all right good morning good afternoon and good evening wherever you are and whenever you're watching this Welcome to today's session where we're diving into the latest security and privacy enhancements coming in the Service Now Yokohama release We've got a great lineup of speakers and a lot of exciting updates to share So I'm really glad you're here I'm Kevin and I lead one of the product management teams in the platform privacy and security group here at Service Now I'll be your MC for today's session guiding you through what's new and more importantly how these features help you confidently bring even your most sensitive workflows onto the platform Now before we jump in I want to take a step back When I joined Serves Now 3 years ago our team was just getting started and we were forming around a big ambitious goal making it as easy as possible for platform administrators to control access to data so the right people see the right information for the right reasons every time and just as important giving you the tools to prove it at that time we already had a strong foundation access control list roles all the things you're familiar with but as customers expanded their use of service now beyond a single workflow like ITSM or customer service new security challenges emerged more teams wanted to take advantage of the platform but some workflows were just too sensitive Whether it was regulatory compliance contractual obligations or just risk risk concerns entire parts of the business were locked out of the value Service Now can provide And that's why we launched Service Now Vault a premium security add-on built to give organizations greater confidence in protecting sensitive data and proving compliance And what we've seen since then is exactly what we hoped for customers unlocking new opportunities because they can now secure their most critical workflows inside of Service Now Since that launch we've built out powerful new capabilities in both our outofthe-box platform security and within our vault product suite Access Analyzer and Access Simulator to give better visibility into permissions deny unless ACL's for simpler access control rules major enhancements to security center real-time data anonymization and even stronger multiffactor authentication options with pass keys hardware security keys and biometrics And now with the Yokohama release we're taking things even further We've made it easier than ever to bring your most sensitive workflows onto the platform And as we go through today's session I want you to start thinking what parts of my business have been closed off to Service Now because of security requirements and is now the right time to bring them in so with that let's get into it We've got some fantastic speakers lined up and we're excited to dive in But first a couple housekeeping things This webinar is all about the Yokohama release So we don't plan on talking about things that are on the product roadmap but you know sometimes we start answering questions and a few sneak peeks come out So just in case that happens I want to remind you to please make any purchasing decisions based on the product as it exists today And today's session is part of the live on Service Now series a curated event series to connect you with Service Now experts and peers that can help you deploy your products and achieve value faster We hope you can join us again at another webinar or 360 exchange You can see the schedule by scanning this QR code or using the link in the chat We want to make sure we answer as many of your questions as possible So we've set aside time at the end for Q&A but you don't have to wait If something comes to mind during the presentation go ahead and drop it in the Q&A panel at the bottom of your screen We'll do our best to get to as many as we can Also this session is being recorded and we'll be posting it to the Service Now community afterwards So if you want to revisit anything or share it with a colleague you'll have access to it there And finally at the end of the session you'll see a quick survey pop up It's short but your feedback really helps us improve these sessions So we'd love to hear your thoughts All right with that out of the way let's get started Let me give you a quick rundown of what to expect in today's session You've already met me I'm Kevin Up at the top of the slide I'll talk a bit about our platform security vision and how it ties into the product line we're building to help secure your most critical workflows After that we'll hand it over to Andrew Vlo who will dig into the latest updates in our data privacy product Mike Salem will tell us about the latest features and changes with platform encryption And then Brie Boss will talk about some exciting changes in authentication Following that Derek Borland will give us an overview of new features in access control and domain separation Finally we'll go back to Andrew for some updates on Security Center and then end with some questions and answers Each of the speakers will dive deeper into the enhancements in their respective areas So you'll get a really detailed look at what's new With that let's kick things off So what do we mean by platform security well I mean that everything we're talking about today operates at the platform level not just within individual workflows Security is built into the foundation of the Service Now platform ensuring that every application workflow and AIdriven process is protected from the ground up Now here is a high-level look at the platform architecture At the base our infrastructure layer gives you flexibility whether you need cloud onrem or a specific hyperscaler to meet regulatory or data residency requirements And above that we integrate with your existing IT investments unifying data across hundreds of applications So instead of costly time-consuming migrations Service Now brings immediate value with workflow data fabric real-time