- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Session Recap: What's new for Platform Encryption in Australia
This session recapped the encryption enhancements introduced in the Zurich release while focusing on the new capabilities delivered in the Australia release.
The discussion provided an overview of ServiceNow Platform Encryption, including Field Encryption Enterprise, which replaced the legacy Column Level Encryption Enterprise, as well as enhancements introduced in Zurich and a deeper dive into the new External Key Management Service (EKMS) introduced in Australia.
The session also covered EKMS benefits, operational considerations, and included a live demonstration with AWS Key Management Service (AWS KMS).
Platform Encryption Overview
Platform Encryption helps organizations protect sensitive data through layered encryption while supporting compliance requirements and enabling secure cloud adoption.
The solution includes:
- Cloud Encryption, which encrypts data at rest at the database level to protect against physical storage theft.
- Field Encryption Enterprise, which provides application-level encryption for sensitive fields with granular access controls and support for customer-supplied encryption keys. Field Encryption Enterprise replaced the legacy Column Level Encryption Enterprise capability.
Zurich Release Highlight
The Zurich release enhanced Field Encryption Enterprise with row-level encryption, allowing organizations to apply encryption policies at the individual record level rather than only at the column level. This provides more precise protection for sensitive data and greater flexibility when managing security requirements across shared tables.
Australia Release Highlight: External Key Management Service (EKMS)
The Australia release introduced External Key Management Service (EKMS), enabling customers to manage their encryption keys using their own external key management system.
Key benefits include:
- Full customer ownership and control of encryption keys
- Customer-managed key rotation and revocation
- Centralized key management to support compliance requirements
EKMS is currently available for AWS Key Management Service (AWS KMS).
Because customers control their encryption keys, they are also responsible for key availability and lifecycle management. If a key is revoked, deleted, or becomes unavailable, ServiceNow cannot recover the key or decrypt the associated data. EKMS is designed for organizations with mature security and key management practices.
Key Takeaways
Zurich enhances Field Encryption Enterprise with row-level encryption for more granular data protection.
- Field Encryption Enterprise replaced the legacy Column Level Encryption Enterprise capability.
- Australia introduces EKMS, giving customers greater control over their encryption keys.
- EKMS currently supports AWS KMS, with additional providers planned for future releases.
- Customer-managed keys provide increased control while requiring strong key management processes.
Watch the Full Session
Want to dive deeper into the topics covered in this recap?
Watch the recording here:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.