Encryption and Tokenization: Common Pitfalls and Best Practices part 2 (Tokenization)

Best Practices, Cloud Security, Compliance 0 Comments

Written by Michael Higashi

In the first part of our Encryption and Tokenization blog post, we focused primarily on encryption, the process by which data can be encoded such that it becomes unreadable to anyone without the corresponding encryption key. Today, let’s talk more about tokenization.

Check out the 10-Minute video excerpt  above from one of our most popular webinars – “Demystifying Cloud Encryption (and Tokenization) and read on for all the info you need.

Some of the most common Cloud Data Security questions we get every day are:Encryption_and_Tokenization_Pitfalls_and_Best_Pratices_Tokenization

  • Should I use encryption or tokenization?
  • Can I set security at the field level?
  • Will my database accept encrypted data?
  • Can I search encrypted data?
  • What’s the most secure?
  • What’s the easiest to implement?
  • What do I need for compliance?

Compared to encryption, tokenization is a newer technology. The process is different: instead of encoding data, tokenization actually replaces the data itself with a “token” value. The data itself is securely stored within the enterprise’s perimeter, and only the token is transmitted. In several ways, tokenization is helpful to organizations dealing with compliance requirements. One of the most important ways is that it reduces your cloud-related PCI DSS and HIPAA scope by drastically limiting the amount of protected data that is to be sent outside of your own data center.

Encryption and tokenization both play vital roles in a compliance strategy. As with encryption, however, tokenization has its pitfalls. Let’s examine a couple, as well as the best practices that address them.

Pitfall: Allowing a third party to handle tokenization off-premises

Vendors exist who offer tokenization as a service. Using such vendors means handing over your sensitive data to a third party and trusting them to secure that data in their own data centers. Think about it for a moment. Does that sound like a good way to reduce your risk of a data breach? Or does it sound like a loss of control over precisely the data that you most need protected?

Best Practice: Tokenize, but on your own premises

If control is what you’re looking for—and since you’re working towards a CTA_Button_Best Practices for Protecting Content and Information in the Cloudsolid encryption and tokenization strategy, I assume it is—then tokenize, yes, but tokenize in-house, so that you retain full control over your sensitive data. CipherCloud ensures your data sovereignty and security by enabling you to store your data locally in a JBDC-compliant data base. Never letting your kids leave the house might be overprotective, but the same isn’t always true of your data.

Pitfall: Tokenizing too much, or not enough

Convinced of the value of tokenization? That’s great, but remember that both encryption and tokenization have a place in your overall cloud information protection and regulatory compliance strategies. Tokenization requires the separate storage of data within your data center, and overuse means excessive consumption of that storage resource.

Best Practice: Only tokenize what you need

Encryption and tokenization are both great. To take full advantage of these powerful technologies, you must apply each of them where they are most appropriate, at a granular level. That’s why CipherCloud offers a wide range of both encryption and tokenization options and gives you the ability to mix and match those options on a per-field basis. This approach gives you full control and the best of both worlds when it comes to securing your enterprise’s sensitive data.

Next Steps:

How does your business use encryption and tokenization? Tell us about your experiences in the comments.

Leave a Reply

Your email address will not be published. Required fields are marked *