data streaming and Raptor DB's unmatched speed and scale And when AI is layered on top it transforms every workflow making operations across your business smarter and more efficient This is what makes Service Now the AI platform for business transformation Of course with all this power and connectivity security is essential So next let's take a look at how we're securing the platform to protect your data workflows and AIdriven innovations Security is hard If there were a one-sizefits-all approach it'd be easy but it's not Every organization is different You operate in different industries different geographies You process different types of data And on top of that security and privacy regulations are constantly evolving And every time you expand your use of the now platform whether it's IT HR customer service you bring in new security and compliance requirements And protecting data is one thing but proving that you've protected it well that's just as critical That's why when we talk when we think about security I like to think of it in three layers that I call the invisibles the configurables and the enhancables The invisles are the foundational security controls that we take care of 100% for you So these are things like our secure and compliant infrastructure built to meet global standards like ISO 27001 and the EU cloud COC So this is things like backups security and performance monitoring and operating system patching You don't have to think about them We just do it The configurables are controls that come with the platform but that require some partnership to fine-tune for your organization's needs So things like single sign on multiffactor authentication access control list logging and basic encryption We provide these with the platform but you need to fine-tune these for your business The enhancables are for customers who need to go beyond the standard security model While the platform is secure out of the box some organizations especially those handling highly sensitive data require additional layers of encryption data privacy and authorization That's where Service Now Vault comes in providing advanced security capabilities for those who need them So whether you're relying on our built-in controls configuring security to meet your needs or enhancing it with Vault the Now platform is designed to help you stay secure stay compliant and stay ahead of evolving security challenges We've got a lot of updates in the Yokohama release and this slide gives you a high-level look at what we'll be covering today We've made major enhancements across data privacy authentication authorization and encryption Plus we continue to invest in Security Center a free tool that helps you measure and improve the security of your Service Now instances So first up we're going to dive into data privacy This feature simplifies the process of finding classifying and anonymizing sensitive data It helps organizations protect personally identifiable information by automatically detecting and permanently removing it when needed One big use case is in lower environments where companies often have external contractors working With data privacy they can redact names addresses and other PII ensuring contractors have the access they need without exposing real customer data So to take us through these updates I'm handing it over to Andrew Vatollo Andrew's been with Service Now for nearly three years and has a long career in information security having worked on pioneering authentication and passwordless login solutions before joining us So Andrew over to you Uh good morning Kevin Good morning everyone Uh let's kick us off with specifically expanding on data privacy Uh Kevin talked about it at a high level Um but we want to really start out with this because with the continuous evolution of data handling regulations and increased legal scrutiny around sensitive data processing really due to proliferation of AI using the data privacy application is critical for sensitive workflows It is purposebuilt around aimed around helping you discover classify and anonymize sensitive data Now it is part of service now vault or standalone entitlement but we like to say it's part of a solution designed to know your data and protect your data This leverages our commitment to innovation using the power in in this release we leverage the commitment to innovation using the power of AI and machine learning to aid in the discovery of sensitive data and expand our scanning coverage on the platform So let's go over some of the key features of this release The first one AI discovery helps detect PII and PHI or any data seen deemed sensitive that doesn't follow traditional patterns as part of our real-time anonym anonymization policies The challenge we are solving is that traditional data privacy scans rely on rules like regular expressions to find sensitive data such as social security numbers or credit cards However many sensitive data types like names or occupations don't follow these patterns The solution is AI powered unstructured data discovery which uses machine learning models to identify sensitive information in unstructured data This allows you our customers to anonymize encrypt and control access to both structured and unstructured data preventing data leaks For example if the name able tutor is identified as sensitive it can be replaced with John Smith to preserve context while protecting privacy This feature transforms daily operations by comp by ensuring comprehensive data protection and preventing unauthorized information access Next one AI attachment scanning tackles finding sensitive data in file structures specifically detecting sensitive data and attachments which standard data discovery scans don't focus on and instead examine tables This feature allows admins to scan PDFs docs docx and text files either as a standalone job or as part of regular data scans When sensitive data is