With the launch of ApplePay for secure online and mobile payments, tokenization has become a hot topic in data security right now. Born from a need to secure PCI data, tokenization technologies substitute real data with fake data or a ‘token’ that has no value to a thief.
Tokenization can be used to de-identify any structured sensitive information, as defined by PCI DSS, HIPAA and NIST and others, such as credit cards, names, social security numbers, addresses, and any other PCI, personally identifiable information (PII), or protected health information (PHI) data. Tokens have the same appearance as the data they replace, meaning they can be used for processing and analytics in existing systems with minimal modification. Recent statistics from CSIS put the cost of breaches last year at around $400 billion with over 100 million people affected globally.
As data creation continues exponentially, the cost, risk and sophistication of breaches increase, and laws governing data security are debated and reformed globally, all industries are fast turning to tokenization to secure their data. But not all tokenization is created equal. Modern vaultless tokenization delivers the most secure, transparent and flexible solution with the greatest ROI to organizations looking to protect and realize the value in their sensitive and customer data. In this slideshow, Protegrity explains five characteristics of tokenization that every organization can benefit from.
The Benefits of Tokenization
Click through for five advantages of tokenization that every organization should know about, as identified by Protegrity.
Tokenization protects data, removing the sensitivity by replacing real data with a substitute that has no value to a thief. The problem with encryption is that if the key is cracked, data is in the clear. Using tokenization ensures that data cannot be exposed and mitigates the financial and reputational impact to organizations and their customers should a breach occur.
The data type and length of original data is preserved during tokenization, while a small number of characters may remain original or ‘exposed’ and tokens remain consistent for pattern matching and analysis. This sufficiently protects data while allowing business insight and processing to continue as usual; it is insufficient to be attractive to a hacker or malicious user. Requiring minimal modification to existing systems, vaultless tokenization seamlessly provides continuous data protection from the moment of capture to storage in the data center – and everywhere in between.
While it has become relatively common practice to outsource or offshore certain business processes to reduce operational costs, many businesses looking to take advantage of the financial rewards promised are fearful of violating data residency laws and concerned about the safety of cloud computing. Using tokenization to de-identify and protect sensitive information before it leaves an enterprise opens a legal and secure pathway for organizations to offshore and outsource data to reduce costs and gain business insight.
All organizations generate, capture, process and store data in ever increasing amounts. But as Big Data technologies innovate new ways to find value and insight in data, organizations and businesses must be aware of the privacy choices their customers make and which regulatory requirements apply to the PII and PHI data they collect. PCI DSS, HIPAA and NIST and others endorse the use of tokenization as a form of de-identification that allows organizations to compliantly benefit financially and intellectually from data sharing.
Peace of Mind
Current regulations are very likely to change in the near future to require significantly stronger security measures with increased emphasis on privacy and data de-identification. Tokenized data safeguards privacy and is exempt from many breach notification regulations including HIPAA, PCI DSS and Safe Harbour. Vaultless tokenization allows organizations to “future proof” their data security strategies against the expanding nature of Big Data and cloud technologies and also the stricter regulatory mandates that are on the horizon.