Encryption Key Management release notes

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Encryption Key Management release notes

    The ServiceNow® Encryption Key Management application in the Yokohama release enhances data protection through encryption, strict key access controls, and compliance with NIST 800-57 key life-cycle management and FIPS 140-2-L3 key protection standards. This release updates and rebrands encryption features to improve usability and security, preparing customers for upcoming cryptographic standards changes.

    Show full answer Show less

    Key Features

    • Field Encryption: Formerly called Column Level Encryption, this feature is now rebranded as Field Encryption with two editions: Field Encryption Starter (FES) and Field Encryption Enterprise (FEE).
    • Access Observer: A new tool to analyze and troubleshoot who and what processes access encrypted data, aiding in planning and monitoring Field Encryption deployments.
    • Improved Migration from Edge Encryption: A streamlined process to migrate encrypted data from Edge Encryption to Field Encryption without leaving data unencrypted during the transition.
    • 3DES Deprecation Preparations: The GlideEncrypter API using 3DES encryption is deprecated due to NIST guidelines. Yokohama disables GlideEncrypter for new instances and replaces base scripts with alternative encryption methods. Upgraded instances can still use 3DES but have the option to disable it.

    Activation and Licensing

    The Platform Encryption subscription bundle includes Field Encryption Enterprise and Cloud Encryption. Field Encryption Enterprise provides unlimited Field Encryption capabilities and is activated via the com.glide.now.platform.encryption plugin.

    Related Applications and Features

    • Encryption and Key Management: General cryptographic operations to convert data into secure cipher text.
    • Key Management Framework: Customizes and manages cryptographic operations on the instance.
    • Code Signing: Provides digital signatures to verify data authenticity and integrity, licensed as part of Vault.
    • Edge Encryption: Encrypts sensitive data on-premises before transmission and at rest.
    • Cloud Encryption with Key Management: Offers block-level encryption for database storage, available with Platform Encryption and Vault subscription bundles.

    The ServiceNow® Encryption Key Management application protects your data by using encryption, tightly controlled key access, National Institute of Standards and Technology (NIST) 800-57-based key life-cycle management, and FIPS 140-2-L3 key protection. Encryption Key Management was enhanced and updated in the Yokohama release.

    Encryption Key Management highlights for the Yokohama release

    • Column Level Encryption has been rebranded and redesigned to now be called Field Encryption.
    • Use Access Observer to help plan for and troubleshoot Field Encryption implementations.
    • Edge Encryption administrators can use the new process to migrate from Edge Encryption to Field Encryption.

    See Key Management Framework for more information.

    Important information for upgrading to Yokohama

    • The GlideEncrypter API uses the three-key Triple Data Encryption Standard (3DES) encryption standard which NIST 800-131A Rev 2 has recommended against using after 2023. The following changes are taking place in the Yokohama release in preparation for a full deprecation of GlideEncrypter/3DES in the future.
      • New Yokohama instances can’t use GlideEncrypter. All base system scripts have been changed to use alternative encryption processes.
      • if you’re upgrading your Yokohama instances, you can still use 3DES, but you can also disable 3DES usage with a system property.
      • Learn more about 3DES deprecation in KB1704481.

    New in the Yokohama release

    Column Level Encryption is now Field Encryption
    Column Level Encryption has been rebranded to Field Encryption Starter (FES), while Column Level Encryption Enterprise is now Field Encryption Enterprise (FEE).
    Access observer
    Use access observer to understand the people and processes that access data on your instance.
    Improved migration process from Edge Encryption to Field Encryption
    Use the new process for migration from Edge Encryption to Field Encryption (formerly Column Level Encryption). This improved workflow ensures that your data migrates from Edge Encryption to Field encryption without spending time in an unencrypted state.

    Activation information

    The Platform Encryption subscription bundle is a group commercial entitlement that includes Field Encryption Enterprise and Cloud Encryption.

    Field Encryption Enterprise is the unlimited license of Field Encryption. The Enterprise plugin is available with the activation of the com.glide.now.platform.encryption plugin. For details, see Encryption and Key Management subscription bundle.

    Related ServiceNow applications and features

    Encryption and Key Management
    Encryption is a cryptographic procedure that converts plain text into cipher text, which helps prevent anyone but the intended recipient from reading that data.
    Key Management Framework
    The Key Management Framework lets you fully customize and manage how cryptographic operations are performed on your instance.
    Code Signing
    Code Signing creates digital signatures for the data, which are later checked to confirm the authenticity and integrity of the data. Code Signing is a module licensed as a component of Vault.
    Edge Encryption
    Edge Encryption encrypts sensitive data on your company premises before sending it over the internet to your instance (encrypted in flight), where it remains encrypted at rest.
    Cloud Encryption with Key Management
    Cloud Encryption offers encrypted storage for the database by using block encryption, with enhanced key management. Cloud Encryption is available with the Platform Encryption subscription bundle and the ServiceNow Vault subscription bundle.