ServiceNow database encryption, simplified.
LLAVE on ServiceNow is a ServiceNow Database Encryption with Customer-Controlled Switch (DBE with CCS)
Compliance-as-a-Service platform, with nothing to deploy and no infrastructure to manage
UPDATE: We are certified to work with ServiceNow Tokyo as well as other releases (link to ServiceNow DBE with CCS documentation)
LLAVE on ServiceNow removes operational compliance risk while using ServiceNow Database Encryption with Customer-Controlled Switch (DBE with CCS)
Using the latest cloud-native technologies, our platform is military-grade secure, easy to provision and operate, and focuses on the ServiceNow set of key management business rules so you don't have to worry about inadvertently locking or losing data
No API endpoints to set up and no ecosystem encryption products to wrangle. We have done all the hard stuff for you by eliminating areas for potential risk, like accidentally locking your database, destroying data, or losing keys
The Problem
Companies are leveraging the power of Software-as-a-Service (SaaS) now more than ever, with sensitive data living in the SaaS provider’s cloud environment.
SaaS providers are now providing an encryption-at-rest options for customers to secure their most sensitive data, but that has required the customer to develop & host an “always on” API endpoint that offers up a customer supplied key for the SaaS provider to regularly retrieve (in encrypted form) via a specific key exchange procedure.
As long as this endpoint continues to provide the customer key successfully, the customer's SaaS data and instance remains unlocked and available for use, while ensuring the SaaS provider (or anyone but the company) cannot decrypt sensitive data offline.
In this model, customer assumes the risk that if their key stops being available after the SaaS encryption has been enabled, and they can experience an outage in the form of their SaaS instance being locked until the key has been restored.
If the customer has somehow lost their key once their SaaS instance has reverted to its encrypted state, their instance will be encrypted indefinitely and all data rendered inaccessible.
What We Do
LLAVE.IO leverages on-demand, cloud-based Infrastructure-as-a-Service (IaaS) and Hardware Security Modules (HSMs) to build a simple to manage, low-cost cryptographic key exchange that can be managed by current IT staff, or outsourced as a managed service.
Other solutions require either deep DevOps/SecOps understanding, or are cost-prohibitive. Llave solves that problem by creating only the infrastructure that’s needed when it’s needed, reducing complexity and cost.
We have created a high security, SaaS-compatible solution that removes the burden of developing/maintaining/operating this critical endpoint from customers opting for the SaaS-provided encryption solutions.
This is a highly available, cloud-native solution incorporates FIPS 140-2 Level 3 equipment for security and ensures compliance for developments raised by the Schrems II judgment and European Data Protection Board (EDPB).
What Makes Us Different
Compliance-as-a-Service
FIPS 140-2 Level 3 Compliant Hardware Security Module (HSM) for key management
Manage your keys from your ServiceNow instance with our ServiceNow Store application
We are easy - easy to procure, easy to set up, easy to pay for, easy to manage, easy to leave (although you may never want to!)
See LLAVE In Action
Let us show you how simple enabling ServiceNow Database Encryption can be.