identified admins are notified and can take appropriate actions This ensures comprehensive protection and operational efficiency by safeguarding all forms of data not just data found in databases Lastly the data privacy application now includes journal field detection as part of discovery and anonymization The challenge for customers has been that journal fields like work nodes approval history often contain sensitive data such as PII and PHI which were harder to detect and anonymize The solution in this release enhances data discovery and for these fields using the same rules and data patterns that customers already come to expect This really just ensures we have comprehensive coverage for detecting and protecting sensitive data improving the daily operations by preventing data leaks and authorized access Now with the new AI capabilities they are optin by default and available for all vault customers and data privacy standalone customers in both production and subproduction instances Let's jump into the new features of the Yokohama release So first things first right off the bat I wanted to talk about new data patterns for the data privacy application Traditionally there have been fixed and static expressions They're regular expressions to identify things like date of birth or age or driver's license As part of this release we have a new type of data that we can detect and that data is known as model or uh neer That's another way a named entity recognition we that what we're calling it So in the model use case we can detect things like a location or a person or organization Let's jump to an example So in this particular example I have an incident I see uh Kim Wexler had reports a stolen mouse and keyboard And you could see that there is sensitive data in here You have Kim Wexler you have a cell phone number and you have an email Now in the past what what would happen is we would save this incident and let me actually just go ahead and do that now We would save this incident and then we sure enough see that the phone number and the email were handled But with this particular release what we've also added is the ability to be able to uh real time anonymize something like a named entity here in Kim Wexler So if I actually refresh here I am going to show you that in addition to being able to anonymize the traditional sensitive data the name got anonymized as well And that's the key capability the first one that I wanted to show you The second capability that I wanted to show you is the ability to detect sensitive data in attachments So another new incident this time Abraham Lincoln reports a stolen laptop and needs a replacement Now inadvertently what can happen is uh sensitive data could already be entered into the form right but another method of sensitive data making its way into the platform is something like a word document and unfortunately uh we have clients of various industries where this is unfortunately very common So we introduced this capability and let me give you an example uh to be able to scan attachments that are in the platform So if an attachment like a word doc it's doc or doc x pdf or text file is in the platform and has sensitive data we will now be able to pick it up So here's an example here This is the example document um lost laptop I'm going to go ahead and attach it Go ahead hit open upload And now it's made its way into my instance So I'm going to hit save here Oh probably should put caller in here There we go Going to hit save Um and uh this incident's been saved Uh 83 I'm going to go over and create a quick job to be able to actually scan this attachment Now there are two approaches I could take I can either just target specifically attachments on the instance or I can scan tables uh and uh attachments There's really it's up it's up to the administrator to determine that Uh one advantage is attachments will be faster versus scanning a whole instance So I'm just going to call uh demo scan here And I'm going to do a full scan just to show that And then make sure I check scan attachments And then time window I'm just going to put it for 23 Going to hit submit And I'm going to hit refresh here just to make sure it shows up Um there it goes There's the demo scan right there And then I'm going to schedule it All right And looks like it's com completed And what we can do is we can go into data discovery findings um and look at our actual job So here we have a demo scan that I just completed You can see completed and it didn't actually detect anything Well that's because it actually scanned all of our databases and incidents and didn't find any new sensitive data That's good But for attachment findings admins and privacy admins will get an email notification and they'll be placed into a separate category where you can review those independently Uh so in our example um I'm going to see that sure enough I have this incident 83 that I just saved Um and sure enough it looks like it detected the document there And then it actually detected specific patterns the US phone number and email And then my favorite part here is being able to just go ahead and click on the incident and be able to go to it and then be able to decide if I want to remove the attachment or if I want to delete it however I want to handle it The cap uh the the tooling allows us to do that So that's the recap We have uh both uh both of the features take advantage of our a IML capabilities There is a 0 skew that you might need to add to make sure that you could take advantage of these capabilities But beyond that this is part of the Yokohama release for data privacy and we're all in on AIM ML capabilities So hopefully you'll hear some other exciting things that we're launching in the coming releases and we thank you so much for your time and uh this has been a demo of data privacy for Service Now Vault part of the Yokohama release Thank you Let's jump into the new