Encrypting Journal Fields

nicholasmayo
Kilo Contributor

‎05-03-2017 07:56 AM

Hey folks,

I was wondering if it's possible at all to encrypt Journal fields. Documentation said it isn't possible, but I was wondering if anyone came up with any solutions.

Our use case: we are onboarding HR into our instance where they can track their support cases. We will be encrypting attachments and several text fields, but they may have discussions via comments about sensitive information (PHI, PII, etc). We need to be able to encrypt this data. Any ideas?

Thanks.

  • 1,907 Views
7 REPLIES 7

Jeff Boltz1
Mega Guru
In response to Jeff Boltz1

‎08-23-2018 06:47 AM

Just in case someone reads my earlier post, there are a few other considerations.

1.  Journal fields do write to the Journal Entry [sys_journal_field] table, so you can put a BR to encrypt the entries there, but that is not the only location where the data goes.

2.  From this post:

https://community.servicenow.com/community?id=community_question&sys_id=9721c7e5db98dbc01dcaf3231f961963

I was able to see that what shows under the Journal entry field, is the Activity formater, which pulls from History [sys_history_line] table.  That table is rightly protected, and making system changes to encrypt there is a non-starter.  There is also data in sys_history_set table which is similarly protected.

What would be good is to identify the ServiceNow code that is writing to those tables, and then somehow call encrypt when it saves. 

The other question to find out is where to call the decrypt when a user with the right role reads in the data through the UI.

I hope that helps, or someone has some suggestion.

Thanks in advance.

Best,
Jeff

0 Helpfuls

mikeadler
ServiceNow Employee
ServiceNow Employee

‎08-22-2018 03:05 PM

Hi Mike, Nick and Jeff,

I have some good news for you. Journal field encryption is supported as of the Kingston release with Edge Encryption. There is an additional enhancement for journal field encryption via Edge Encryption supporting historical record encryption available in the London release, which as of this writing is in the customer early access invitation phase and planned to be generally available next month in September.

The HR use cases that you described are an excellent example of where ServiceNow HR customers can protect sensitive data processed in records like HR cases.

For the benefit of the community, could you please kindly mark this response as helpful if you found it useful and as answered if it answered your question?

Thank you for actively participating in the community!

Kind regards,

Mike

Jeff Boltz1
Mega Guru
In response to mikeadler

‎08-23-2018 06:37 AM

Hi Mike,

That is great news, but unfortunately we do not have edge encryption, so I am hoping for a solution that I could implement without it.

Your post is certainly helpful.

Best,

Jeff

0 Helpfuls