Encryption and Key Management

Encryption is a cryptographic procedure that converts plaintext into ciphertext to control the disclosure of information.

Overview ServiceNow key management includes the activities involving the handling of cryptographic keys and related security parameters during the end-to-end key lifecycle, and is an effective control based on National Institute of Standards and Technology (NIST) 800-57 guidelines.

Encryption is used to convert plaintext strings of characters into ciphertext, which remains indecipherable without access to the correct key. The security benefits of encryption are derived from the combination of strong algorithms and quality key management.

Encrypting all information may not be necessary for all data and would greatly increase processing time due to the large number of data supported across all applications. When you determine encryption is needed for data, these Now Platform options are available:

Get started Key Management Framework (KMF)

The Key Management Framework (KMF) API/UX lets you fully customize and manage how cryptographic operations are performed on your ServiceNow instance.

Field Encryption

A built-in application that permits encryption of string, date, date/time, or attachment fields using AES-128 or AES-256 in encryption modules. Column Level Encryption Enterprise ( CLE_Ent )

Offers a more extensive encryption solution to Field Encryption, such as customer-supplied keys, script access via APIs, additional cryptographic modules and module access policies, and more.

Cloud Encryption

Cloud Encryption enables you to use a ServiceNow generated key or supply a key that you create and manage.

Database Encryption

Enables all data to be protected with symmetric AES-256 encryption, whether the database is online or offline, and provides standard key management, such as key rotation. All data flows are decrypted during runtime.

Platform Encryption entitlement bundle

Upgrade to unlimited-use Field Encryption Enterprise, Cloud Encryption, and Database Encryption.

<a class="xref" href="../../encryption-database/concept/full-disk-encryption.html" title="Full disk encryption (FDE) applies encryption to the entire storage system within the database server only, because this is the only customer data-storing component. FDE protects only against physical loss or theft of storage devices. When encrypted disk servers are powered on and providing data, the encryption provides no additional protection."> Full Disk Encryption (FDE)

Full disk encryption applies encryption to the entire storage system within the database server only. Because this is the only customer data-storing component.

Edge Encryption

Encrypts sensitive data on your company premises before sending data over the internet to your ServiceNow instance. Data remains encrypted at rest on the instance.

Activation information The ServiceNow Platform Encryption subscription bundle is a group commercial entitlement that includes Key Management Framework , Field Encryption Enterprise , Cloud Encryption , and Database Encryption.

Field Encryption Enterprise is the unlimited license of Field Encryption . The Field Encryption Enterprise plugin is available with the activation of the com.glide.now.platform.encryption plugin. For details, see Encryption and Key Management subscription bundle .

Note: KMF doesn’t support domain separation, but can be used with on-premise instances.