Statista says, between 2005 and the first half of 2018 the number of data breaches in the USA reached 668 with over 22 million records exposed.
According to Gartner, 35% of organisations currently use multiple data security tools, this is due to increase to 60% of organisations by 2020. One of these tools is data tokenization. While tokenization is often more secure than encryption, it is not always the answer. Let’s review the benefits and the week points of tokenization vs encryption to see which one is best for your organisation.
Data encryption is a familiar tool that has seen decades of successful use, but the fact that it is reversible by design makes data encryption a vulnerable option. As a result, tokenization has emerged as one of the top technologies used by regulated industries to ensure information security – according to a PwC survey for the PCI.
However, to understand why data tokenization is a better solution under some scenarios we must first clarify the difference between encryption and tokenization.
Data encryption is the process of using an algorithm combined with a unique code to translate data into a form that does not resemble the original and which carries no meaning in the absence of the unique code, or decryption key.
Encryption can be reversed and the data revealed if: the decryption key is stolen, or by brute-force attempts at discovering the encryption key. Herein lies the vulnerability of encrypted data: the actual data is still transmitted and can be illegally revealed by a determined actor.
Data tokenization takes a different approach. Any highly sensitive data such as credit card numbers is replaced with a token that uniquely identifies the data without containing the sensitive information.
A token has no intrinsic value or meaning, but it does allow for transactions to take place as the token maps to sensitive data, while the sensitive data itself remains securely stored, and not transmitted. However, tokenization can be resource-intensive and presents practical hurdles that data encryption does not.
Because tokenization avoids the transmission of sensitive data, it can be a more secure alternative to encryption, but tokenization is not suitable for unstructured data or large volumes of data.
Data encryption can efficiently apply a protective layer to large volumes of data without encumbering data transmission, or access by the recipient. In fact, for many general data protection use cases, data encryption offers the best mix of convenience, practicality, and security. Consider encryption for:
Certain data sets such as credit card information pose such a risk of data theft that it is simply better to not transmit the actual data, instead tokenizing it. Tokenization can be a good fit under the following scenarios:
The choice between encryption and tokenization is not always straightforward. Besides, enterprises can be hesitant about adopting tokenization: just like blockchain, tokenization is a new concept that is not fully understood. For enterprises determined to discover the benefits of data tokenization taking the perceived risk could lead to huge security rewards.
Let’s discuss your security requirements and find an optimal approach to ensure your data is protected. Get in touch with us.
The breadth of knowledge and understanding that ELEKS has within its walls allows us to leverage that expertise to make superior deliverables for our customers. When you work with ELEKS, you are working with the top 1% of the aptitude and engineering excellence of the whole country.