Database Encryption with Customer-Controlled Switch
-
- UpdatedAug 1, 2024
- 2 minutes to read
- Xanadu
- Now Platform Security
Database Encryption with Customer-Controlled Switch (DBE-CCS) is an encryption solution that encrypts all data-at-rest when not in use in the database.
Overview
Database Encryption with customer-controlled switch uses industry standard AES encryption, with no impact to functionality. The database encrypts data as it is written to the disk and decrypted by the database as it is read from the disk. Applications always have the data in an unencrypted state to perform the necessary logic and functions.
DBE-CCS utilizes technology native to the database, often called Tablespace Encryption or Transparent Data Encryption. For more details on the technology, refer to the MariaDB website under "Tablespace Encryption."
DBE-CCS requires you to set up an HTTPS REST service endpoint that periodically provides the secret key to the ServiceNow instance. The CCS endpoint then returns the customer secret key encrypted with the public key of the database instance.
Customer endpoint
A ServiceNow technology partner, Fortanix, is available to implement your customer endpoint for you. Contact the technology partner directly for details of the integration. For details, see Using Fortanix Data Security Manager with ServiceNow.
Multiple ServiceNow version support
Other references
Refer to these references for additional information about DBE with CCS: