CipherTrust Tokenization dramatically reduces the cost and effort required to comply with security policies and regulatory mandates.
What is tokenization?
Originally defined for payments, tokenization protects sensitive data (e.g., cardholder data – such as primary account number) by replacing the original data with a unique string of characters or numbers known only to the tokenization system. Tokenization can be used anywhere you want to protect data while preserving its format. Format preservation avoids the need to change your database schema. "(also known as Format Preserving Encryption or FPE)".
Benefits of CipherTrust Tokenization
Thales’ crypto-agile approach reduces developer effort to simply integration—security admins handle updates independently, enabling cipher changes in under a minute and dramatically reducing operational and engineering workload. (this is what is in the 5th box now, but moved to the top where it currently speaks to valutless/vaulted.
Comply with PCI DSS
Protect payment card data with tokenization and securely share it with partners.
Faster, cheaper audits
Easily remove payment data from PCI DSS scope to reduce audit effort and costs.
Maintain control in the cloud
Cloud providers never access token vaults or encryption keys.
Reliable decryption
Centralized management ensures consistent and secure access to decryption for authorized users across all environments.
Preserve database schemas
Format-preserving tokenization prevents unnecessary schema changes, while masked data remains usable for analysis.
Flexible deployment options
Vaulted and Vaultless solutions can be used independently or in conjunction with data masking or redaction.
Stop the penalties and generate more revenue
Mandatory security regulations are multiplying, and non-compliance penalties range from $5,000 to $100,000 USD per month. Moving Developers from revenue-generating projects to support new regulations costs business opportunities and jobs. Our proven solutions enable you to achieve compliance with less work and fewer resources.
Recommended for development, testing and training environments. Static and Dynamic Data Masking obscure sensitive information, replacing some characters with symbols while keeping some data in the clear. Static Data Masking increases performance when the same set of characters is repeatedly needed in the clear. Dynamic Data Masking provides flexibility when different sets of characters will be needed in the clear.
Dynamic Data Masking and Redaction permanently remove or obscure sensitive information – they are not reversible.
Data received via a REST API does not require code changes for RESTful services or clients because RESTful API calls are transparently intercepted and data is protected or revealed within the request/response.
When you limit your data protection to the data inside a database, you don’t need to modify applications. Choose from our portfolio of Tokenization solutions: Deploy native column-level data protection that is independent from database vendors, or an SDK in your applications, or a RESTful service.
Thales CipherTrust Tokenization has reversible solutions (Static Data Masking) and non-reversible solutions (Dynamic Data Masking, Redaction).
The Forrester Wave™: Data Security Platforms, Q1 2025
Cost savings and business benefits enabled by the CipherTrust Data Security Platform
Thales offers superior capabilities for data discovery, encryption, tokenization, and data access controls, including visibility of cryptographic posture and governance of keys and secrets.”
Related resources
Frequently asked questions
How can we protect unstructured data?
By using strong encryption (both at rest and in transit), fine-grained access controls (role-based or attribute-based), and data loss prevention (DLP) tools combined with continuous monitoring and regular backups.
What are unstructured data solutions?
Solutions include object storage platforms (e.g., Amazon S3, Azure Blob Storage), data lakes and lakehouses, NoSQL databases (e.g., MongoDB, Couchbase), and content management systems equipped with metadata tagging and indexing capabilities.
How do you solve unstructured data?
You tackle unstructured data by implementing automated classification and metadata extraction, indexing for searchability, and employing analytics or AI/ML tools to derive structure and insights.
What is the best way to store unstructured data?
The best approach is to use scalable, cost-effective object storage with rich metadata support—often via a data lake or distributed file system—so that you can manage, secure, and analyze the data efficiently.