Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

RSA Combines Tokenization and Encryption in End-to-End Data Security Solution

Solution Combines Tokenization and Encryption to Help Protect Sensitive Application Data

RSA this week announced its RSA Data Protection Manager product, which combines tokenization and application encryption, two popular application-based controls, with token and key management to deliver end-to-end data security.

Solution Combines Tokenization and Encryption to Help Protect Sensitive Application Data

RSA this week announced its RSA Data Protection Manager product, which combines tokenization and application encryption, two popular application-based controls, with token and key management to deliver end-to-end data security.

Designed to provide application data protection, the product (formerly known as RSA Key Manager) combines data protection and key management technologies to make data more secure and lower the operational costs of data protection by consolidating the management layer. By protecting data within the application that’s creating or using it, the solution helps protect data throughout the information lifecycle.RSA Logo

“The majority of on-line data breaches happen within the server or application, so mitigating this risk is critical for overall data protection,” said Jon Oltsik, principal analyst, Enterprise Strategy Group. “Application-based data security provides a high-level of protection because data is protected at the point of capture and then remains protected throughout its lifecycle. Application-based encryption and tokenization can be quite effective for this type of data security.”

RSA Data Protection Manager secures data at the point of capture and provides granular control over sensitive information. The solution provides:

Tokenization: Replacing sensitive information with a substitute value, or token value to protect data such as credit card numbers, account numbers, Social Security numbers, and other personally identifiable information.

Application Encryption: Enabling encryption and strong key management to secure data at the point of capture.

Enterprise Key Management: Allowing for enterprise key management with integrations into a variety of data-at-rest encryption options (storage, tape, etc.).

Encryption has traditionally been the preferred method of enforcing data protection in applications, but tokenization (also referred to as “aliasing” or “data masking”) is one of the industry’s best methods for reducing the cost of compliance.

“Compliance and key management continue to burden our customers,” said Dan Schiappa, senior vice president, Products, RSA, The Security Division of EMC. “They want to protect all of their sensitive data using a robust protection method like encryption, but also want to limit the impact on compliance and environment changes by using a cost-effective solution like tokenization. Combining encryption, tokenization, and key management in the same product provides flexibility and reduces management overhead.”

RSA Data Protection Manager is engineered to broaden the scope of how organizations can use tokenization. RSA has combined its tokenization technology with services from partners like First Data Corporation and VeriFone to secure payment card data. Beyond payment processors, however, tokenization can also help provide protection for other industries such as financial services (personally identifiable information or PII, social security numbers) and healthcare (personal health information or PHI).

Akamai Technologies recently unveiled an “Edge Tokenization” electronic payment security service that automates credit card tokenization within the Akamai cloud, keeping payment data off the networks of eCommerce providers.

Because tokenized values maintain their original format, deployment impact is limited, while still providing a high level of protection. In addition, tokens can maintain certain portions of the original data (i.e., the last four digits of a social security number) so other applications can potentially make business use of tokens without ever having access to the real information.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...

Application Security

Application security startup ArmorCode today announced that it has received $8 million in additional seed funding, which brings the total raised by the company...