Fortanix - Tokenisation Solution and the Benefits

Organisations of all kinds must protect the data they hold on their customers, clients and staff. The loss of sensitive data can lead to damaging regulatory penalties affecting the bottom line and reputational damage when news of the data leak emerges. Robust and multi-layered cybersecurity defence strategies are required to protect sensitive data. Unfortunately, experience shows us that no cybersecurity defence approach is 100% guaranteed to prevent attackers from getting access to data. People make mistakes and new technical vulnerabilities emerge in IT solutions on a weekly basis. Cybersecurity defence should operate under the assumption that data breaches will occur at some point.

Data tokenisation adds an extra layer to further protect sensitive data by replacing personally identifiable information (PII), Primary Account Numbers (PANs) and Personal Health Information (PHI), such as credit card or social security numbers, with random strings of characters that preserve the format of the original data without the risk of it falling into others hands if a breach occurs. Using tokens in this way means business systems do not need to be modified to handle changed formats while simultaneously anonymising and protecting sensitive data.

Fortanix tokenisation enables developers to substitute tokens for sensitive data using REST APIs to achieve privacy compliance and avoid exposing sensitive information if a data breach occurs. You can read more on the?Fortanix Tokenization/Format-Preserving Encryption page. There is also a data sheet that you can download without registration.?

Contact Renaissance?to see how you can incorporate Fortanix tokenisation into the protections available to your clients. Read on for a high-level overview of the solution and its benefits.

How Fortanix Tokenisation Works

Tokenisation provides an extra layer of security by substituting sensitive data elements like PANs, PHI and PII with a surrogate value, also known as a token. This token holds no actual data but uses the same format as the original dataset, making it useless in case of a breach while still readable by IT systems designed for that format. With Fortanix’s tokenisation solution, your sensitive data gets masked without disrupting your business intelligence or analytics tools. When the original data is needed, it is looked up and presented only to those authorised to see and use it. This allows organisations to securely share select data sets while complying with privacy and security regulations.

Tokenisation is built on the existing Fortanix Data Security Manager (DSM) to enable simple and efficient tokenisation workflows with a cloud-scale architecture for better and faster performance. Fortanix DSM delivers a unified platform for secure key management and cryptography services to protect sensitive data in hybrid and multi-cloud environments, including cloud key management, secret management and much more. The built-in encryption, key management and tokenisation services support a comprehensive set of interfaces such as REST APIs, PKCS11, CNG, JCE, KMIP and others. The solution uses a FIPS 140-2 Level 3 compliant Hardware Security Module) HSM to tokenise data. There is no centralised token database required.

When it comes to safeguarding sensitive data, using format-preserving tokenisation combined with role-based access control (RBAC) for applications is a reliable approach. Fortanix enables authorised users to authenticate via RBAC, access and query the data and instantly tokenise it. Users can mask the entire data field or just a portion based on their preferences or group settings, allowing masking for any combination of digits within the tokenised data. This feature seamlessly integrates with LDAP or Active Directory for permission management. Fortanix allows enhanced security of sensitive data by combining tokenisation with data encryption at rest. This additional layer of protection also prevents unauthorised access to decrypted information by unauthorised insiders.

Organisations have the ability to tokenise a variety of custom data types to safeguard sensitive information beyond data like credit card or social security numbers. By creating security objects specific to the kind of data you wish to protect, you can ensure their security and tailor the system to your unique requirements.

The Benefits of Tokenisation

In addition to the headline benefit of anonymising and protecting your data from breaches, Fortanix tokenisation provides these specific benefits (amongst others).

Simplified Regulatory Compliance - Developers can use Fortanix on any platform to effectively mask multiple kinds of sensitive data. This approach helps deliver compliance with PCI-DSS regulations and adds an extra layer of security. The tokenisation of sensitive data also helps meet GDPR and other regulatory framework requirements.

Safe Data Sharing - Fortanix offers vault-less tokenisation that’s more secure and simpler to manage. The platform provides FIPS 140-2 Level 3 compliant HSMs to protect the keys for tokenised data, eliminating the need for a centralised token database. In addition, organisations can safely expose select data sets to 3rd parties or developers for data analytics, or with support staff to verify customer identities.

Granular Data Access Control - The combination of format-preserving tokenisation and RBAC strengthens the protection of sensitive data. With Fortanix as a centralised platform, authorised entities such as applications and users get a unified workflow to authenticate, query, read and tokenise data.