What is the Best Way to Protect Data?

When it comes to advancements in data encryption, you can find a lot of news on quantum computing (which could easily decrypt anything encrypted), homomorphic encryption (which returns results on processing encrypted data), and honey encryption (tricking hackers into believing they retrieved the encrypted data). As these and other advancements come to market, it’s easy to overlook some advanced data protection methods that are producing a lot of value for business leaders today.  Here are 2 examples:

Format-Preserving Encryption (FPE)

• Data is encrypted while it’s at rest, stored in files or databases, or on storage devices. While data is encrypted, businesses cannot use it.  Data needs to be decrypted in order to be used for business intelligence and analytics, or for downstream functions, such as help-desk, back office support, and other services.
• Decryption creates a potential security vulnerability, because the original data is exposed after the decryption process.
• FPE allows organizations to benefit from the security aspect of encryption, but provides the business with the benefit of data utilization, by producing encrypted values that retain the format of the original data allowing it to  flow between systems that only recognize a certain format, while staying in a protected state.

Tokenization

• Tokenization, like encryption, uses cryptography to secure data.  Tokenization also retains the format of the original data, but it offers greater operational and business value over encryption.
• From an operational point of view, tokenization does not use digital keys to create the secured data set.  Since there are no keys, there is no key management operation (key rotation retirement). There’s less security risk, too, because with encryption, hackers don’t necessarily look to crack encryption, they look for encryption keys to steal.
• From a business point of view, tokenization offers some relief when it comes to Security Audit inspections.  Since tokenization actually replaces sensitive values with surrogate values, the sensitive data no longer exists where the data is stored.  Therefore, the scope in which a security audit is performed within an enterprise is reduced.