Tokenization protects sensitive data by substituting non-sensitive data. Tokenization creates an unrecognizable tokenized form of the data that maintains the format of the source data. For example, a credit card number (1234-5678-1234-5678) when tokenized (2754-7529-6654-1987) looks similar to the original number and can be used in many operations that call for data in that format without the risk of linking it to the cardholder’s personal information. The tokenized data can also be stored in the same size and format as the original data. So, storing the tokenized data requires no changes in database schema or process.
Data tokenization allows you to maintain control and compliance when moving to the cloud, big data, and outsourced environments.
If the type of data being stored does not have this kind of structure – for example text files, PDFs, MP3s, etc., tokenization is not an appropriate form of pseudonymization. Instead, file-system level encryption would be appropriate. It would change the original block of data into an encrypted version of the data.
Content Disarm and Reconstruction (CDR) analyzes the content of all remaining files and rebuilds them into fully-functional and threat-free replicas in real time. It compbines advanced detection and innovative prevention for Zero Trust Protection from known and unknown threats.
Encryption is a process that uses algorithms to encode data as ciphertext. This ciphertext can only be made meaningful again, if the person or application accessing the data has the data encryption keys necessary to decode the ciphertext. So, if the data is stolen or accidentally shared, it is protected because it is indecipherable, thanks to data encryption.
Controlling and maintaining data encryption keys is an essential part of any data encryption strategy, because, with the encryption keys, a cybercriminal can return encrypted data to its original unencrypted state. An encryption key management system includes generation, exchange, storage, use, destruction and replacement of encryption keys.
Best practice is to use a dedicated external key management system. There are four types:
1. An HSM or other hardware key management appliance, which provides the highest level of physical security
2. A key management virtual appliance
3. Key management software, which can run either on a dedicated server or within a virtual/cloud server
4. Key Management Software as a Service (SaaS)
Database Firewall (DBF) provides real-time database protection against internal and external threats by alerting or blocking attacks and abnormal access requests. It provides virtual patching for a number of database software vulnerabilities, reducing the window of exposure and impact of long patch cycles. DBF includes the auditing and analytics capabilities offered by DAM.
Data Discovery and Classification Solution helps your organization get complete visibility into your sensitive data with efficient data discovery, classification, and risk analysis across heterogeneous data stores – the cloud, big data, and traditional environments – in your enterprise.
Simple to deploy and use, it provides you with a single pane of glass that allows you to get a clear understanding of what sensitive data you have, where it’s located, and its risks of exposure. With rich visualizations and detailed reports, you can more easily uncover and close your gaps, make better decisions about third-party data sharing and cloud migration, and proactively respond to data privacy and security regulations including GDPR, CCPA, LGPD, PCI DSS and HIPAA.