Hi @Max19 ,
ServiceNow® Cloud Encryption offers encrypted storage for the database using block encryption, along with enhanced key management. Cloud Encryption is available with the ServiceNow® Platform Encryption subscription bundle.
Cloud Encryption offers:
- Segregation of duties.
- Rotation of ServiceNow Managed keys.
- Customer Managed keys option.
Note: You may want to use this option if your organization requires you to use key material generated by your own crypto tools or libraries, enterprise key management system, or hardware security module (HSM). See Configure Customer Managed key settings for details.
The following diagram shows how Cloud Encryption works.
The Cloud Encryption Key Management module consists of the following submodules:
- Key Management Operations:
- Access the list of keys.
- Perform key rotation operations.
- Withdraw customer managed key.
- Key Management Transactions:
Reference all transactions that have occurred for the keys that have been used.
- Configure Customer Managed key settings:
Use your own customer managed key for encryption.
In certain circumstances, a key withdrawal request may be opted for when using Customer Managed keys. You must first request the key withdrawal functionality from Customer Service and Support and complete a legal addendum.
For information on obtaining Cloud Encryption, see Encryption and Key Management subscription bundle.