All right Thank you Andrew You know even if you don't come from an information security background we can all agree that you can't protect what you don't know about Remember on G.I Joe when they used to say knowing is half the battle That's exactly why these data privacy enhancements are so important They shine a light on where sensitive data is hiding so you can take the right steps to protect it And one of those steps might be encryption The vault bundle includes platform encryption which helps organizations follow industry best practices for encrypting sensitive data and rotating keys This extra layer of security protects against supply chain attacks and helps prevent against unintended data exposure including from generative AI models So for example a CSM customer can prove to auditors that all of their data is encrypted keys are rotated regularly and even that certain data is being shielded from internal admins who don't need access to go deeper into one of our newest encryption capabilities field encryption I'll hand it over to Mike Salem Mike has been with Service Now for over three years three and a half years actually and leads development of the platform encryption suite helping our most security conscious customers protect their data And when he's not working you'll probably find him in the Colorado mountains with his wife and two-year-old son or deep into a board game So Mike please take it away Thanks Kevin So in Yokohama we're launching a new product called field encryption to replace Service Now's older column level encryption product This new product replacement set Service Now up for future releases to deliver more advanced encryption capabilities such as new planned integrations with external key management systems Greater flexibility for which records or attachments should be encrypted by different encryption keys so different rows within a column uh a new user interface and more in Yokohama As part of this new product launch we've refactored the premium model to give customers a greater number of capabilities included out of the box to experiment with field encryption before needing the premium enterprise version that comes with Vault once they get into those higher levels of usage We're also releasing a partner product called Access Observer to field encryption Access observer lets you see who or what has been accessing a field So who uh would be you know users and roles what would be scripts business rules background processes all those things that are happening behind the scenes that still need access to data in these fields And it has two main use cases The first is to help plan for field encryption implementations to understand where you need to place your module access policies By running access observer on a field before you encrypt it you'd be able to see exactly which users which roles which scripts which business rules etc need those module access policies so that you know when you turn field encryption on your endto-end workflows will continue to work seamlessly And the second use case is for more general troubleshooting If you need to trace and find what's causing certain behavior within your instance uh let's say for example if you have a field that's being updated in an unusual way that maybe you you can't immediately tell what's causing this update you could use Access Observer to find the specific script let's say that may be acting on that field uh in a way that's not immediately obvious We tested this out with uh a customer previously as we were building this and they had spent a week trying to trace back you know the the different scripts and different things that were happening behind the scenes that eventually were causing some update to a field And when they saw Access Observer their first response was "If we could have run this we could have found out what was going on within a couple minutes rather than needing to spend a week tracing back you know what was causing uh what kind of uh of issues within our instance So we'll show a demo of Access Observer today and we can get right into it Hi I'm going to show you what Access Observer is and how it works Access Observer has two modules configurations and logs We'll start with configurations which is where I can define which columns I want to observe for activity I'll click new choose which table and column that I want to observe Uh I want my job to start immediately once I save this record I'll choose an end time Let's just say ending tomorrow And then of course I want to make sure that it's active And then I'll hit submit Access Observer is now actively watching for who or what is accessing my incident Description field Now I'll navigate to the incident description field in two different ways First via the list view and second via the record itself By viewing this field in these two different ways Access Observer is tracking my user activity but it's also tracking any scripts or background processes that are firing because of my activity to that field as well Let's look at the logs to see what I mean When I navigate to the logs table I can group by the operation user This allows me to see which users have accessed the incidents.short description field during the observation window In addition I can also see the various scripts and background processes that have fired and have access this field as part of my user activity If I group by the caller type I can see the various script includes scripted REST APIs UI actions and more that have also accessed this field This type of access tracking is great for if you need to plan for a field encryption implementation or if you want to do more general instance troubleshooting if you need to trace and find what is causing certain behavior within your instance Okay thank you Mike You know I think back to when you and I first started working on this product together customers had a very one-sizefits-all view of