Improving Data Security with Tokenization

Liaison Protect Token Manager™ is the industry’s first on-premise data security software that integrates strong encryption, centralized key management and a new variation on tokenization — Format Preserving Tokenization™ — into one solution. Built on the Liaison Protect architecture, it is engineered for enterprises that need the highest level of data security. Format Preserving Tokenization is ideal for organizations looking to reduce the scope and costs of Payment Card Industry Data Security Standard (PCI DSS) compliance audits.

At Liaison we take responsibility for monitoring the PCI DSS standard and building ongoing compliance into our products. As a participating organization on the PCI Data Security Council, we take an active role in reviewing and recommending changes to the PCI DSS. This involvement enables us to help our customers pass their annual security audits and maintain PCI compliance year after year. And as the chair of the PCI SSC Scoping Special Interest Group’s Tokenization Working Group, Liaison’s data security expert – Gary Palgon – is continuously providing our customers’ PCI DSS compliance challenges and insights to the Council.

Format Preserving Tokenization

This industry leading tokenization model extends the encryption and key management capabilities of Liaison Protect by replacing sensitive data throughout the enterprise with data surrogates, or tokens. Tokens can be safely used by any application or database throughout an enterprise without risk of exposing sensitive data. When applications or databases require the clear-text value, they simply make a call to the Token Manager and present the token (as long as the request is valid and authentic). The Token Manager looks up the token in the data vault, identifies the appropriate cipher text, decrypts the value and presents it back to the database or application.

With Format Preserving Tokenization, tokens that maintain the length and format of the original data can be generated for all types of sensitive data. Social Security numbers, credit card data, National Insurance numbers, financial data, health records and other proprietary or personally identifiable information (PII). No data in the clear, no data at risk. No impact on existing systems and applications, no added costs.

Narrow the Scope of Compliance

By centralizing the storage of encrypted data into a secure data vault, the Token Manager significantly minimizes the number of locations where sensitive data resides. Reducing the distributed footprint of sensitive data narrows the scope of systems, applications and processes that are subject to PCI DSS and other privacy mandates. What’s more, reducing the footprint where sensitive data resides can also help enterprises simplify their operations and significantly reduce the risk of data breach. Even if a token is compromised, the original data is protected.

With this format-preserving model, tokens that maintain the length and format of the original data can be generated for all types of sensitive customer, employee and company confidential information. This minimizes impact on existing systems because the token matches the format of the original value.

Manage via Web-based Interface

The Token Manager uses a browser-based interface for simple, real-time system administration, policy management and reporting. This interface also generates security events over Syslog that can be routed to any SIEM device for analysis, long-term storage and forensics.