encrypt column while allowing search
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2025 01:48 PM
Goal:
Ensure HIPAA compliance by encrypting sensitive data at rest (e.g., patient SSNs).
Example Scenario:
As a doctor’s office, I need to store patient information securely in snow. This includes encrypting sensitive identifiers like Social Security Numbers (SSNs). However, I also need to be able to search for a patient using their SSN (e.g., from a list view or form).
Challenge:
If the SSN column is encrypted at rest using field-level or full-disk encryption, then the SSN data is stored in an encrypted form. This means:
If I try to search for a patient by SSN using an unencrypted input (e.g., typing the SSN in a list filter), the search won’t match any records — because the encrypted values are not directly searchable without decrypting them first.
Standard database lookups won’t work on encrypted fields unless specific search capabilities (e.g., hashed index fields or search proxies) are implemented.
Follow-up Considerations:
Should we use hashing or partial encryption (e.g., encrypting only at rest but allowing indexed search)?
Should we maintain a separate, secure index that maps searchable tokens (like a hashed SSN) to the record?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2025 05:03 AM
Hi Juan
It sounds like your requirement is to ensure that data in the ServiceNow instance is encrypted, while still being searchable.
I believe there are out of the box capabilities that you can leverage:
Cloud encryption ensures data at rest encryption by encrypting the disk where the data is stored. ( see: https://www.servicenow.com/docs/csh?topicname=dare-overview.html&version=latest )
Field level encryption ( recently rebranded from Column Level encryption ) ensures that the data is encrypted inside the database, and decrypted at runtime if the user has access to the data. In this case, searching on encrypted fields will still work, but data will only be available if the user has access to the data ( see: https://www.servicenow.com/docs/bundle/vancouver-platform-security/page/administer/encryption/concep... )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2025 05:13 AM - edited 05-01-2025 05:14 AM
if you use column level encryption is used and if the user searching has the encryption context then they can see the data
If user doesn't have encryption context then it won't show
check these links
Encrypting columns (fields) using "Column Level Encryption"
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
