RSA, the security division of EMC, today unveiled the RSA Data Protection Manager to give customers a comprehensive approach to data protection that combines tokenization and application encryption, with advanced token and key management.
This combination of data protection and key management technologies is intended to make data more secure, while lowering operational costs of data protection by consolidating the management layer and protecting data at the source.
Tokenization replaces sensitive information with a substitute value, or token value, to protect data. Application encryption secures data at the point of capture. Data Protection Manager is designed to allow enterprise key management procedures involved with the generation, exchange, storage, safeguarding, use, vetting, and replacement of encryption keys with integrations into a variety of data-at-rest encryption options, such as storage and tape.
RSA has combined its tokenization technology with services for complying with the Payment Card Industry Data Security Standard (PCI DSS) 2.0 from partners such as First Data Corporation and VeriFone to secure payment card data. Tokenized values maintain their original format, which RSA says limits the deployment impact while still providing a high level of protection. In addition, tokens can maintain certain portions of the original data so other applications can potentially make business use of tokens without ever having access to the real information.
RSA is also promoting other capabilities of Data Protection Manager, such as lifecycle management of keys and tokens, enforcing separation of duties, protecting the central object vault, and maintaining granular application permissions.
RSA Data Protection Manager is generally available now.