CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

RSA Combines Tokenization and Encryption in End-to-End Data Security Solution

Solution Combines Tokenization and Encryption to Help Protect Sensitive Application Data

RSA this week announced its RSA Data Protection Manager product, which combines tokenization and application encryption, two popular application-based controls, with token and key management to deliver end-to-end data security.

Solution Combines Tokenization and Encryption to Help Protect Sensitive Application Data

RSA this week announced its RSA Data Protection Manager product, which combines tokenization and application encryption, two popular application-based controls, with token and key management to deliver end-to-end data security.

Designed to provide application data protection, the product (formerly known as RSA Key Manager) combines data protection and key management technologies to make data more secure and lower the operational costs of data protection by consolidating the management layer. By protecting data within the application that’s creating or using it, the solution helps protect data throughout the information lifecycle.RSA Logo

“The majority of on-line data breaches happen within the server or application, so mitigating this risk is critical for overall data protection,” said Jon Oltsik, principal analyst, Enterprise Strategy Group. “Application-based data security provides a high-level of protection because data is protected at the point of capture and then remains protected throughout its lifecycle. Application-based encryption and tokenization can be quite effective for this type of data security.”

RSA Data Protection Manager secures data at the point of capture and provides granular control over sensitive information. The solution provides:

Tokenization: Replacing sensitive information with a substitute value, or token value to protect data such as credit card numbers, account numbers, Social Security numbers, and other personally identifiable information.

Application Encryption: Enabling encryption and strong key management to secure data at the point of capture.

Enterprise Key Management: Allowing for enterprise key management with integrations into a variety of data-at-rest encryption options (storage, tape, etc.).

Encryption has traditionally been the preferred method of enforcing data protection in applications, but tokenization (also referred to as “aliasing” or “data masking”) is one of the industry’s best methods for reducing the cost of compliance.

Advertisement. Scroll to continue reading.

“Compliance and key management continue to burden our customers,” said Dan Schiappa, senior vice president, Products, RSA, The Security Division of EMC. “They want to protect all of their sensitive data using a robust protection method like encryption, but also want to limit the impact on compliance and environment changes by using a cost-effective solution like tokenization. Combining encryption, tokenization, and key management in the same product provides flexibility and reduces management overhead.”

RSA Data Protection Manager is engineered to broaden the scope of how organizations can use tokenization. RSA has combined its tokenization technology with services from partners like First Data Corporation and VeriFone to secure payment card data. Beyond payment processors, however, tokenization can also help provide protection for other industries such as financial services (personally identifiable information or PII, social security numbers) and healthcare (personal health information or PHI).

Akamai Technologies recently unveiled an “Edge Tokenization” electronic payment security service that automates credit card tokenization within the Akamai cloud, keeping payment data off the networks of eCommerce providers.

Because tokenized values maintain their original format, deployment impact is limited, while still providing a high level of protection. In addition, tokens can maintain certain portions of the original data (i.e., the last four digits of a social security number) so other applications can potentially make business use of tokens without ever having access to the real information.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.