“Integrated encryption and tokenization solutions have proven their value in protecting cardholder data and reducing PCI compliance exposure,” said John Pescatore, Gartner Vice President and Research Fellow. “By extending these capabilities to secure other types of sensitive data, enterprises can make major steps forward in protecting the business against targeted attacks.”
nuBridges offers a variety of solutions for protecting data at rest and data in transit.
“Since we introduced our tokenization solution in April 2009, we’ve been intent to provide the best and most comprehensive data security solution in the market, and also to ensure that it meets our customers’ needs for flexibility and non-invasiveness across multiple use cases and environments,” said Gary Palgon, nuBridges Vice President of Product Management. “nuBridges Protect Token Manager 2.0 builds upon our ‘always protected’ vision to allow our customers to protect sensitive data wherever it originates, travels or is stored, and to stay ahead of industry data security mandates and privacy laws.”
Token Manager Accepts Encrypted Data nuBridges Protect now offers the ability for sensitive data to be encrypted at the point of capture (for example Payment Entry Device or Point of Sale system), then securely transmitted to the centralized Token Manager that, in turn, tokenizes the data so that a highly configurable, meaningless token can be used in all downstream systems. This eliminates the risk of data exposure during transit from point of capture to the Token Manager. It also supports a “store and forward” approach at encryption endpoints that is ideal for scenarios where endpoints are vulnerable to network disruption, such as remote retail operations.
Tokenization by Multiple Data Centers Token Manager 2.0 also enables tokens to be generated in multiple data center locations simultaneously. Many extended enterprises have several operational and disaster-recovery data centers that need to generate and share tokens. This new capability of Token Manager 2.0 provides:
More Configuration Options for PII, PHI Use Cases
For some use cases, it is important to maintain referential integrity across all tokens – assuring that a unique data value such as a credit card number or national ID number will always have the same token value. This allows enterprises to run reports and analytics on tokens without having to expose the underlying sensitive data to unauthorized users. Referential integrity is typically important to organizations that are using tokenization as part of their Payment Card Data Security Standard (PCI DSS) compliance strategy. Referential integrity has always been a feature of nuBridges Protect Token Manager.
As use of nuBridges Protect Token Manager expands to other use cases, however, it is sometimes desirable to break that one-to-one relationship. Token Manager 2.0 provides enterprises with the ability to “turn off” referential integrity and/or format preservation, and configure the tokenization in a variety of ways. This is ideal for non-unique PII such as date of birth, salaries, and zip and postal codes, patterns of which can potentially reveal private information about individuals or groups. A simple example of this is salary information, where if two employees earn the same salary and therefore have the same token, having knowledge of one person’s salary (and token) would expose the other person’s salary. Breaking referential integrity is needed to preserve the privacy of both employees.
More about nuBridges Protect Token Manager nuBridges Protect Token Manager is part of nuBridges Protect, the industry’s first data security software solution to combine a new variation of tokenization—Format Preserving Tokenization—with strong local encryption, centralized encryption key management and logging in one platform-agnostic package. nuBridges Protect is designed for organizations that need to protect payment card numbers as well as volumes of personally identifiable information (PII) and protected health information (PHI) from theft and accidental loss, while reducing complexity and simplifying compliance management for data security standards and privacy laws.
nuBridges Protect Token Manager 2.0 is planned for general availability in July 2010. For more information on tokenization, please visit http://www.nubridges.com/resources/tokenization/.
About nuBridges nuBridges provides technology solutions for extended enterprises that share sensitive data across applications, departments and organizations, and face complex security and compliance mandates. Its data encryption, data tokenization, key management, managed file transfer and EDI solutions help customers get information from point A to point B; do it safely; and prove compliance. Proven in production, nuBridges software and services scale across heterogeneous enterprise environments, including legacy systems, and offer unified visibility for improved analysis, decision support and administrative efficiency. nuBridges solutions and support have established a new standard of quality for the industry, and are trusted by the world’s most demanding organizations to exchange and protect billions of payment card transactions, personal data records and business-critical file transfers. More information is available at www.nubridges.com.