Edge Encryption release notes

Edge Encryption product enhancements and updates in the Geneva release.

Activation information

The Edge Encryption plugin is available as a separate subscription.

New in the Geneva release

Organizations face the challenge and complexity to protect sensitive data within the ServiceNow platform. The Edge Encryption application provides customers with an end-to-end native solution to manage the encryption of their data that helps them solve challenges tied to sovereignty concerns, data loss prevention, and regulatory compliance.

With Edge Encryption, the customers create and control their encryption keys. Edge Encryption is available as a proxy application that resides in a customer's network and encrypts data before the data is sent over the Internet to the ServiceNow instance (encrypted while in flight). The data remains encrypted while stored in the instance, (encrypted while at rest). The encrypted data is sent back to the proxy application (encrypted while in flight), and is decrypted by the proxy before being sent to the browser in the customer's network.

The customer's security administrator specifies which fields are to be encrypted using the Edge Encryption plugin. The customer's security administrator can choose between Advanced Encryption Standard (AES) 128 or 256 encryption algorithms. Attachments can be encrypted on a table-by-table basis. Depending on the encryption type chosen for a field, certain levels of filtering, sorting, or compare functionality can be configured.

For more information about these features, see Edge Encryption.
Data encryption On-premises proxy encrypts data to or from the ServiceNow platform before going through SSL encrypted connection (encrypted while in flight.) Data stored in the ServiceNow platform is encrypted (encrypted at rest.)
Levels of data encryption Multiple options for encryption to support different levels of sorting or filtering functionality. These options are standard, equality preserving, and order preserving.
Encryption jobs Mass encryption and decryption to apply a key en mass to a table field or attachment.
Encryption key rotation support Key rotation management to support replacing an existing encryption key with a new key.
Rules to support custom applications Rules engine to support the creation of encryption rules for custom applications.
Monitoring tools Monitoring tools to troubleshoot and diagnose activity on the proxy server.