Encryption Key Management release notes

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Encryption Key Management release notes

    The ServiceNow® Encryption Key Management application enhances data protection using encryption, controlled key access, NIST 800-57-based key lifecycle management, and FIPS 140-2-L3 key protection. The Xanadu release introduces improvements across Code Signing, Column Level Encryption, and Edge Encryption, aimed at streamlining security operations and administration.

    Show full answer Show less

    Key Features

    • Code Signing Enhancements: A new plugin provides roles and administration features, including signature migration jobs and a streamlined activation UI. Signing of scripts and attachments must now occur on trusted non-production instances or via the standalone signing tool, enhancing Root of Trust security. Notarization remains allowed on protected production instances.
    • Column Level Encryption (CLE) Updates: New APIs, roles, and administration capabilities improve management. Logging for CLE has been enhanced for better readability and troubleshooting. CLE Enterprise supports full UTF-8 strings, including emoji, and can be installed by administrators post-purchase without technical assistance.
    • Edge Encryption Improvements: Users can now download multiple encrypted attachments as a zip file using the new Download All button. Dashboards have been migrated to the NEXT Experience View, maintaining previous functionality while improving performance and troubleshooting.
    • Platform Encryption Subscription Bundle: This bundle includes Column Level Encryption Enterprise, Cloud Encryption, and Database Encryption, offering comprehensive encryption capabilities with advanced key management.

    Practical Implications for ServiceNow Customers

    • Administrators can leverage updated Code Signing tools and roles for more secure and efficient digital signature management.
    • Column Level Encryption enhancements simplify deployment and provide better logging visibility, aiding in compliance and operational troubleshooting.
    • Edge Encryption users benefit from improved multi-attachment download capabilities and upgraded dashboard experiences.
    • Purchasing the Platform Encryption subscription bundle grants access to a full suite of encryption tools and key management features, supporting robust data security strategies.

    The ServiceNow® Encryption Key Management application protects your data by using encryption, tightly controlled key access, National Institute of Standards and Technology (NIST) 800-57-based key life-cycle management, and FIPS 140-2-L3 key protection. Encryption Key Management was enhanced and updated in the release.

    Encryption Key Management highlights for the Xanadu release

    • Start using Code Signing's improved activation process. You can use the new Code Signing UI page for a faster, streamlined activation.
    • Administer Column Level Encryption with new Column Level Encryption APIs, roles, and administration features. Column Level Encryption logging has been enhanced for improved readability.
    • Download all encrypted attachments as a zip file by using the new Download All button.

    See Key Management Framework for more information.

    New in the Xanadu release

    New plugin available for Code Signing roles and administrative features
    Activate the plugin to access the new roles and administration features. The new plugin creates signature migration jobs, new code signing roles, and a new code signing administration page.

    Changed in this release

    Changes to Code Signing requirements
    As a part of improving security around Root of Trust, signing of script and attachments records can only be done on your trusted non-production instance or using the standalone signing tool. The exception is notarization, which can still be performed in the protected production instance.
    Enhancement requests for the Code Signing Standalone signing tool
    Updates to Code Signing enable your administrators to work with keystores, signature records, and records to be signed outside of the local system.
    Improved activation process for Code Signing
    Activate Code signing with a new UI page that is designed to streamline the activation process.
    Download All Button for Multiple Attachments is available when Edge Encryption is enabled
    By using the download all functionality, you can now download multiple documents into a zip file when you also enable Edge Encryption.
    Edge Encryption jRobin dashboards have been migrated to NEXT Experience
    View troubleshooting and performance on dashboards that were migrated from the deprecated jRobin framework. These dashboards display the same information that was available in previous versions.
    Column Level Encryption Enterprise is installable by administrators after purchase
    After purchasing Column Level Encryption Enterprise, your administrator can typically activate the product without needing technical assistance.
    Support for full string UTF-8 in Column Level Encryption
    CLE supports encryption and decryption of the full range of UTF-8 characters, including emoji.
    Improved readability for Column Level Encryption logging
    With the improved system, node, application, and audit logging, your administrators can analyze and troubleshoot their CLE or CLEE implementation.

    Activation information

    The Platform Encryption subscription bundle is a group commercial entitlement that includes Column Level Encryption Enterprise, Cloud Encryption, and Database Encryption.

    Column Level Encryption Enterprise is the unlimited license of Column Level Encryption. The Enterprise plugin is available with the activation of the com.glide.now.platform.encryption plugin. For details, see Encryption and Key Management subscription bundle.

    Related ServiceNow applications and features

    Encryption and Key Management
    Encryption is a cryptographic procedure that converts plain text into cipher text, which helps prevent anyone but the intended recipient from reading that data.
    Key Management Framework
    The Key Management Framework lets you fully customize and manage how cryptographic operations are performed on your instance.
    Code Signing
    Code Signing creates digital signatures for the data, which are later checked to confirm the authenticity and integrity of the data. Code Signing is a module licensed as a component of Vault.
    Edge Encryption
    Edge Encryption encrypts sensitive data on your company premises before sending it over the internet to your instance (encrypted in flight), where it remains encrypted at rest.
    Cloud Encryption with Key Management
    Cloud Encryption offers encrypted storage for the database using block encryption, with enhanced key management. Cloud Encryption is available with the Platform Encryption subscription bundle.