< All Topics
Print

Understanding Security Encryption Standards

Understanding security encryption standards is crucial as businesses face an increasing number of cyber threats. Over 80% of companies rely on encryption to protect sensitive data, making it essential to stay informed on the latest standards, practices, and changes in encryption technology.

Healthcare is under attack, and the stakes have never been higher. The industry must act now to protect its systems, data, and patients from the growing cyber threat landscape. This is not just a matter of business continuity—it is a moral imperative. The future of healthcare, and the safety of those who depend on it, depends on the industry’s ability to rise to this challenge and make a meaningful difference. 

~Charles Aunger for GTSC Homeland Security USA

As NIST updates guidelines and older methods like 3DES are phased out, companies must adapt to new standards like AES for better security. In this guide, we’ll cover the essential encryption types, multifactor authentication methods, and the critical changes coming in ServiceNow encryption protocols.


Why Security Encryption Standards Matter

Encryption standards convert sensitive data into unreadable formats without proper keys, ensuring that information remains protected against unauthorized access. As more data breaches occur each year, selecting the right encryption method is essential to maintaining data integrity and security.


Types of Security Encryption Standards

1. AES (Advanced Encryption Standard)

  • Definition: AES is a secure, symmetric encryption algorithm widely used for sensitive data.
  • Key Attributes:
    • Key Lengths: Available in 128, 192, and 256-bit keys for various security needs.
    • Performance: AES is highly efficient and fast, making it suitable for modern applications.
  • Standards: AES is NIST-recommended and used globally for data protection.

2. 3DES (Triple DES)

  • Definition: An older encryption method that runs DES three times for added security.
  • Key Attributes:
    • Performance: Slower and less efficient compared to AES.
    • Deprecation: Due to vulnerabilities, NIST advises against using 3DES after 2023.
  • Important Update: ServiceNow will fully deprecate 3DES by March 2025, switching to AES for Password2 fields.
  • Recent data breach incidents underscore why 3DES is being phased out in favor of more secure encryption methods like AES. Adobe 2.9 Millions accounts were impacted. Accounts were encrypted, not hashed.

3. ServiceNow KMF (Key Management Framework)

Understanding Security Encryption Standards:  Key Management Framework (KMF) Overview
The Key Management Framework (KMF) API/UX allows for comprehensive management of cryptographic operations in ServiceNow. Key features include:

Segregation of Duties: Dedicated roles for cryptographic management, auditing, and integration.
Cryptographic Modules: Configurable for symmetric and asymmetric key operations.
Symmetric Key: Supports encryption, decryption, key wrapping, and authentication.
Asymmetric Key: Enables digital signatures and encryption/decryption.
Key Life Cycle Management: Functions to generate, rotate, revoke, and suspend keys.
Access Control Enforcement: Module access policies ensure controlled access to cryptographic modules.
Key Protection: Utilizes FIPS 140-2-L3 hardware Root of Trust and Public Key Infrastructure.
Auditing: Tracks key usage statistics.
KMF Activation
KMF is active by default but does not support domain separation.
KMF Components
Cryptographic Modules: Define encryption methods.
Module Access Policies: Govern access conditions for cryptographic modules.
For detailed information, refer to the respective links for cryptographic modules, access policies, and lifecycle management.
  • Definition: A ServiceNow framework that manages encryption keys for secure storage and compliance.
  • Key Attributes:
    • Flexibility: Supports various encryption standards, including AES.
    • Security: Enhances protection by managing encryption key access and updates.

4. Hashing

  • Definition: Converts data into fixed-length strings (hashes) that are irreversible.
  • Key Attributes:
    • Common Algorithms: SHA-256 and MD5.
    • Use Case: Commonly used for secure password storage rather than direct data encryption.

Types of Multifactor Authentication (MFA)

Here’s a table outlining the main types of Multifactor Authentication (MFA), their descriptions, examples, and common use cases.

MFA TypeDescriptionExamplesCommon Use Cases
Knowledge FactorSomething the user knows, such as a password or PIN.Password, PINBasic authentication; often used with other factors for security.
Possession FactorSomething the user has, like a device or hardware token.OTP (One-Time Password), Hardware TokenCorporate environments, banking apps, secure online services.
Inherence FactorSomething the user is, based on physical or biometric attributes.Fingerprint, Facial RecognitionHigh-security environments, banking, healthcare, access control.
Location FactorConfirms user’s location to validate access.IP Address, GPS DataLocation-restricted access for sensitive or corporate systems.
Time-Based FactorRestricts access to specific times or time-based OTPs.TOTP (Time-Based OTP), Scheduled AccessOnline banking, workforce management, or time-restricted services.

Deprecation of 3DES in ServiceNow

NIST has advised phasing out 3DES encryption due to its vulnerabilities, and ServiceNow will enforce this in the Yokohama release by March 2025. Here’s what to expect:

  • New Records: Any new data in Password2 fields will automatically use AES.
  • Existing Records: 3DES-encrypted data will be migrated to AES or another secure encryption type in the upgrade.
  • Steps to Prepare:
    • Upgrade to Vancouver Patch 1 or Higher: Required to enable 3DES deprecation.
    • Review Documentation: KB1443041 outlines necessary steps.

Action Items for ServiceNow Platform Owner Compliance

  1. Upgrade to Vancouver Patch 1: This release is essential for enabling full deprecation.
  2. Plan for Migration: Upon upgrading to Yokohama, all 3DES-encrypted Password2 data will automatically re-encrypt using AES.
  3. Review and Verify: Ensure all encryption methods align with updated NIST standards.

Tips for Choosing the Right Encryption Standard

Assess Security Requirements

  • For sensitive information, AES offers high security and efficiency, outperforming outdated options like 3DES.

Ensure Compatibility

  • Verify that your encryption selection works with platform requirements, such as ServiceNow’s Key Management Framework (KMF), to manage encryption securely.

Stay Updated

  • Keeping up with NIST guidelines and ServiceNow updates ensures ongoing data security. Regular updates help counteract new security risks and vulnerabilities.

Conclusion: Understanding Security Encryption Standards for Stronger Data Protection

Understanding security encryption standards is essential for safeguarding data and maintaining compliance. Advanced encryption methods like AES and comprehensive multifactor authentication reduce risks, fortifying your organization against modern cyber threats. With the upcoming deprecation of 3DES in ServiceNow, staying proactive and informed will help ensure seamless transitions and secure systems. By following these best practices in encryption and authentication, you’re taking steps to protect sensitive data and secure your organization in a digital-first world.

Other Understanding security encryption standards

CyberFraud Prevention, Vulnerability Risk and Security Operations Best Practices https://www.linkedin.com/groups/
CyberFraud Prevention, Vulnerability Risk and Security Operations Best Practices https://www.linkedin.com/groups/

Table of Contents