Abir Thakurta
Senior Director, Professional Services
nuBridges
With data protection as one of the key challenges facing enterprises around the world, and the need to comply with critical mandates like the PCI-DSS, encryption has become a de-facto strategic weapon in organizations’ data protection arsenals.
Encryption is a great way to protect data -- but it comes with some limitations. Limitations that pose real-world problems in implementing encryption technologies.
The three big barriers to implementation of traditional encryption technologies are:
- Format preservation and data integrity of sensitive information when it is processed or analyzed by various business intelligence and analysis tools.
- Application or database modifications to accommodate cipher text changes to the sensitive information.
- Performance penalties with cryptography processes and algorithms that perform encryption.
But data protection is not just about encryption technology. And it is not just about keeping the bad guys out (and sometimes the good guys too!). The true value of data protection is its ability to ‘let the good guys in.’ This helps create a balance of appropriate data security and business continuity so enterprises can run their business while protecting their sensitive, business-critical and regulated data.
Tokenization as a concept is simple yet powerful. How can we replace sensitive information with a surrogate token? A token that does not compromise the actual data, yet allows enterprises to go about doing their business with the applications that work with that sensitive information?
The key to tokenization is to produce a surrogate token that has a 1:1 relationship with the sensitive information. Not only for data integrity but also to ensure that no mathematical relationship exists that would be subject to dictionary or mathematical attacks. So if the token is ever accessed by a malicious user, it cannot be traced back to the original sensitive information. This, of course, requires a secure data vault where the relationships are stored, the sensitive information is protected and appropriate controls are exercised for limited access to users who can actually reveal a token.
Now think about a technology that can generate format-preserving tokens (so a 16 digit AMEX number still looks like one but isn’t one) and insert them in place of the sensitive data, then encrypts the original data and stores the cipher text in a central data vault. This allows applications to work with the information and process it, eliminates cipher text instances throughout the enterprise (thereby de-scoping applications from PCI-DSS-type compliance requirements) and prevents malicious users from doing something with the data if they get their hands on it.
At the end, combining encryption with tokenization is a powerful data protection solution for many enterprises. And as proven with many nuBridges’ enterprise implementations, working with a technology that supports encryption plus Format Preserving Tokenization provides unequalled data protection.
Let me know if you want to discuss more on how this technology works and how it can be implemented in your enterprise!
Look forward to hearing from you,
Abir
