Skip Links

Tokenize sensitive data with solutions from these vendors

The security technology complements data encryption

IT Best Practices Alert By Linda Musthaler, Network World
July 17, 2009 12:01 AM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Network World - In last week's article, I talked about tokenization, the process of replacing sensitive data with a representative token value. The token is linked back to the original data, which has been encrypted and stashed away in a secure vault. The token, meanwhile, is useable in place of the real data in business applications such as marketing or human resources programs. The idea of using a token is that it is meaningless information to anyone who would steal it.

For example, credit card data can be tokenized soon after it is captured at the point of sale. If a hacker gains access to a merchant's server where tokenized data is stored, he will get worthless information instead of valuable cardholder data that can be used to commit fraud.

Tokenization is a security technology that can be used with many kinds of sensitive data, not just payment card information. You may want to protect Social Security numbers, customer account information, or corporate financial records. Turning these data types into tokens takes away the incentive for thieves to steal the information because they can't monetize tokenized data. For your own applications, however, the token is sufficient to represent the real data in most cases.

Organizations that choose to deploy tokenization can implement it in-house or outsource the process to a service provider. The most common use for an outsourced tokenization service is to protect cardholder data.

For organizations that want to deploy and manage the tokenization technology in-house, nuBridges offers a solution called nuBridges Protect, which is an integrated encryption, tokenization, key management and logging solution to protect sensitive data at rest in databases, applications and associated backup storage. The two data protection methods utilized by nuBridges Protect are format-preserving tokenization and encryption.

NuBridges Protect Token Manager is a software module that intercepts the data you want to protect, generates format-preserving tokens and inserts them in place of the sensitive data. It then encrypts the original data and stores the cipher text in a central data vault. Tokens can be safely used by any application or database without risk of exposing sensitive data. When applications or databases require the clear-text value, they make a Web services call to the Token Manager and present the token. The Token Manager validates the request credentials and, if authorized, looks up the token in the data vault, identifies the appropriate cipher text, decrypts the value and presents it back to the database or application.

Some of the key features of nuBridges Protect Token Manager are:

* Creates a central, protected data vault where sensitive data is encrypted and stored.

* Generates tokens that act as surrogates for sensitive data wherever it resides. Tokens maintain the length and format of the original data so that applications don't require modification.

* Enforces a strict one-to-one relationship between tokens and data values so that referential integrity can be assured whenever an encrypted field is present across multiple applications and data sets; and data and trend analysis can continue uninterrupted.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News