Encrypted text vs String in Encryption Context
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-04-2023 08:00 AM
Hi everyone,
We have setup an Encryption context and Encrypted field configurations to encrypt personal identifiable information (PII) and allow access to these data to specific people in a new custom application in ServiceNow.
We were using Encrypted text as the column type for one of this fields, and we noticed that when using an Encrypted text, an encrypted field configuration is automatically created with "Method" set to "Multiple Encryption Contexts", and there doesn't seem to be a way to use this data type (encrypted text) with a specific encryption context as the "Method".
We were in the process of importing data from the legacy system into the new application in ServiceNow, for which we configured some encrypted field configurations for the PII previously mentioned, but we ran into some issues with the data load transformations. The issue seems to be that the transformation runs under the system user, but that user doesn't have the role with the encryption context assigned, so the insertion into the target table fails.
One way to go around this issue, is to schedule a mass decryption job to deactivate the encrypted field configuration. After doing this, we were able to insert data into the previously encrypted field, but now we need to re-encrypt the newly inserted data; however, we can't run a mass encryption job for an encrypted field configuration when the "Method" is set to "Multiple Encryption Context", which again it is created automatically whenever we select Encrypted text as the data type.
On the other hand, fields with String as the data type, can be encrypted by creating an encrypted field configuration, and string fields support both mass encryption and decryption jobs.
So these are my questions:
- What are the differences between encrypted text and string (encrypted by encryption context and encrypted field configuration) data types?
- Which is "more secure"? Encrypted text or String data type? Both can be encrypted by encryption context and encrypted field configuration
- I would think that in terms of functionality, is better to be able to mass decrypt and mass encrypt, which only the string data type provides. My concern about encrypted text is that it doesn't support mass encryption, so if we ever run into a situation where we need to mass decrypt the data, we won't be able to mass encrypt again, unless manually going into each record and updating it to encrypt again. Any thoughts on which one would be better to use? My guess is that it depends on the requirements, so I think a pros and cons list would help us to decide.
I'll start with the list:
| Data type | Pros | Cons |
| String | Support both mass decryption and encryption Can still be encrypted | |
| Encrypted text | Doesn't support mass encryption. Is that really a con? |
Thank you all
