maucblancha
ServiceNow Employee

Session Recap: What's new for Platform Encryption in Australia

 

This session recapped the encryption enhancements introduced in the Zurich release while focusing on the new capabilities delivered in the Australia release.

 

The discussion provided an overview of ServiceNow Platform Encryption, including Field Encryption Enterprise, which replaced the legacy Column Level Encryption Enterprise, as well as enhancements introduced in Zurich and a deeper dive into the new External Key Management Service (EKMS) introduced in Australia.

 

The session also covered EKMS benefits, operational considerations, and included a live demonstration with AWS Key Management Service (AWS KMS).

 

 

Platform Encryption Overview

 

Platform Encryption helps organizations protect sensitive data through layered encryption while supporting compliance requirements and enabling secure cloud adoption.

The solution includes:

 

- Cloud Encryption, which encrypts data at rest at the database level to protect against physical storage theft.

- Field Encryption Enterprise, which provides application-level encryption for sensitive fields with granular access controls and support for customer-supplied encryption keys. Field Encryption Enterprise replaced the legacy Column Level Encryption Enterprise capability.

 

Zurich Release Highlight

 

The Zurich release enhanced Field Encryption Enterprise with row-level encryption, allowing organizations to apply encryption policies at the individual record level rather than only at the column level. This provides more precise protection for sensitive data and greater flexibility when managing security requirements across shared tables.

 

Australia Release Highlight: External Key Management Service (EKMS)

 

The Australia release introduced External Key Management Service (EKMS), enabling customers to manage their encryption keys using their own external key management system.

 

Key benefits include:

 

- Full customer ownership and control of encryption keys

- Customer-managed key rotation and revocation

- Centralized key management to support compliance requirements

 

EKMS is currently available for AWS Key Management Service (AWS KMS).

 

Because customers control their encryption keys, they are also responsible for key availability and lifecycle management. If a key is revoked, deleted, or becomes unavailable, ServiceNow cannot recover the key or decrypt the associated data. EKMS is designed for organizations with mature security and key management practices.

 

Key Takeaways

 

Zurich enhances Field Encryption Enterprise with row-level encryption for more granular data protection.

 

- Field Encryption Enterprise replaced the legacy Column Level Encryption Enterprise capability.

- Australia introduces EKMS, giving customers greater control over their encryption keys.

- EKMS currently supports AWS KMS, with additional providers planned for future releases.

- Customer-managed keys provide increased control while requiring strong key management processes.

 

Watch the Full Session

Want to dive deeper into the topics covered in this recap?

 

Watch the recording here: