What is servicenow vault? how its different from other encryption solutions from servicenow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 07:02 AM
What is ServiceNow vault? how its different from other encryption solutions from ServiceNow like Edge Encryption, Column Level Encryption, Enterprise (CLE/PE), Database Encryption, Full Disk Encryption?
Is Vault the latest and updated solution and replacement of all other solutions?
In which scenario, which product to choose?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 07:15 AM - edited 07-03-2025 01:33 PM
Hi,
ServiceNow Vault is a bundle of Platform Security capabilities including:
- Platform Encryption
- Data Privacy
- Zero Trust Access
- Log Export Service
- Code Signing
Platform Encryption itself is a bundle of two encryption products: Cloud Encryption and Field Encryption (which is the replacement for Column Level Encryption).
Edge Encryption and Database Encryption are in "End of Renewal" status, meaning anyone subscribing to it, once their contract renews, they'll need to move off of either Edge Encryption or Database Encryption to Platform Encryption.
As far as the differences, Field Encryption and Edge Encryption are somewhat similar in that they both are encrypting specific fields in the instance, but the difference lies in the fact that ServiceNow hosts the data encryption key for Field Encryption with our FIPS 140-2 L3 validated HSMs. The customer still maintains control of the keys for Field Encryption and Field Encryption has additional "run-time" protection by being able to control who can or cannot decrypt data once logged into the application by use of the "Module Access Policy" feature.
Cloud Encryption, Database Encryption, and Full Disk Encryption are also similar in that they are providing encryption at rest for the entire instance database - the use cases that are being solved for by "encryption at rest" are 1) protection against physical theft or 2) fear of improper disposal.
In short, Vault is a super set of products that includes Platform Encryption. Platform Encryption includes Cloud Encryption and Field Encryption. And Platform Encryption is the modern replacement for Edge Encryption, Database Encryption, and Full Disk Encryption.
You can find more information about Vault in this data sheet here: https://www.servicenow.com/standard/resource-center/data-sheet/ds-vault.html
As far as which scenarios to choose which products, it'll be entirely dependent on your organization's specific set of circumstances and requirements, but a general rule of thumb is - if you need encryption at rest for everything, go with Cloud Encryption. If you want advanced controls for the application layer controlling who can or cannot decrypt once logged in, go with Field Encryption. All of the other products are considered legacy.
Hope this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 01:32 PM
Hi @Mike Salem
You said
"And Platform Encryption is the modern replacement for Field Encryption, Database Encryption, and Full Disk Encryption."
But you also said field encryption is under platform encryption. It's contradictory and confusing. Can you please clarify.
And what about full disk encryption? Is that also going to be legacy? Which will be replaced by cloud encryption?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 01:35 PM - edited 07-03-2025 02:12 PM
Apologies @Suggy, that was a typo on my end. I meant that Platform Encryption is the modern replacement for Edge Encryption, Database Encryption, and Full Disk Encryption.
I have fixed this in my original post.
As far as your question of "will Full Disk Encryption be legacy and will it be replaced by Cloud Encryption?"
It is still technically available to be sold, but it does not provide key management capabilities like Cloud Encryption does, and so yes we consider it Legacy. We may stop selling it at some point in the future like we have already done with Database Encryption and Edge Encryption, but it is still available today.
However, the Product Management position is that Platform Encryption is where we are investing resources now and in the future, and Cloud Encryption is the choice for encryption at rest instead of Database Encryption or Full Disk Encryption.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 08:52 PM
Thank you for all your inputs @Mike Salem
Also if you could share the content of that KB article it would be greatly appreciated as I am getting this message "Your role does not grant you access to this article. Please use Search to find related content."
