Wang
Kilo Contributor

How to use Database Encryption within serviceNow?

1 ACCEPTED SOLUTION

mikeadler
ServiceNow Employee
ServiceNow Employee

Hi Mike,

Thank you for posting your question to the community. To use Database Encryption, you would have ServiceNow activate Database Encryption for the instances running in your ServiceNow environment. With Database Encryption, the data for those instances remains encrypted while at rest in the database. Therefore, there is nothing for the end users or the Servicenow instance admin to do in that respect because data is decrypted (i.e. in the clear) whenever it is needed by an application running on the instance. Database Encryption is available for purchase as an add-on option through your ServiceNow account executive. 

With respect to the discussion here, Database Encryption solves a different requirement which is encryption of data at rest only at the database tier whereas Edge Encryption ensures application tier encryption in transit, in use and at rest. Therefore, both of these options can work in tandem.

To learn more about either of these options and the impact, you might want to check out the recent update to the ServiceNow Data Encryption white paper.

Could you please kindly mark my response as correct and/or helpful if you found it useful? 

Kind regards,

Mike

View solution in original post

5 REPLIES 5

Uncle Rob
Kilo Patron

Well... kinda depends.

ServiceNow can provide you with disk level encryption, but that only defends against someone walking off with your little part of the cloud.

Most of hte time people are talking about Edge Encryption, which is a proxy that encrypts data before it goes out tot he cloud.  Meaning: the data is encrypted before it even touches ServiceNow.

I've found customers tend to look at encryption as "encrypt everything", but practically that's not always a good option.  Here are some threads I've written on encryption in the past:

Encryption: How not to get \$#%&ed
Encryption: How not to get \$#%&ed Part 2
Encryption: How not to get \$#%&ed Part 4 - Understanding Variables

(Part 3 is irrelevant now).  I wrote these a couple years back before Edge Encryption really blossomed, so please ignore anything that suggests Edge isn't mature yet.

 

Uncle Rob
Kilo Patron

And now that I see you're with a partner, you may want to check out the Edge Encryption material offered via Saba.

Thanks for reply, but i know edge encryption has some limitations : Encrypted data cannot be processed by back-end logic, what is the impact?

Mike_Wang
Kilo Contributor

Thanks for reply, but i know edge encryption has some limitations : Encrypted data cannot be processed by back-end logic, what is the impact?