InCountry develops the world’s first data residency-as-a-service platform for companies looking to comply with local country regulations and requirements for storing sensitive and regulated data. InCountry has designed a full-fledged and robust solution for managing and storing this data in over 90 countries. You no longer need to build your own custom solutions for each country you operate in, as InCountry will completely take the compliance burden from you.
ServiceNow is a revolutionary cloud-based workflow automation platform that allows large enterprises and corporations to improve operational efficiencies by streamlining and automating routine work tasks. Originally focused on IT Service Management, ServiceNow has evolved and matured to become a go-to enterprise service management platform for organizations, combining every business automation, from customer service and HR, to security and others.
ServiceNow provides a cloud‑based platform and products that deliver digital experiences and help people do their best work. Their applications automate, predict, digitize, and optimize business processes and tasks across an entire enterprise and its departments.
ServiceNow is one of the most popular and influential SaaS platforms on the planet, with offices on every inhabited continent, billions of dollars in assets, and a spot on the S&P 500 Index. Their automated workflows have revolutionized the market over the past two decades and their app store has thousands of apps and solutions available for integration. Countless international companies use ServiceNow, and likely multiple ServiceNow instances in different locations. Therein lies the problem that InCountry solves: the flow of regulated information between those locations endangers a company’s international operations.
The world data compliance landscape is constantly changing due to the appearance of new regulations and requirements for processing sensitive data. Using SaaS platforms when dealing with foreign customers imposes additional compliance risks when handling their personal data. Many countries also have legislation that forbids the transfer of their citizens' data outside the country of origin, which further complicates cooperation and collaboration with customers and how you can handle their personal data.
The InCountry platform provides a secure in-country data store where you can save your customers' personal data and meet all the compliance requirements of the country of origin. Our variety of out-of-the-box native integrations with popular SaaS platforms such as ServiceNow lets you quickly integrate the data residency service into your business processes and existing infrastructure while continuing to use SaaS like ServiceNow with no additional changes.
This guide outlines how to implement data residency and localization services in ServiceNow with the InCountry Data Residency application.
Challenges when dealing with customers' personal data in ServiceNow Cloud
Multi-national companies and corporations running their businesses worldwide have to be aware of compliance regulations and requirements imposed by local governments. Violation of these laws and requirements could lead to significant penalties that scale with each newly identified violation committed within the region. In some cases, companies may even have to vacate markets when they cannot fully meet all the local regulations or when compliance requirements make operation in the region unprofitable.
These are tangible problems for companies that use the ServiceNow Cloud to handle support requests from their customers. The personal data of customer accounts is saved in the ServiceNow database, which may be noncompliant for customers from places like Russia, China, Saudi Arabia, and other countries with strict data regulations in place.
However, a setup of a ServiceNow On-Premise in each country that imposes compliance regulations dramatically increases the price for the ServiceNow solution. Besides the higher subscription pricing, you would also need to continuously invest in maintenance, configuration, and upgrades of the ServiceNow On-Premise, creating additional downtime and leading to customer dissatisfaction with your support services, which in turn lowers loyalty to the brand and increases churn rate in the future. It’s a vicious cycle that difficult to manage.
In cases when your ServiceNow On-Premise instances need to communicate data between each other, you will need to implement integration between multiple instances. Moreover, many advancements of the ServiceNow Cloud may not be available or may have functional limitations in ServiceNow On-Premise.
Regulated data storage in ServiceNow
ServiceNow-hosted data centers are located in 9 countries. This is not sufficient for international companies and corporations that manage the regulated data of their employees and customers in ServiceNow. Thankfully, InCountry expands the geography and number of countries where you can keep regulated data and be compliant with local legislation and data regulations.
With the InCountry Data Residency for ServiceNow solution, you can have a single ServiceNow instance to store regulated data in over 90 different countries. You do not need to have a dedicated ServiceNow instance for each country or region to comply with all the various regulations you have to adhere to there.
ServiceNow normally does not specifically handle or restrict the visibility of regulated data for users that work from other countries and may not be allowed to view this data, especially the data of customers from countries with stringent data regulations. The InCountry Data Residency for ServiceNow package addresses this problem and provides a comprehensive solution that can restrict and regulate the visibility of regulated data to users working only within the country of origin.
Supported data regulation models
In the standard ServiceNow application architecture, all of the data is stored and processed in the cloud and can be viewed by anyone with sufficient permissions, regardless of which country they are attempting to access the data from. When integrated with the InCountry Data Residency for ServiceNow application, ServiceNow can be configured to store regulated data according to one of the three standard data regulation models described below:
InCountry Data Residency for ServiceNow allows companies to isolate two streams: one with regulated data and the other with non-regulated data. The stream with non-regulated data is saved directly to the ServiceNow database, while the regulated data stream is saved to the InCountry platform where additional precautions are taken to ensure its protection against threats and unauthorized access. Besides secured data store, the InCountry platform provides the data residency services in 90+ countries, which makes you compliant without even knowing data regulations in these countries.
