ServiceNow, Inc.
Security for Data at Rest in a Remote Network Management Platform

Abstract:

An embodiment may involve persistent storage including a parent filesystem and a pre-configured amount of free space within the parent filesystem that is dedicated for shared use. The embodiment may also involve one or more processors configured to, for each of a plurality of child filesystems: create a sparse file with an apparent size equivalent to the pre-configured amount of free space; create a virtual mapped device associated with the sparse file; establish one or more cryptographic keys for the virtual mapped device; create an encrypted virtual filesystem for the virtual mapped device and within the sparse file, wherein the encrypted virtual filesystem uses the cryptographic keys for application-transparent encryption and decryption of data stored by way of the encrypted virtual filesystem; and mount the encrypted virtual filesystem within the parent filesystem as one of the child filesystems.