ServiceNow Edge Encryption

With Edge Encryption, you can control and possess all encryption keys for encrypted data.

Edge Encryption is a proxy application that resides in your network and encrypts data before the data is sent over the Internet to your instance (encrypted in motion). The data remains encrypted while stored in the instance (encrypted at rest). The encrypted data is sent back to the proxy application (encrypted in motion) when requested. Finally, the encrypted data is decrypted by the proxy before being sent to the client in your network.

Your security administrator specifies which fields are to be encrypted. AES 128 or AES 256 encryption algorithms can be used. Attachments can be encrypted on a table by table basis.

Depending on the encryption type chosen for a field, certain levels of UI filtering, sorting, or compare functionality can be preserved.

Figure 1. Edge Encryption

You own and manage the encryption keys. Encryption keys are never sent to the instance. ServiceNow never possesses the clear data and cannot see it. Three key storage mechanisms are supported: file store, Java KeyStore, and SafeNet. The Edge Encryption proxy obtains encryption keys from one of the key stores to encrypt and decrypt data.