encryption Either data is encrypted or it's not And if it is then we're good More and more customers are starting to come around to the thinking that having a layered approach to encryption at the file system layer at the application layer in the columns and being able to demonstrate best practices to auditors is just as important as the actual encryption of the bits themselves So I'm really excited watching the progression of our encryption solutions Up next Brie Boss is going to talk about some of the enhancements in authentication Bri the boss as we call her has been with Service Now for a year and she works on both our authentication and identity products Prior to coming to Service Now Bri spent several years helping companies secure their supply chain Bri why don't you take over and tell us about the important OTH enhancements for Yokohama Hi everyone The problem with traditional authentication methods is that they verify who a user is only at the time of login This is leaving organizations vulnerable if credentials are compromised during a session I'm excited to introduce new functionality that we just added to our zero trust access product called continuous authentication The zero trust concept of continuous authentication is that you can dynamically enforce step-up authentication or reauthentication based off of resource sensitivity user actions and security policies This ensures that high-risk actions trigger additional verification reducing the risk of account takeovers and unauthorized access to sensitive data Now how does this work with Service Now the continuous authentication feature works by allowing security admins to create new policies that require step-up MFA or reauthentication through single sign on before accessing sensitive data This creates a high assurance session that says we know who this is we know this is who they say they are for a designated amount of time These policies can be applied to either specific tables or data classes And this would be a really great fit for any company that's protecting sensitive HR records or any PII stored in their Service Now instance Let's see how it works I'm going to show you an overview of our new zero trust functionality called continuous authentication Make sure that you elevate to CA admin before modifying your continuous authentication policies Our first step in configuring continuous authentication is to ensure that any identity providers if they're being used are configured to use continuous authentication We're going to navigate to our identity providers and in this list view select your active identity provider Then we're going to select the new continuous authentication tab Here we can see that continuous authentication configured is already checked We have a consumer URL and the script has already been populated This script can be modified if needed Next we're going to navigate to continuous authentication This is the landing page where you have a highle view of all of your continuous authentication usage across the platform We also have the metrics tab that provides details on the policies and usage and the properties tab where you can enable the continuous authentication feature and debugging as well as customize the session length for both high assurance sessions established at login as well as after authentication Here we can see we've already enabled this feature So now let's dive into our policies There are two methods used to specify which data type we're protecting Under resource type you will see both data classification and table In this policy we use the data classification type which pulls in any tables that are part of the classification We're going to create a new policy that protects a certain table In this instance we're going to use the user multiffactor table Going to select table and user multi-factor Note that some tables such as the CIS user table are not recommended for use due to how critical they are to core functionality If you select them you will see a warning message We're going to select save and activate which will activate the policy As you can see ACL's will be automatically created once a policy is saved Here you can see what people will not be able to do until they reauthenticate Now let's see what this looks like from the user's perspective We're going to navigate to the table we just created a policy for The user will see this message requiring them to do an additional authentication I'm logged in using Octa so I'm going to be brought back to the Octa screen to reauthenticate and then I can access this table Notice that now I'm able to see the information located in the table Thanks to continuous authentication my data is locked behind a higher level of assurance lowering my risk of exposure Thank you for watching Okay next up is a big change coming to all instances that is going to have quite a positive impact on the security of all of our customers Bri why don't you tell us about this yeah absolutely So we are rolling out MFA enforcement by default for all local loginins This is a very significant step towards enhancing our security posture This change mandates that all internal users must self-enroll an MFA within a predefined window following their upgrade to Yokohama It's very crucial to emphasize that this is not just a compliance measure This will actively help in mitigating risks associated with unauthorized access Admins will have the flexibility to adjust the MFA policy allowing for extensions and exemptions for specific users or roles when necessary So how will this work so today service now supports multiple MFA methods out of the box This includes things like authenticator apps pass keys 502 such as touch ID face ID hardware keys such as UB keys one-time passwords through email and onetime passwords through text messages But how will this enforcement work let's see the next slide So what can you expect so this will start when