Column Level Encryption

  • Release version: Xanadu
  • Updated October 22, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Column Level Encryption

    Column Level Encryption (CLE) allows you to encrypt specific fields within your tables based on user roles, enhancing data security without the need to encrypt entire tables or databases. This selective encryption helps streamline the process of protecting sensitive data, reducing the time spent on encryption and decryption.

    Show full answer Show less

    Key Features

    • Role-Based Access: Access to encrypted data is granted based on user roles, ensuring that only authorized users can view sensitive information.
    • Basic Key Management: CLE incorporates basic key management utilizing encryption modules.
    • End-of-Life Notice: CLE and Column Level Encryption Enterprise (CLEE) will no longer be supported after December 2028, having reached their end-of-sale and renewal milestones.

    Key Outcomes

    By implementing Column Level Encryption, you ensure that sensitive data is visible only to users who require access, thereby enhancing data confidentiality and compliance. Users not associated with the necessary role will not see encrypted fields, maintaining the integrity of your data security protocols.

    Next Steps

    • Explore: Learn about the benefits of the Standard and Enterprise editions.
    • Configure: Understand how to activate and manage Column Level Encryption.
    • Use: Manage access to encrypted data on your ServiceNow instances effectively.
    • Troubleshoot: Access the ServiceNow community and customer support for assistance.

    Column Level Encryption (FE) permits and denies access to encrypted data based on user role. Column Level Encryption includes basic key management using encryption modules.

    Important:

    Column Level Encryption (CLE) and Column Level Encryption Enterprise (CLEE) have begun their end-of-life process and reached the end-of-sale and renewal milestones as of the Australia release. It will no longer be supported as of December 2028.

    For field encryption support see or Column Level Encryption Enterprise for premium field and attachment encryption support.

    With Column Level Encryption, you can encrypt specific fields within your tables, as opposed to encrypting the entire table or database. Use this method to help ensure that your sensitive data remains protected without the need to encrypt and entire table. The ability to encrypt only the portions of your tables that require it helps to reduce the time spent encrypting and decrypting data.

    Column Level Encryption grants access to encrypted data based on a user's role. Because of this approach, users must be associated with a role to view data encrypted by Column Level Encryption. Users can be associated with a role directly, or they can be assigned to a group that is associated with a role. This role-based approach simplifies the process of making sure that your data is visible only to users who need it.

    Figure 1. Role-based encryption example
    Role-based encryption
    In this example, you can see four users attempting to access data stored in two fields on a form. These fields are encrypted by an encryption context, which is only accessible to users who are associated with a specific role (Role 1).
    • User 1 is a member of Role 1, which provides access to encryption module 1. User 1 can see the contents of Field A and Field B.
    • User 2 and User 3 are members of Group 1. Group 1 is a member of Role 1, which enables everyone in Group 1 access to encryption module 1 and enables User 2 and User 3 to see the contents of Field A and Field B.
    • User 4 isn't a member of any group or role and has no access to encryption module 1. User 4 does note access to Field A or Field B. User 4 also doesn’t see these fields on a form. In a list view, these fields are visible, but the values are be empty.

    Get started

    Troubleshoot and get help