Tokenization vs. Other Security Solutions

20 Sep
2012

Generally speaking, I don’t encourage organizations to jump into procuring the shiny box or software package that’s going to solve the next security illness unless there is unquestionable value and risk reduction.  In today’s market, security solutions are surfacing in almost every area from canned Security Awareness Training through complex Governance, Risk, and Compliance (GRC) Toolsets.  While the beauty of these solutions is undoubtedly in the eye of the beholder, I will contend that if your data is not already protected then those are simply stop-gap solutions.

Significant breaches of every type of sensitive data set continue, including:  Healthcare (HIPAA), Financial (PCI), and Personally Identifiable Information (PII) among others.  Moreover, we see the hackers that defraud organizations are learning to maneuver around[KK1] security solutions and still reach sensitive data.  So what’s the real answer to reducing or eliminating the loss of sensitive data sets?

Obviously, given the title of this entry, I believe the answer is tokenization.  I do not mean to imply that other security solutions are invaluable, but they are not solving the problems they were designed to solve.  For instance, you can have the latest and greatest IDS/IPS + Log Management + Anti-virus solutions in place, but if no one is monitoring them – or alerting is not configured correctly – then hackers are still going to breach your data without your knowledge, and the investment your organization has made is basically worthless.  Considering the trend in Information security around determining the ROI on security investments, I can assure you the ROI is well into the negative with the situation above.

However, using the correct data protection solution can render the next breach irrelevant.  What if all of your company’s critical data sets were tokenized?  In the scenario above, a breach would certainly be painful and would render a black eye to the Information Security Group, internally.  Or, worst case, some embarrassment externally.  But, the insult added to the injury of having a few token values vs. the actual data breached would constitute a huge victory for your Information Security Team and your organization overall.

Tokenization is the best way to protect data.  Whether in transit, being processed, or at rest, tokenized data values can help you Manage Risk, Reduce Compliance, Save Money, and Stay Independent.

For more information on our Managed Services and Software License options, pleasecontact us .

Note:  TokenEx believes in a layered security model for every organization.  We simply believe protecting data is the top priority as opposed to furnishing stop-gap solutions.