you upgrade to Yokohama All users within a 90-day window from the day that you upgrade to Yokohama will go through a self-enrollment process Users upon logging in with a local login um will be given 30 days from that first login to self-enroll This will not affect users that are using SSO as their only way to log in or any users that are part of a instance that already has active MFA policies The 30 days and 90 days those windows can be tweaked We will be sharing some links in the comments that you can reference for more information on this Thanks Back to you Kevin That's awesome Bri I've worked in information security for a long time analyzing tools tactics and procedures used by attackers And the first goal any attacker has is getting a hold of valid credentials Even if they leverage some kind of application vulnerability to gain first access it's so much easier to maintain access and do lateral movements around a target if they have valid credentials Multiffactor authentication makes it really difficult to maintain access to a compromised account for any amount of time and also increases the risk to them of being detected early in the attack So this multiffactor authentication enforcement is really going to have a positive impact on the security posture of all our customers So now we're going to head it over to Derek to talk about some of the updates in the authorization area So think of what Bri was talking about as enhancing the way you prove who you are And now we're going to talk about what you can do after you've proven your identity Derek Borland has just had his one-year anniversary with Service Now For the past year Derek has specialized in access controls and domain separation And prior to joining Service Now Derek has spent the last decade working across the cyber security landscape Derek tell us about the enhancements around authorization All right Thank you Kevin You are a gentleman and a scholar So in in Yokohama we have kind of continued the theme of simplifying authorization controls First starting with some new security data filters So prior to Yokohama if you wanted any kind of before query control you kind you had to use query business rules Now query business rules they worked in effect but they're not meant as a security control So there was some performance issues or things like blank pages and list views when utilizing them With the new security data filters these are built as a security control really alleviating those issues You'll see more in the demo upcoming on the on the um security data filters Next is related records So before Yokohama if you had related record records such as project and task tables you kind of had to use either multiple and sometimes complex ACL Now with related records if the records are related either by direct reference or a many to many relationship user will have access to that original table and all the child entities And finally we have a new access analyzer admin role So this gives admin rights within access analyzer So a user can now troubleshoot access issues and kind of use everything that access analyzer is meant to do without having to be a full platform admin or having to spend that time to request an access elevation to troubleshoot So let's take a look at security data filters This demo will focus on how we control visibility into employee records So let's take a look at what an employee list looks like for an admin As you can see I am logged in as an admin We can see there are 65 pages of employees We can see various information on the employees including their manager their current salary if they are prehire all the information on all the employees visible for an admin Now we have an existing ACL that obstructs that view for non-admin users We have set up this ACL so that the user can see their own information and that information for their direct reports So now let's take a look at how the employee list looks for a non-admin user As you can see now I'm impersonating user Ramon who is a VP of human resources and a non-admin Let's see what the employee list looks like for Ramon So the ACL is doing its job It is only allowing Ramon to see the his direct reports But where is Ramon's information it isn't listed on the first page If we scroll further we find Ramon's name still visible but on the third page with security message stating roles have been removed Now let's take a look at a dashboard created for employee salary ranges Even as a non-admin Ramon can see the salary ranges not only for his team but for everyone And if you scroll over the graph you can see also those salaries laid out So let's go ahead and go in and add a new security data filter We have set up this data filter with the same structure as the ACL we currently have activated So let's go ahead and activate it and save it Now let's go back and see what the employee list looks like Now as you can see I am still nonadmin Now you can see that there is only one single page of employees And look now Ramon has made it to the front page So he doesn't need to scroll through anymore So let's go back to the dashboard and refresh Now only Ramon and his employees data is visible All right So when I talk to people about security I tell them that it's important to focus on preventive controls but we also need to think about detection and response Application and infrastructure logs are the lifeblood of detection response If you don't have logs it's going to be very difficult to put the timeline together for an incident and you're missing a big opportunity to do real time detection of anomalies in your instance Log export service helps you gather real-time forensic quality logs that you can use for incident detection performance monitoring and troubleshooting Derek I understand we have some updates to in this release too Yeah Kevin thanks Uh in Yokohama we have now provided visibility into log consumption Now these reports will