Encryption support FAQ

These are general security FAQs for encryption. For information about MID Server credential encryption.

What prevents an admin with privileged access from accessing the key?

A user with access to the encryption context record could access it. The key itself is stored encrypted.

Where does encryption/decryption occur?

Encryption and decryption occurs on the server not in the user interface.

Is the key loaded into memory only when required to encrypt/decrypt?

Yes, first the user’s access to the key is validated and then created in memory to do the encryption/decryption and then disposed of after the operation is complete.

Is the key stored in clear-text on the server anywhere? If it is encrypted where is that encryption key stored and how is it protected?

The encryption context key is stored encrypted in the database. The encryption key for that encryption context key is built into the program and is not visible through the user interface at any time.

What stops an admin with privileged access from giving themselves the role that is allowed to encrypt/decrypt?

A user with admin access could grant himself or other users the role associated with the encryption context as this is how encryption contexts are assigned. If desired, additional measures could be added by the customer or professional services such as sending an email to an appointed "encryption manager" whenever a role associated with an encryption context is granted to a user, etc.

What level of logging is there to detect changes to a role that allows encrypt/decrypt?

There is no extraordinary logging for changes to roles aside from the logging of the transaction. This certainly could be added via business rules by the customer or ServiceNow professional services in a wide variety of ways depending on the needs of the customer.

What stops an admin with privileged access from tampering with the logs?

The product keeps two sets of logs. One is visible within the instance as the "system log". An administrative user can, in theory, manipulate this log, although the security manager can be configured to make such tampering extremely difficult. A second log exists on the file system of the application server and cannot be manipulated directly from within the App server. In the event of a forensic situation wherein an administrator has deliberately tampered with the application’s own internal auditing and logging capabilities, the file system based log can be used to reconstruct a user’s transactional history.

Can I encrypt Import Sets?

Import Sets run as user System. Therefore, import sets cannot add data to encrypted fields.

Can I encrypt fields in Inbound Email Actions?

Inbound email actions work via impersonation, but impersonation does not have access to users' encryption contexts. Carefully consider the safety of mailing data worthy of encryption through email routers.

Do templates support encrypted fields?

Templates do not support encrypted fields. Applying a template does not apply data to an encrypted field. Saving a template from a form does not save encrypted values.