Vault tools and metrics

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Vault tools and metrics

    ServiceNow Vault integrates multiple tools to help customers discover, classify, and protect sensitive data within their instances. These tools provide visibility into sensitive data patterns, enable data classification, and apply security measures such as anonymization, encryption, and continuous authentication to safeguard sensitive information.

    Show full answer Show less

    Know your data

    ServiceNow Vault uses Data Discovery and Data Classification tools to help customers identify and understand sensitive data across their ServiceNow instance:

    • Data Discovery scans for sensitive data patterns across tables and attachments, providing metrics like occurrences of sensitive data, discovery status (new, classified, or ignored), and total sensitive data found.
    • Data Classification organizes discovered data into data classes, facilitating better data management and protection. Metrics include proportions of classifiable and classified data.

    Protect your data

    Several tools and metrics support securing sensitive data through different protection mechanisms:

    • Anonymization: Data can be anonymized by class using techniques that preserve data patterns while removing sensitive information, useful for development or compliance with data removal rights. Metrics track anonymized data volumes and real-time anonymization runtime by channels like Now Assist or Virtual Agent.
    • Cloud Encryption with Key Management: Sensitive data is secured using block encryption and managed encryption keys. Metrics include active cloud key rotations and key rotation intervals, visible to users with Key Management Framework admin roles.
    • Field Encryption: Protects sensitive fields while allowing authorized access, enhancing security against unauthorized actors. Metrics include classification status of encrypted fields, proportion of classified data protected, and number of active encryption keys. Viewing requires specific admin and security roles.
    • Zero Trust Access (ZTA): Implements continuous authentication policies to secure access to classified data in real time. Metrics show the number of classifications and classes protected by continuous authentication.

    Additional Vault tools

    • Encryption Key Management and Field Encryption: Provide configurable encryption modules for sensitive data.
    • Code Signing: Validates sensitive application configurations and scripts before usage to enhance security.
    • Data Privacy plugin: Removes personally identifiable information (PII) when migrating data from production to non-production instances.
    • Data Discovery plugin: Enables detection and classification of PII for further protection.
    • Log Export Services: Allows importing ServiceNow log data into enterprise analytics for improved security and performance.
    • Zero Trust Access ServiceNow Session Access: Dynamically reduces user privileges during web sessions to enhance security.

    Learn about the tools and metrics ServiceNow Vault uses to protect and discover sensitive data.

    ServiceNow Vault integrates with several tools to provide a cohesive overview of your sensitive data security. You can hover over a widget to get further insight on the reported data. Select the Go to button on any tool to go to its respective page.

    Know your data

    ServiceNow Vault uses Data Discovery and Data Classification to help you understand and know your data.
    Table 1. Tools and metrics
    Tool Metric Description
    Discovery

    Use Data Discovery to run a discovery scan to look for data patterns that might be sensitive data. Once discovered, data can then be reviewed or classified for further protection and management.

    		Discovered data Occurrences of sensitive data across tables in your instance, categorized by sensitive data pattern type.
    Discovery status Current state of all discovered sensitive data patterns, including new findings pending review, classified, or marked as ignored.
    Discovered attachments Total sensitive data occurrences in attachments across tables in your instance.
    Classification

    Data Classification create data classes and helps organize your data into data classes for better management. Classified data can be protected at the class level.

    		 Classifiable data Proportions of classifiable data.
    Classified data Proportions of classified data.

    Protect your data

    ServiceNow Vault uses data anonymization, cloud encryption, field encryption, and zero trust access to help secure and protect your data.
    Table 2. Tools and metrics
    Tool Metric Description
    Anonymization

    Anonymize data by data class with different anonymization techniques to preserve data patterns but remove sensitive data. Useful for sanitizing instances for development or removing specific user data because of rights to be forgotten.

    		 Existing data All classified data per workflow that is anonymized or not.
    Real time data The amount of anonymized real time data.
    Anonymization run times Run times in hours of data anonymized in real time by channel, such as Now Assist or Virtual Agent.
    Cloud Encryption with Key Management

    Securely protect sensitive data in encrypted storage for your data using block encryption, along with enhanced key management.

    		 Active cloud key Total rotations of the active cloud key.
    Note:
    To view this data, you need the Key Management Framework admin role (sn_kmf.admin or sn_kmf.cryptographic_manager).
    Key rotation Time elapsed between each rotation of active keys on your instance. Bar height measures how long a key was used before rotation.
    Note:
    To view this data, you need the Key Management Framework admin role (sn_kmf.admin or sn_kmf.cryptographic_manager).
    Field Encryption

    Securely protect sensitive data while providing access for authorized users. Useful for increasing protections from bad actors.

    		 Encrypted fields classification status Classification status of all data protected with Field Encryption.
    Classes protected with Field Encryption The proportion of classified data protected withField Encryption.
    Active encryption keys Number of active Field Encryption keys in your instance. Ideally, the number of active keys matches the number of classifications.
    Note:
    To view this data, you need the Key Management Framework admin role (sn_kmf.admin or sn_kmf.cryptographic_manager) and the security_admin role.
    Zero Trust Access (ZTA)

    Continuous authentication while accessing classified sensitive data in real time.

    		 Continuous Authentication classification status Number of classifications that are protected due to the continuous authentication policies.
    Classes protected with Continuous authentication Number of classes protected with continuous authentication, categorized by their class.

    All ServiceNow Vault tools