Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure ServiceNow Encryption

  1. Last updated
  2. Save as PDF

Before configuring ServiceNow Encryption, work with Skyhigh CASB Professional Services to enable ServiceNow Reverse Proxy (RP) for your Skyhigh CASB tenant.

To see if ServiceNow is configured, go to Settings > Service Management. Under Services, you should see ServiceNow as a managed service:

clipboard_e8e5fff38430ce3a7be450b312fc9db6a.png

Configuring ServiceNow Encryption

Once ServiceNow has been enabled, you can set up encryption options.

To configure ServiceNow Encryption:

  1. Go to Policy > Encryption Policy. You are redirected to Encryption Policy for All Services page.
  2. Locate and click the ServiceNow managed service. The Encryption Policies screen is displayed.
    clipboard_eefa8dfa6e058f5a53635113804f1f2c4.png
  3. Under Schema, click the ServiceNow Object you want to edit.
  4. Select the ServiceNow fields you want to encrypt, and then select the Encryption Type from the menu.
    clipboard_e618c23ceebec0b8a692978fd9aa0f252.png
  5. To deploy the changes, click Deploy. 
    clipboard_e411280ac46074893b031e7b466fe640f.png
  6. A deployment verification window pops up, asking you to confirm all changes being applied. Review the changes and click Deploy.
    clipboard_e2f83ce6f4f12b064d2f6ee8a0666a196.png

Configuring ServiceNow RP to Enforce DLP Policy

Using its Reverse Proxy capability, Skyhigh CASB can enforce DLP policy on fields in ServiceNow tables/objects. To enable DLP policy enforcement for a given field, select Data Loss Prevention in the Encryption Type menu as shown in Step 4 in the previous section. The screenshot below shows an example of setting DLP enforcement for Additional Comments field within an Incident object.

clipboard_e167967351eb47915adefe74f98ad8a26.png

After deploying the change, create a DLP Policy as appropriate for your use case. Make sure to select Reverse Proxy in the Deployment Type field and ServiceNow in the Services field. 

clipboard_ec6968dc9790706298bb5f8f3115a5681.png

Finally, select the type of response you would like when a DLP Policy triggers.
servicenow_policy_response.png 

NOTE: Encryption for DLP violations is dictated by shn.dlp.field.enable and shn.dlp.field.enc.scheme properties for the ServiceNow RP. Work with Skyhigh CASB Professional Services to configure these settings as appropriate for your organization's use case.

clipboard_e1c3bf73c3e0b48fed904d89180108d13.png

ServiceNow File Decryption

ServiceNow file decryption is supported for both single file and bulk file download.

  • For single file downloads, the downloaded files can be accessed directly.
  • For bulk file downloads, the downloaded files are compressed and unzip the folder to access the files.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. revisit
    2. Sanctioned Apps
    3. servicenow
    4. snow