Solution Combines Tokenization and Encryption to Help Protect Sensitive Application Data
RSA this week announced its RSA Data Protection Manager product, which combines tokenization and application encryption, two popular application-based controls, with token and key management to deliver end-to-end data security.
Designed to provide application data protection, the product (formerly known as RSA Key Manager) combines data protection and key management technologies to make data more secure and lower the operational costs of data protection by consolidating the management layer. By protecting data within the application that’s creating or using it, the solution helps protect data throughout the information lifecycle.
“The majority of on-line data breaches happen within the server or application, so mitigating this risk is critical for overall data protection,” said Jon Oltsik, principal analyst, Enterprise Strategy Group. “Application-based data security provides a high-level of protection because data is protected at the point of capture and then remains protected throughout its lifecycle. Application-based encryption and tokenization can be quite effective for this type of data security.”
RSA Data Protection Manager secures data at the point of capture and provides granular control over sensitive information. The solution provides:
• Tokenization: Replacing sensitive information with a substitute value, or token value to protect data such as credit card numbers, account numbers, Social Security numbers, and other personally identifiable information.
• Application Encryption: Enabling encryption and strong key management to secure data at the point of capture.
• Enterprise Key Management: Allowing for enterprise key management with integrations into a variety of data-at-rest encryption options (storage, tape, etc.).
Encryption has traditionally been the preferred method of enforcing data protection in applications, but tokenization (also referred to as “aliasing” or “data masking”) is one of the industry’s best methods for reducing the cost of compliance.
“Compliance and key management continue to burden our customers,” said Dan Schiappa, senior vice president, Products, RSA, The Security Division of EMC. “They want to protect all of their sensitive data using a robust protection method like encryption, but also want to limit the impact on compliance and environment changes by using a cost-effective solution like tokenization. Combining encryption, tokenization, and key management in the same product provides flexibility and reduces management overhead.”
RSA Data Protection Manager is engineered to broaden the scope of how organizations can use tokenization. RSA has combined its tokenization technology with services from partners like First Data Corporation and VeriFone to secure payment card data. Beyond payment processors, however, tokenization can also help provide protection for other industries such as financial services (personally identifiable information or PII, social security numbers) and healthcare (personal health information or PHI).
Akamai Technologies recently unveiled an “Edge Tokenization” electronic payment security service that automates credit card tokenization within the Akamai cloud, keeping payment data off the networks of eCommerce providers.
Because tokenized values maintain their original format, deployment impact is limited, while still providing a high level of protection. In addition, tokens can maintain certain portions of the original data (i.e., the last four digits of a social security number) so other applications can potentially make business use of tokens without ever having access to the real information.