Before configuring ServiceNow Encryption, work with Skyhigh CASB Professional Services to enable ServiceNow Reverse Proxy (RP) for your Skyhigh CASB tenant.
To see if ServiceNow is configured, go to Settings > Service Management. Under Services, you should see ServiceNow as a managed service:
Configuring ServiceNow Encryption
Once ServiceNow has been enabled, you can set up encryption options.
To configure ServiceNow Encryption:
- Go to Policy > Encryption Policy. You are redirected to Encryption Policy for All Services page.
- Locate and click the ServiceNow managed service. The Encryption Policies screen is displayed.
- Under Schema, click the ServiceNow Object you want to edit.
- Select the ServiceNow fields you want to encrypt, and then select the Encryption Type from the menu.
- To deploy the changes, click Deploy.
- A deployment verification window pops up, asking you to confirm all changes being applied. Review the changes and click Deploy.
Configuring ServiceNow RP to Enforce DLP Policy
Using its Reverse Proxy capability, Skyhigh CASB can enforce DLP policy on fields in ServiceNow tables/objects. To enable DLP policy enforcement for a given field, select Data Loss Prevention in the Encryption Type menu as shown in Step 4 in the previous section. The screenshot below shows an example of setting DLP enforcement for Additional Comments field within an Incident object.
After deploying the change, create a DLP Policy as appropriate for your use case. Make sure to select Reverse Proxy in the Deployment Type field and ServiceNow in the Services field.
Finally, select the type of response you would like when a DLP Policy triggers.
NOTE: Encryption for DLP violations is dictated by
shn.dlp.field.enc.scheme properties for the ServiceNow RP. Work with Skyhigh CASB Professional Services to configure these settings as appropriate for your organization's use case.
ServiceNow File Decryption
ServiceNow file decryption is supported for both single file and bulk file download.
- For single file downloads, the downloaded files can be accessed directly.
- For bulk file downloads, the downloaded files are compressed and unzip the folder to access the files.