The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

TechNow Ep 89 | Navigating Encryption Options

Chuck Tomasi
ServiceNow Employee
ServiceNow Employee
‎08-30-2021 02:31 PM

When it comes to security and encryption on the Now Platform, you've got plenty of options. But navigating these options can be tricky. Fortunately, ServiceNow is here to help. Join the webinar, and together we'll explore the various options for encrypting your data and determine which one is right for your organization's unique situation.

Originally aired: August 31, 2021 8:00 AM PT

 

Links Mentioned

 

Featured Experts

Chuck Tomasi is a Sr. Developer Advocate for ServiceNow. He is a computer science major with over 35 years of IT experience. As a former ServiceNow customer, Chuck won the first Innovation of the Year Award at Knowledge 10. Since joining ServiceNow in 2010 as a Technical Consultant, he has done many large scale ITSM implementations and custom applications, acted as an adjunct instructor for Education Services, created and lead the Technical Best Practices program, makes appearances on Live Coding Happy Hour, created dozens of fit for purpose custom applications, and co-hosts the ServiceNow series "TechNow".

 

Kreg Steppe is a Sr Staff Enterprise-wide Apps/Sys Developer within ServiceNow Training and Certification developing and supporting cloud training infrastructure. He specializes in developing integration solutions, automating repeatable processes and Cloud Management in ITOM. Kreg's prior experience includes operating his own ISP, developing web applications in PHP, network integration, managing network support, Application Development on cloud based networks, DNS and email server maintenance. He is a Linux enthusiast and enjoys Photography.

 

Jeremy Duncan is a Platform Architect on the Workflow Design Studio team at ServiceNow. Jeremy is an Enterprise Architect with over 16 years of IT and Service Management experience. His experience and certifications span across retail and manufacturing with focuses on hardware, software, and information security specialties and is a ServiceNow Certified Master Architect. He has done many implementations in both the Enterprise Federal and Commercial spaces since 2011 and brings a breadth of platform knowledge that aids him in sound architectural decisions. He achieved his B.B.A. at MTSU and majored in Information Systems. He spends his free time fighting crime as a volunteer certified police officer in North Nashville since 2012 and enjoys family time, camping, with his wife and kids!

 


Questions and Answers

Can customers specify their own Key Management Secrets Engine?
-- Jose017S Maldonado
that is discussed, interested in your use case / how you would want this to work
-- Pierre Rohel
 
Will the ServieNow staff have access to the keystore?
-- Michael Russell
having a little trouble with this new interface. the short answer is no. we have a small number of SecEng HSM admins with administrative rights (no access to customer keystore) whose accounts are closely monitored. As the key-wrapping hierarchy slide show
-- Gray Williams
 
what does the auto generate option do? can it create the key when the module is first used?
-- sapna deval
yes
-- Gray Williams
 
my understanding is if the key was generated in Safnet HSM it cannot be removed/exported. I am interested in this topic.
-- Jeffrey Varnon
Correct, the HSM key at the root of key protection is not exportable
-- Pierre Rohel
 
How compatible Edge and CLE are with Workspace
-- Purbali Paul Choudhury
there's some nuance here. over time this will improve, particularly in Rome for CLE_Ent.
-- Gray Williams
 
is key rotation handled by the KMF
-- Jeffrey Varnon
Yes
-- Gray Williams
 
what is the difference between CLE with KMF with new Quebec platform encryption with KMF
-- Purbali Paul Choudhury
CLE with KMF, called platform encryption in Q, has key management and protection via KMF
-- Gray Williams
 
Clarification: What is the default encryption option (Edge, CLE_Ent or DBE)?
-- Rob Mercado
when you say default, you have to opt-in to all of those options
-- Gray Williams
 
does module access policy replaces having context for encryption
-- Purbali Paul Choudhury
the context concept for CLE still exists as a subset of the larger Module (specifically within the MAP)
-- Gray Williams
 
Does the KMF Cryptographic Module require a separate install or plugin?
-- Jose017S Maldonado
It is becoming OOB. you can also request it from Service Catalog
-- Pierre Rohel
 
Is there any links that would help show some examples that would fall within the various buckets? To help us make those decision based on fit for risk examples.
-- Jose017S Maldonado
could you elaborate? we're envisioning all sensitive and regulated data, but this is futures and yet to be implemented
-- Gray Williams
 
Is there an option for no key management/no encryption? and What is the default key management option?
-- Rob Mercado
KMF is OOB in Q -- but you choose how and what to encrypt; there's nothing encrypted OOB
-- Gray Williams
 
What are the implications of turning on at rest encryption on a SNOW instance when you have a fairly large footprint already at play?
-- Mazdak Salari
our field security team specializes in helping you walk through these implications and your encryption options relative to the risk you're trying to manage. the final answer depends on which encryption option you go with and what version you're running on
-- Gray Williams
 
Can you import a key from a Safnet/Gemalto Network HSM 6.x
-- Jeffrey Varnon
Yes
-- Gray Williams
 
Assuming these keys can be kept in an external vault (cyberark) ?
-- Radhakrishnan Nair
there's some nuance here. it depends.
-- Gray Williams
 
0 Helpfuls
  • 474 Views
1 Comment
Popular Blog Posts