For all the advantages the Cloud and SaaS provide us, there are organizations for whom massive efficiency gains are *NOT* worth the risks.
ServiceNow has a range of options available (more on that later), but encryption is finally getting the attention it deserves. ServiceNow's edge encryption solution is available with the release of Geneva. Emerging 3rd party encryption providers now have ServiceNow specific offerings. One thing you *must* know is that encryption is not magic. There are very real consequences for doing so. You need to know exactly how encryption affects your ServiceNow life. As an encryption novice, I'm sharing a list of features we've discussed while evaluating Edge Encryption and 3rd party options such as CipherCloud and BlueCoat. I don't have answers to many of these questions myself. They are provided to maximize your risk assessment when evaluating encryption.
(EDIT: For this blog I am not talking about disk encryption, but solutions that encrypt data before it lands in the Cloud)
- What data types can be encrypted?
- Can variables (Service Catalog) be encrypted?
- Will email fields retain their utility on the platform? (ie. what happens when a notification record wants to send an email and the results are encrypted?)
- Can you sort on a field that's been encrypted? Be specific about all field types: dates, numbers, and strings.
Searching / Reporting / Grouping
- Call all encrypted field types still be searched. Does this include searching data via a reference field on a form? Does it include global search? Does it include custom search tools like OneSearch?
- Can we use "contains" operators on encrypted fields?
- Can we dot walk up reference fields if the referenced records are encrypted themselves?
- Can encrypted fields act as a grouping or stacking element in graphed/charted data?
- Can workflow do evaluations on encrypted data? This is even more important if Variables are encryptable.
- Can encrypted data be placed in code constructed strings? (like when my workflow builds a Short Description out of variables like...
current.short_description = current.variables.service + “ requested for “ + current.variables.user + “ on “ + current.variables.date + “ at “ + current.variables.location
- Can we dot-walk through the encrypted data structure? (this will be especially important for your approval activities that frequently say things like "get the user's cost center's manager's approval)
Integrations / Discovery / Orchestration
- What limitations are there to our existing SOAP / REST based integrations?
- How will encryption work with our midservers?
- What limitations are there to my existing Orchestration activities?
- Does your solution support Discovery (half the solutions we investigated did NOT)
- How does the solution interact with *your* SSO? (this is especially important for those using anything more complicated than simple SAML 2.0)
- How is inbound email processed?
- I've found most providers are using a "per user" model, but their idea of a usership is radically different. I've taken to having any ServiceNow SME's at the 3rd party to explain the user license model as compared to the ServiceNow model.
... and now you're equipped to start talking encryption with 3rd parties, or with ServiceNow and their Edge Encryption product. Don't get any nasty surprises! Find out exactly how encryption will constrain your ability to develop! Stay tuned for more blogs on this topic.