ServiceNow – Securing Fields – 7 Column Level Encryption

Secretary of Simplification

4 Jan 202312:05

Summary

TLDRThis video provides a concise introduction to column-level encryption in ServiceNow, focusing on securing sensitive data such as strings, dates, and attachments. It guides viewers through the setup process, including creating a cryptographic module, defining access policies, and configuring encrypted fields. The tutorial emphasizes the importance of careful planning, as encryption can affect existing workflows and user access. For those seeking a deeper understanding, the video encourages further exploration of detailed courses on Now Learning. This approach ensures data privacy while maintaining accessibility for authorized users.

Takeaways

🔐 Column level encryption is a server-side encryption method for string-based fields, ensuring data privacy and security.
🔑 Only users with specific roles can access encrypted field values; unauthorized users will not see the field at all.
📚 There are three in-depth courses available on Now Learning that cover column level encryption in detail.
🚗 The example used in the video involves encrypting the 'pin' field in the 'cars' table.
👤 Admin users have the ability to view and modify encrypted fields, while regular users cannot see them.
⚙️ Setting up column level encryption involves creating a cryptographic module and defining key parameters.
🛡️ Assigning role access is crucial to ensure that only authorized users can access the encrypted data.
🔍 Testing the setup is important; admins should be able to interact with the field while other users should not see it.
⚠️ Encrypting a field can impact existing processes, including workflows and business rules; planning is essential.
💡 Best practices include using the Glide system method to verify user roles before executing actions on encrypted fields.

Q & A

What is column-level encryption in ServiceNow?
-Column-level encryption is a server-side encryption feature for string-based fields such as strings, dates, URLs, and attachments. It ensures that only users with the necessary roles can access the encrypted field values.
What happens to users who do not have access to the encrypted fields?
-Users without the necessary roles do not see the encrypted fields at all, effectively hiding these fields from them.
What is the purpose of the cryptographic module in the setup process?
-The cryptographic module serves as the framework for the encryption process. It allows users to create and manage the encryption keys used to secure specific fields.
How do you create a new cryptographic module in ServiceNow?
-To create a new cryptographic module, you access the field encryption module, create a new record with a name (using underscores instead of spaces), select the default template for the cryptography specification, and then save it.
What steps are involved in defining the key parameters?
-You walk through a guided setup to define various parameters for the key, including its lifecycle and origin. For example, you can specify a duration for the key to be valid.
What is the role of access policies in column-level encryption?
-Access policies assign roles to the cryptographic module. This means that only users with the designated roles can access the encryption keys associated with the module.
Can you encrypt multiple fields using different keys for different roles?
-Yes, you can specify more than one module to encrypt a field with different keys, allowing different roles to have distinct access to the encrypted data.
What should be done to ensure proper user experience after encrypting a field?
-It is advisable to remove the encrypted field from the list layout for users without access. This avoids confusion since they won’t have permission to view the field.
How do flows and business rules interact with encrypted fields?
-Flows may fail to access encrypted fields if run as a system user. However, if the flow is run as the currently logged-in user with the necessary role, it can access the data. Similarly, business rules triggered by users with the necessary role will work as intended.
What additional resources are recommended for learning more about column-level encryption?
-It is strongly recommended to take the detailed courses available on Now Learning, which provide more comprehensive information and guidance on implementing column-level encryption.