ServiceNow Edge Encryption With Edge Encryption, you can control and possess all encryption keys for encrypted data. Edge Encryption is a proxy application that resides in your network and encrypts data before the data is sent over the Internet to your instance (encrypted in motion). The data remains encrypted while stored in the instance (encrypted at rest). The encrypted data is sent back to the proxy application (encrypted in motion) when requested. Finally, the encrypted data is decrypted by the proxy before being sent to the client in your network. Your security administrator specifies which fields are to be encrypted. AES 128 or AES 256 encryption algorithms can be used. Attachments can be encrypted on a table by table basis. Depending on the encryption type chosen for a field, certain levels of UI filtering, sorting, or compare functionality can be preserved. Figure 1. Edge Encryption You own and manage the encryption keys. Encryption keys are never sent to the instance. ServiceNow never possesses the clear data and cannot see it. Three key storage mechanisms are supported: file store, Java KeyStore, and SafeNet. The Edge Encryption proxy obtains encryption keys from one of the key stores to encrypt and decrypt data. Edge Encryption limitationsEdge Encryption impacts system functions. Carefully evaluate the impact of encrypting a field. Getting started with Edge EncryptionSuccessful implementation of Edge Encryption requires planning and preparation. Edge Encryption application and proxyEdge Encryption has these components: the Edge Encryption applications installed via a plugin and the Edge Encryption proxy which can be downloaded from one of the menu options from the Edge Encryption application.Encryption typesEdge Encryption provides a variety of encryption types. For each encryption type, it provides support for AES with 128-bit encryption keys. If the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files are installed, it also provides support for 256-bit encryption keys for each of the encryption types.Encrypted attachmentsYou can encrypt attachments for specific tables.Key managementYou are responsible for providing and managing the encryption keys used by Edge Encryption.Key store managementEncryption keys must be stored in one or more encryption key stores. Request Edge EncryptionThe Edge Encryption plugin is available as a separate subscription. Edge Encryption proxy installationInstall one or more Edge Encryption proxy applications on your network.Add an additional proxy on LinuxAfter the first Edge Encryption proxy is properly configured and tested, you can set up additional proxies on Linux. Add an additional proxy on WindowsAfter the first Edge Encryption proxy is configured, you can set up additional proxies on Windows. Edge Encryption ODBC driver integration Configure your ODBC driver to query data encrypted by Edge Encryption. The Edge Encryption proxy server encrypts ODBC driver requests to the ServiceNow instance when Edge Encryption is integrated with the ODBC driver.Edge Encryption MID Server integrationConfigure the MID Server to route data through an Edge Encryption proxy server.Start the Edge Encryption proxyAfter an Edge Encryption proxy is installed and configured, you can start the proxy from the command line.Stop the Edge Encryption proxyYou can stop an Edge Encryption proxy from the command line.Configure Edge Encryption on the instanceConfigure Edge Encryption by configuring fields and attachments for encryption.Update the Edge Encryption proxyYou must update the Edge Encryption proxy when new versions of the proxy and supporting software become available.Uninstall the Edge Encryption proxy on LinuxBefore installing a new version of the Edge Encryption proxy, you must shut down and uninstall the current version. Uninstall the Edge Encryption proxy on WindowsBefore installing a new version of the Edge Encryption proxy, you must shut down and uninstall the current version.Rotate encryption keysEdge Encryption provides the tools to support encryption key rotation.Scheduled encryption jobsIf you have the security-admin role, you can schedule several different types of jobs to be performed by the Edge Encryption proxy. Edge Encryption monitoringYou can monitor sessions that use Edge Encryption proxies.Edge Encryption loggingEdge Encryption logs information on the instance and on each proxy server.Encryption rulesIt may be necessary to write encryption rules when you want to encrypt data passed as part of GET/POST requests to processors or APIs on the instance. You can create rules for mapping elements of fields in requests to Glide table-field names.Dictionary attributesYou can add Edge Encryption dictionary attributes to tables and fields. Installed with Edge EncryptionSeveral types of components are installed with the Edge Encryption feature.