help when either planning storage or infra infrastructure requirements or can even help forecast costs moving forward We've also introduced a multiple source capabilities Now you can filter with certain nonsensitive data going into say your data analytics platform and then with more sensitive data like security data you can now move that and filter that into something like a SIM So really giving you those that way to kind of use the logs in multiple systems Okay great And then also uh domain separation Yeah I'm excited about this one for domain separation As you mentioned I've been with Service Now a year been on domain separation the entire time Th this is really exciting for uh domain separation So prior to this release a best practice for domain separation was not to install it on an existing instances Not that it wasn't technical technically feasible to do it but it carried a lot of risk you could see a lot of like cross information across domains or not to mention there was a lot of um manual effort to kind of separate that amount of data we're talking about could be thousands of tables right and you had to kind of separate that manually so we kind of suggested just let's not do it now with the Yokohama release we have introduced the post installer that kind of automates a lot of those manual tasks such as domain and index creation really limiting the time and the risk um for installing domain separation on an existing production environment So now it really it allows you to be able to do that of course once you have all your due diligence done in subprod Thanks Derek We're going to hand it back to Andrew one last time to talk about security center When people ask me how to level up their security I always tell them the security center should be one of their first stops Security center gives you a benchmark of where your security is today and a roadmap for how to level up your security Now it's undergone a lot of changes in the last two years that have really packed some value into this tool But maybe the best part is that it's included in the platform at no additional charge So Andrew what's new in security center yeah Yeah Kevin Um well security is like an ongoing process Security Center is completely of free just value ad however you want to say core essential to the platform You should have it already installed in all of your instances and if you're not uh it's a store app you should be able to snag it really quickly Um but we've been adding all sorts of new features specifically um recently critical customer actions just to take action on what's actually the most significant things But in this release we've made some new checks and added effectively checks to our library for both the security scanner tool and the security best practices to tool Now what's awesome about this is that we're really championing a feedback loop working with you in partnership with our customers our field security teams and architecture teams to add these additional rules and considerations to quote unquote our backlog and making it into our tool As a recap security scanner scans your instance against a set of security checks to identify misconfigurations So it really simplifies the process of creating different suites of checks for different use cases and then you can analyze the results over time For best practices it allows you to review security suggestions by Service Now It's kind of our way of talking to you and saying "Hey look this is what we where we're going Here's some of the things we're seeing that are challenging consider this approach because it's going to be helpful for us and you going forward in maintaining security hygiene Um it usually includes like step-by-step instructions I mean it always does Sometimes they're longer than others and it's just a really great way to improve your security postures Um and again we're going to have all sorts of new uh features coming soon but for this one we're updating our libraries And uh over back to you Kevin All right Thank you Andrew So in a moment we're going to take a look at the queue of questions and get some Q&A going But before we do that I just want to highlight some of the other services that Service Now has for you to get your security story off the ground even faster A skilled team can help you achieve your business goals faster So review our technical training guide to see how you can use learning credits in now Learning to upskill your team and accelerate learning with ondemand courses live classes hands-on labs and certifications boost adoption and get more value from your implementation with customer with custom training and adoption And expert services guides your service now implementation with leading practices to accelerate time to value while reducing risk So we can lead your implementation or collaborate with your implementation partner in a co-delivery engagement to boost your implementation success So uh check out the solution brief that's up there to see how you can set up your implementation path for long-term success All right So we've got some questions that have come in the Q&A and we've tried to answer them as they've come in but I've got a few that I wanted to surface to the team on this call So I saw one come in from Muhammad I thought I saw uh asking about what does uh what does multiple topics mean in log export service So in a nutshell what log export service is doing is it's collecting log data from a variety of sources with you know different tables and and infrastructure within your service now instance And in the past it it published that as a single CFKA topic So think of it like one fire hose that all those logs went through and then on your side you would ingest that whole thing The challenge then is that you had to treat all of that the same What we've done now is we've made it so that we can have multiple CFKA topics and you can have different table sources