Use this procedure to enable encryption for ServiceNow files and attachments.
Elevate the ServiceNow Role
- Log in to ServiceNow using Administrator credentials.
- Navigate to System Administrator > Elevate Roles to open the Elevator Roles dialog box.
- To elevate the role from System Administrator to Security Administrator, select the security_admin checkbox.
- Click OK to save your changes.
Activate the Encryption Support Plugin
For detailed instructions about activating the encryption support plugin, see https://docs.servicenow.com/bundle/newyork-platform-administration/page/administer/encryption/task/activate-encrypt-support.html.
- In ServiceNow, navigate to System Definition > Plugins. You are redirected to the All Applications page.
- To redirect to the legacy list view for plugins, click click here.
- You can search for Encryption Support in the search bar. When you find the required plugin, click Install.
The Plugin is installed and activated.
Configure Encryption Contexts
For detailed instructions about configuring Encryption Contexts, see https://docs.servicenow.com/bundle/newyork-platform-administration/page/administer/encryption/task/t_EncryptionContextSetup.html
- In ServiceNow, navigate to System Security > Field Encryption > Encryption Contexts.
- Click New and enter the required details in the form.
- Click Submit.
Configure Encryption Contexts for Admin or Non-Admin Users
To add encryption context associated with admin or non-admin users, perform the following steps.
- In ServiceNow, navigate to System Security > Roles and open the role record to associate with the encryption context, or create a role.
- Right-click the form header and select Configure > Form Layout to configure the Roles form to add the Encryption context field.
- Select the Encryption context to associate with the role.
- Click Update.
To use the encryption context, users must log out of the instance and log in again.
The file attached to any object in ServiceNow displays an option to Encrypt. For example: Attach a file "hotfix copy 10.docx" to an incident INC0010005 in a user account:
When ServiceNow encrypts a file, it displays a lock symbol, as shown:
If the ServiceNow Admin has configured a Near Real Time DLP policy to detect sensitive information from the file and has configured the policy to delete the sensitive details, then the encrypted file is replaced with a tombstone file as part of Skyhigh CASB Near Real Time DLP.