All the regulated data stored on the InCountry platform is encrypted and is kept secure and safe.
|Data Handling||ServiceNow without InCountry||InCountry Data Residency Model|
|Storage||Outside Only||Inside Only||Inside Only|
|Processing||Outside Only||Outside||Inside Only|
|Viewing||Inside & Outside||Inside & Outside||Inside Only|
The restriction model requires that regulated data be stored ONLY inside the country of origin. Therefore, it is necessary to store the record identifier in place of the data itself in the ServiceNow Cloud database outside the country of origin instead of the regulated data. However, the cross-border transfer of regulated data is still allowed for processing and viewing. Whenever records that include regulated data are created, updated, or deleted, they are synchronized to the InCountry platform. When a user wants to view regulated data, they must read the data from the InCountry platform, perform the necessary action, and then drop the data.
The redaction model requires that regulated data only be stored inside the country of origin. Therefore, it is necessary to store a record identifier in place of the data itself on the ServiceNow Cloud server outside the country instead of the regulated data. Furthermore, the cross-border transfer of regulated data for processing and viewing is NOT permitted. Whenever records that contain regulated data are created, updated, or deleted, the request must go directly from the application interface inside the country to the InCountry point of presence inside the country. When a user inside the country wants to view the regulated data, they must read the data from the InCountry platform. The regulated data cannot be transferred outside the country for processing, so any user accessing the personal data outside the country of origin will see no record data.
InCountry Data Residency for ServiceNow - Implementation Specifics
This section outlines the specifics of each data regulation model, how they work, and their impact on the native ServiceNow functionality when integrating the InCountry Data Residency application. The following table highlights the details on the technical implementation of each data regulation model and lets you better understand what additional adjustments may be required on your side.
|Functionality / Model||Redaction||Restriction|
|Configuration||In the configuration section of the InCountry Data Residency application, the ServiceNow administrator can configure the data regulation model for the required fields, select the method to load regulated data for fields, and select user groups that can work with this configuration.|
|Data storage||Regulated data is stored on the InCountry platform in a particular country. Non-regulated data is stored in ServiceNow.|
|Data communication||Regulated data is sent from the frontend.||Regulated data is sent from the server-side of ServiceNow, but is not stored in the ServiceNow database.|
|Stored data records||Data records with regulated data that existed before installing InCountry Data Residency for ServiceNow are not processed. The InCountry team can provide professional services to migrate this data from ServiceNow to the InCountry platform prior to the integration of the InCountry Data Residency application.|
|Older data records with regulated data are preserved in the ServiceNow database. The application shows the Remote data label for regulated data values in views according to the configuration.
Regulated data from records is copied to the InCountry platform.
|Regulated data from older data records is preserved in the ServiceNow database, but this data may be migrated to the InCountry platform.|
|Views||The InCountry Data Residency application modifies the DOM structure of the page for the fields that include regulated data.|
|Significant modifications in the DOM structure are made when the Manual mode for the redaction model is enabled.
Regulated data is loaded upon the user’s request or automatically only when the user’s location aligns with the pre-defined jurisdiction*.
*When then user’s location matches the record’s country of origin.
|The Scratchpad component is used to load regulated data if the corresponding fields are available in the view.|
|Lists||Regulated data is loaded at the frontend.||Regulated data is loaded through the server-side from the InCountry platform.|
|Attachments||The user can upload attachments either into ServiceNow or onto the InCountry platform.|
|Attachments stored on the InCountry platform are visible only to users that access them from the country of origin.||Attachments stored on the InCountry platform are visible to users. Users can regulate where they want to save attachments:
|Reports||Only reports that are generated as a list view are supported.|
|When using the redaction model, the visibility of regulated data in reports depends on the country where you are located.||No impact on viewing reports.|
|ServiceNow Integration Layer||The ServiceNow Integration Layer is not yet supported, but this functionality is on our roadmap.|
|Validation||As the application supports only the string fields, this does not impact the validation of entered values.
Additional validation of values is not supported out of the box, but can be implemented as custom solutions.
|Service Portal||The InCountry Data Residency application partially supports Service Portal. The business logic (data redaction) is supported in the Standard list and Standard form widgets.|
InCountry Data Residency for ServiceNow components
After the InCountry Data Residency application integrates with the ServiceNow platform, the application deals with packages that consolidate a set of data tables. Configuration rules are then created for a specific platform table and regulate the visibility of field values depending on the data (either regulated or non-regulated) stored within them. Configuration rules can also regulate the visibility of attachments containing regulated data to the user requesting access to them.