ServiceNow Instance cloning & Data Privacy risks

With increased adoption of ServiceNow newer Solutions/modules almost every organization must have witnessed the multi-fold increase in the platform's data volume, followed by increase in its diversity & complexity.

And with ServiceNow's low-code development environment, Organizations are also creating custom apps to digitize and automate their internal processes which is not just adding the data, but introducing new dimensions to existing data.

Each solution generates substantial amounts of data as organizations manage incidents, track assets, process HR requests, on boards new customer, vendors and handle their interactions.

Remember that data can contain bits of PII.

PII & Its relevance

PII - Personally Identifiable Information is data that can be used to identify a specific person. Think of it as personal details like your name, email address, phone number, home address, or even financial information.

Now, why is PII a big deal? Well, if your PII falls into the wrong hands, it can lead to serious problems. First off, identity theft is a real concern. Cybercriminals might use it to pretend to be someone else, open fake accounts, or even steal money.

Instance Cloning

Whether you are a Developer or Tester or an Admin, you would want your DEV, UAT or Stage environment to be closely aligned to Production for more than one reason. But the Primary being the solutions that gets developed or tested does not only satisfy the requirements but also to work in PROD Instance in conjunction with other processes or solutions without major hiccups.

To clone, ServiceNow copies over PROD Instance to Non-PROD Instance, including configurations, integrations and more importantly data.

The Issue

PII or non-PII data is safe in Non-PROD Instance too - but Developers, Administrators or even sometimes other Stakeholders may have high privileged "Admin" Access - overriding all Access Controls or Policies, allowing them to access data which they may not have authorization to see in PROD. 

Along with that, Organizations may have on-boarded more than one Vendor, to develop a new solution or to manage the Platform, and not necessarily all of them are in same geography as the organization.

With that setup, Organization are exposed to the following risks.

1. Data Privacy Non-Compliance: Some organizations are bound by strict data privacy regulations like GDPR, CCPA, and HIPAA, because of nature of the vertical they are in. Any non-compliance to these regulations would lead to hefty monetary fines, reputational loss and beyond.
2. Protecting Employee's Data: Organizations are entrusted by their employee with their PII data. They should safeguard privacy, prevent identity theft to maintain trust with employees.
3. Custom Apps & Confidential data: With Low code, Organization have been migrating their internal processes to Platform's Custom Apps. In certain cases, it contains confidential data about the Company or its business with its Vendor or other highly classified information.

You can delete those tables or columns of data, which might be sensitive but it defeats the purpose of Cloning as you would want your Non-PROD Instance to mimic PROD as closely as possible.

Solution - Data Anonymization

ServiceNow offers "Data Anonymization" a simple feature where it replaces or scramble the PII data or other tables beyond recognition. 

Pre-requisite : You must have classified your Platform's data using "Data Classes". You can classify the whole Table or columns as either Confidential, Internal, PII, Public or Restricted.

How to implement

Step1 - Review & Select Anonymization techniques

ServiceNow provides five techniques/ methods on how data will be anonymized, which defines how the data will be masked:

• Selective Replace: This technique does a selective replace of String data. All characters between the input's start and end indices are replaced with the character you choose. You can specify characters to exclude from masking.
• Static Replace: This technique swaps values with static values. String, Number, and Date data can use this technique
• Random Replace: This technique swaps values with randomly generated values. String and Number data can use this technique.
• Remove : This technique removes values, replacing them with empty (null) values.

Step 2 - Create an Anonymization policy

Configure an Anonymization Policy to specify which techniques to be used to for which tables or columns of data.

ServiceNow provides you with option to either anonymize User specific data or other Data tables or columns.

You start by clicking on "New Policy", provide with the name, select the Data Class (please see pre-requisite).

Once details are filled-in, you can either assign a Policy for each column of Table or do "Bulk Assign" as well. After that, save and publish the Policy.

Step 3 - Schedule the Job

You can schedule the policy to be executed at your will, as post clone activity. ServiceNow gives an option to do a dry-run to test and see impact, before executing it completely.

Step 4 - Automate

To automate execution of Data Anonymization policy and to execute it every time Instance gets cloned, please turn-on the option "Activate policy during Cloning" while creating the Policy.

With that, the PostClone script creates a data privacy federated job record on the target instance for each post-clone policy.

The elevated data privacy clone processor can log on to the target instance and monitor the post-clone federated job state on the dp_federated_job.list and dp_job.list .