go into different topics And what that does for you then is you could say okay for this set of topics I want to have a retention period in my you know security event monitor I want my retention period maybe to be you know 3 days right this is like really really detailed stuff I just want to do some real-time detection but I don't want to store this forever So keep it for 3 days and then let it cycle out Whereas other stuff that's a little more longterm you might say for this set of topics I want to retain that for more like two weeks or even a month or something So it's giving you some flexibility now And then that also allows you to put up some certain boundaries because everyone who has access to your seam uh your security event monitoring system I should say um you don't have to give them all the same level of access to all of those different logs So you could say you know the things that are on this uh topic that we've that we've published I want this group of people to see it but not that group of people Um and we can get you more information uh in the product docs and everything about how that works So uh another one Andrew you talked about detecting sensitive data in attachments Does that also include the ability to anonymize data in those attachments or is it detection only right now it's only detection only right now but it is something that is near and dear to our hearts I can't say too much more but just stay tuned for some of our announcements Um just a quick shout out we also have a customer pack program So if you're at all interested in being part of our product advisory council that's where we get a little bit more open of some of the things that we're working on and getting your feedback But all I'll say is stay tuned Um it's something that's uh upcoming in one of the next few releases All right Uh Mike here's one for you Can you talk a bit about how field encryption differs from column level encryption and how field encryption is going to affect their column level encryption entitlements yeah So in Yokohama field encryption and column level encryption are technically the same The difference in Yokohama is what's included in these premium versions out of the box Um as far as the entitlement is concerned for customers that are using the out of the box version they're welcome to um you know move over to the the starter version for field encryption For customers that are on a column level encryption in uh enterprise entitlement they would actually need to switch that entitlement out for field encryption enterprise through either the platform encryption bundle or the vault bundle Uh but that's just in why um post Yokohama you know field encryption is our launching point for many new features including planned integrations with the external key management systems uh the granular condition builders for encrypting different rows with different keys within a column a new UI and more So you know while we're doing uh some refactoring to launch this new product in Yokohama it really then becomes our launching point for everything else we want to do uh within this field encryption space moving forward Thanks Mike And then Bri I've got one for you and I I think you answered this actually but it's come up in the Q&A a couple times So if a customer is currently getting their multiffactor authentication from their identity provider like active directory or octa or something like that do they have to change their change their FA provider start use you know with this MFA enforcement do they have to use a service now specific MFA provider or anything like that nope The uh changes to MFA are only going to affect any users that are logging in with the username and password Okay So this is kind of for that situation where you have everybody is is generally going through MFA but maybe you've got like a couple of administrators that uh that you want to have like kind of a way around in case like you know Octa is down or something like that Those are the people then that are going to need to do something else with MFA Is that right exactly Okay great Uh let's see Uh actually I don't know if this would be for Bri or for Derek So for the access requiring reauthentication that was demoed earlier for a list of records So that sounds like maybe Derek What happens if the user goes to view a dashboard or a report visualization do they get prompted or what happens if it's like a public report actually it looks like Rondere might be answering that one live So yeah I saw Randere answer that But I um I can also um answer too um for anyone that hasn't seen it Um but if when when you have to reauthenticate basically anytime you're seeing data that's going to be linked to one of the tables that you created a policy for you will see that reauthenticate That's why we uh I called out in that demo that if you have a table that touches a lot of different places within the platform that you're going to be accessing that data frequently we don't recommend that you create a policy on that big high level um because then you will have those prompts come up every time a high assurance session expires Awesome All right Well we uh that about wraps up our time And we've got you know just a couple minutes left here but everybody likes to get out a little bit early and we've burned through the queue of questions So that wraps up our time for this presentation I want to say on behalf of all of us on the product management team we want to thank you for giving us some of your time and attention to learn about what we've done in Yokohama to make Service Now the most trusted platform for your most sensitive data workflows We hope to see you on some of the other live at Service Now webinars And if you're at knowledge in early May come find our booth and say hi to us because we're a really social group and we love to talk to people And so with that have a wonderful rest of your day Take care