The System Clone application automates much of the cloning process. An administrator defines what data is preserved on the target instance and what data from the source is not cloned, then initiates the cloning process. A background job ensures that all cloning requirements are met and carries out the cloning process.
During a clone, the target instance may be intermittently unavailable. After clone completion, you have up to 24 hours to contact ServiceNow Customer Support and request a rollback of the target instance to its pre-clone state. You will be notified when the rollback is complete.
What is Sensitive Data?
Sensitive data are defined as data that can be related to defining an individual or an organization. It can be categorized into three types:
- - Personal information: any information that alone or in combination with other data elements can be used to identify, describe, locate or contact an individual. A person's name does not need to be attached to the information. A passport number alone or a code ion a clinical trial study is enough to identify a person. Other examples of personal information include contact information, government identifiers, financial identifiers, and credential information.
- - Business information: sensitive business information includes anything that poses a risk to the company in question if discovered by a competitor or the general public. Such information includes trade secrets, acquisition plans, financial data and supplier and customer information, among other possibilities. With the ever-increasing amount of data generated by businesses, methods of protecting corporate information from unauthorized access are becoming integral to corporate security. These methods include metadata management and document sanitization.
- - Classified information: this pertains to a government body and is restricted according to the level of sensitivity (for example, restricted, confidential, secret and top secret). Information is generally classified to protect security. Once the risk of harm has passed or decreased, classified information may be declassified and, possibly, made public.
How to protect sensitive data?
There are different ways to protect sensitive data:
- - Deleting data: this method is the most secured but this can have an impact on the behavior of the system
- - Data scrambling: this method is not as secured as the first one but it is a good option
- - Encryption: the difference between encryption and data scrambling is the first method rely on a secret key where the second one is dependent on the script used to scramble data. Encryption is a good alternative if you don't want to delete data. However it comes with some limitations such as only string field can be encrypted; encrypted fields cannot be processed by server script, etc.
When do you need to use data anonymization?
Data anonymization must be used only for data that are classified as sensitive. I recommend anonymizing data in case of deleting data will change the behavior of the system. Please keep in mind that it is more secure to delete data than encrypting data.
How to scramble data?
Configure the post-cloning scripts to scramble data. Please follow the procedure below to scramble data:
- - Get the list of tables and fields to scrambled
- - Go to the "Data anonymization" application
- - Go to the configuration table
- - Update the configuration table with the list of data to scramble
- - Run the script
