Welcome!

SDN Journal Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Microservices Expo, Agile Computing, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Tokenization & Encryption – Two Data Security Methods for the Cloud

A company can use encryption, tokenization or a combination of both methods to secure its information

When organizations look to protect sensitive data at rest in the cloud or in transit on the way to it, there are two primary obfuscation strategies most consider - tokenization or encryption. But some enterprises may not know the details of how these methods work or how they differ.

The Tokenization Process
A newer technology, tokenization is the process of taking a sensitive data field and replacing it with a surrogate value called a token. De-tokenization is the reverse process of replacing a token with its associated clear text value.

The Encryption Process
Encryption uses a cipher algorithm to mathematically transform data. Encrypted values can be transformed back to the original value via the use of a key. With encryption, a mathematical link back to its true form still exists.

Encryption vs Tokenization - Key Differences
Depending on specific data protection requirements, a company can use encryption, tokenization or a combination of both methods to secure its information. The key differences between the two approaches may influence which technique an organization chooses.

With tokenization, the original data is completely removed, while with encryption, the original data still bears a relationship to its unencrypted form. Tokenization also tends to be more flexible in its length and format compared to traditional encryption techniques. Unlike encrypted values, tokens cannot be returned to their corresponding clear text values without access to a secured "look-up" table that matches them to their original values.

Unlike encrypted values, which express the relative length of their clear text value, tokens can be generated so that they don't have any relationship to the length of the original value. Tokenization is frequently the de facto approach to addressing data residency because tokenization can be used to keep sensitive data local (resident) while tokens are stored in the cloud.

Other Important Considerations
Whichever approach selected, one key concern for end users is the preservation of usability of an application. The solution chosen should be able to protect sensitive data going into the cloud without adversely impacting the experience of the application users. Preserving the usability of the application, such as maintaining the ability to search, create reports and sort on data, is critical to maximizing the business value of the cloud applications that enterprises are adopting.

Another concern for many organizations is third-party certifications and verifications. Depending on the industry, a solution may need to be evaluated on its ability to comply with standards such as PCI DSS, HITECH & HIPAA, ITAR, and Gramm-Leach-Bliley.

The National Institute of Standards and Technology (NIST) issues Federal Information Processing Standards (FIPS) as guidelines for use across the Federal government. Many other industries also consult these guidelines to help inform their own security and IT policies. For example, NIST guidelines highlight the importance of using FIPS 140-2 validated encryption when securing sensitive information, and many industries have now adopted this validation as the benchmark for the level of encryption strength they require for their own data.

For more specific information on both of these approaches, download one of our knowledge pieces on tokenization or encryption.

Read the original blog entry...


PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit http://www.perspecsys.com/ or follow on Twitter @perspecsys.

More Stories By David Stott

As Senior Director, Product Management at PerspecSys, David Stott leads efforts to ensure products and services meet market requirements. he works closely with multiple internal teams and client stakeholders to develop excellent customer experiences and advance the strategic product direction. He is an experienced product management and marketing professional with a successful record of aligning market needs and opportunities with product requirements, functionality, and go-to-market strategies. David joined PerspecSys from Covarity and has also held product management and marketing leadership roles with Angoss Software, ADP, and Ironside Technologies.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions need to be truly scalable. Far from it. There are at least six major pain points that companies experience when they try to deploy and run Kubernetes in their complex environments. In this presentation, the speaker will detail these pain points and explain how cloud can address them.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true change and transformation possible.
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. SD-WAN helps enterprises to take advantage of the exploding landscape of cloud applications and services, due to its unique capability to support all things cloud related.
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and GM, discussed how clients in this new era of innovation can apply data, technology, plus human ingenuity to springboard to advance new business value and opportunities.