edge encryption

Go to solution
MKhan1
Giga Contributor

‎09-28-2017 09:43 AM

We are trying to setup edge encryption and this requires setting up proxy server within customer premises. If anybody connects directly to ServiceNow instance without connecting to internal network of customer then will edge encryption would still work? or will it make it a mandate for all employees to connect to customer network before accessing ServiceNow instance?

Labels:
0 Helpfuls
  • 2,947 Views
1 ACCEPTED SOLUTION

Go to solution
mikeadler
ServiceNow Employee
ServiceNow Employee
In response to MKhan1

‎10-03-2017 09:59 AM

Hi Mohammed,



With respect to your questions, by number:



  1. Yes, you can have more than one Edge Encryption proxy server. However, I do recommend at a minimum, using two Edge Encryption proxy servers for high availability purposes.   There is no limit to the number of Edge Encryption proxy servers. A useful reference that I would you encourage you and others that have a similar interest on Edge Encryption proxy server sizing at the Sizing your Edge Encryption environment landing page which will provide you with additional information and guidance when making implementation design considerations for this solution.
  2. You could potentially allocate an Edge Encryption proxy server to different sets of individuals. However, this approach would need to be configured at the network level and DNS settings, apart from the proxy server configuration. This is because the Edge Encryption proxy server does not restrict access to data according to criteria based on which particular Edge Encryption proxy server a user connects through. Therefore, in the scenario you described, person A and person B could still see each other's data regardless of which Edge Encryption proxy they connect to their shared instance with. I do like your scenario and it is something that we would eventually like to be able to support in the future at some point. At a high level, this would require a   set of keys that is unique to each each Edge Encryption proxy server connecting users to the same shared instance.


Could you please kindly mark the appropriate response as correct for the benefit of other community members?



Thanks in advance and please do feel free to share any other feedback.



Kind regards,



Mike


View solution in original post

9 REPLIES 9

Go to solution
MKhan1
Giga Contributor
In response to mikeadler

‎10-03-2017 10:53 PM

Hi Michael,



Thank you for your prompt responses. Really appreciate.



Yesterday, I learnt that edge encryption is not supported for Domain separation. And this limitation cannot be seen on wiki or docs of ServiceNow. Can you please advise what will be encryption options for Domain separated environments?.



Thanks,


Mohammed


0 Helpfuls

Go to solution
mikeadler
ServiceNow Employee
ServiceNow Employee
In response to MKhan1

‎10-04-2017 04:25 PM

Hi Mohammed,



I'm pleased to help. This is an excellent follow-on question and here is my take on the current limitations that Domain Separation has with Edge. I think what follows should help you and other members of the ServiceNow community looking to make a more informed decision with respect to how to plan in advance as they determine which fields and attachments need to be encrypted when considering using Domain Separation with Edge Encryption.



The potential limitation with Domain Separation occurs when you want to use separate encryption keys that are unique to each sub-domain. That is a capability that Domain Separation does not support when using Edge Encryption. Therefore, all sub-domains will share and use the same encryption keys. That may or may not be a limitation for your implementation, but in my opinion is something that would be helpful for you to take into account and review with your customer audience in advance. The other limitation to consider is when Edge Encryption is used to perform an encryption job, like on a field or an attachment for example. The field or attachment would be encrypted using the same encryption key across all sub-domains when using Domain Separation. Again, in my opinion, it is best to confirm with your customer audience as to whether or not this would be a limitation for them or not.



Here are a few Domain Separation scenarios to illustrate further:



Scenario 1: Same Encryption Key Used Across all Sub-domains when entering a record with a field configured for Edge Encryption


Let's say, for example, incident.short_description (a supported string type field) was configured to be encrypted. And let's say that the default encryption key called "256bitkey" is created as the key used to encrypt data (fields and attachments) anytime a value is entered or updated into a field or attachment that is configured for Edge Encryption.   You also have sub-domainA and sub-domainB defined for the instance. An incident record entered in sub-domainA would have its incident.short_description field encrypted using the encryption key "256bitykey". Similarly, an incident record entered in sub-domainB would have its incident.short_description field encrypted using the encryption key "256bitykey".



Scenario 2: Same Encryption Key Used Across all Sub-domains during Mass Encryption


Working with this same example in Scenario 2, let's say a new default encryption key called "New256bitkey" was configured for the instance. The customer decides to re-encrypt incident.short_description with this new default encryption key for sub-domainA with a mass key rotation job. The result will be that not only is incident.short_description re-encrypted with "New256bitkey" in sub-domain-A, incident.short_description is re-encrypted with "New256bitkey" in sub-domain-B also.



Scenario 3: Sub-domain tries to enter information in the clear into a field that was already configured for encryption


The customer creates a third sub-domain called sub-domainC. The customer does NOT want incident.short_description in sub-domainC to be encrypted even though sub-domainA and sub-domainB use the same field to enter data that needs to be encrypted. However, since incident.short_description was already configured to be encrypted, any incident record entered will have its incident.short_description field encrypted. In this scenario, a potential workaround, would be to use a customer-defined field to store short description information that will only be used in sub-domainC.



Could you please kindly let me know if this answer helps and if you have any other suggestions or questions.



Kind regards,



Mike


Go to solution
MKhan1
Giga Contributor
In response to mikeadler

‎10-04-2017 09:59 PM

Thanks Michael. This defintely helps.


0 Helpfuls

Go to solution
Tom Sienkiewicz
Mega Sage
In response to mikeadler

‎01-05-2018 04:43 PM

Hi Mike,



sorry to hijack this thread like this but I have a quite similar considerations ahead, involving domain separation and the need for encryption. You certainly have a great understanding of how it works and what the limitations are, do you mind if I ask you some specific questions - here or privately?



I need to understand the limitations better and see how EE fits into my clients specific requirements, I would greatly appreciate any insight into this. Many thanks!


0 Helpfuls

Go to solution
mikeadler
ServiceNow Employee
ServiceNow Employee
In response to Tom Sienkiewicz

‎01-08-2018 09:25 AM

Hi Tomas,



Privately would be my preference. I look forward to discussing your questions with you.



Kind regards,



Mike



Mike Adler | Principal Product Manager, Security | Platform Business Unit


| The Enterprise Cloud Company


(p) +1(858) 480-8638


Preview file
3 KB
0 Helpfuls