What is tokenization?
Originally defined for payments, tokenization protects sensitive data (e.g., cardholder data – such as primary account number) by replacing the original data with a unique string of characters or numbers known only to the tokenization system. Tokenization can be used anywhere you want to protect data while preserving its format. Format preservation avoids the need to change your database schema.
What are the benefits of tokenization?
Vaulted and Vaultless solutions can be used independently or in conjunction with data masking or redaction.
Comply with PCI DSS
Protect payment card data with tokenization and gain the ability to share data securely with your partners.
Faster, cheaper audits
Remove payment card data from the PCI DSS scope with minimal effort -- save on costs associated with PCI DSS compliance.
Maintain control in the cloud
Cloud providers do not have access to token vaults or any of the associated keys.
Decrypt data reliably
Thales’ centralized management methodology reduces operational complexity, removes the need for local management and guarantees consistency in data protection across platforms so that the ability to decrypt data is available to all people who are authorized to access the data.
Reduce development costs
Thales’ crypto agility methodology limits a developer’s involvement to initial coding and integration. Data Security Admins pick up responsibility for making security updates and can replace a cipher in less than a minute. Operations involvement is significantly decreased.
Preserve database schemas
Format preserving tokenization eliminates the need to change database schemas. Format preservation combined with data masking generates data that is secure and available for data analysis.
Stop the penalties and generate more revenue
Mandatory security regulations are multiplying, and non-compliance penalties range from $5,000 to $100,000 USD per month. Moving Developers from revenue-generating projects to support new regulations costs business opportunities and jobs. Our proven solutions enable you to achieve compliance with less work and fewer resources.
Recommended for development, testing and training environments. Static and Dynamic Data Masking obscure sensitive information, replacing some characters with symbols while keeping some data in the clear. Static Data Masking increases performance when the same set of characters is repeatedly needed in the clear. Dynamic Data Masking provides flexibility when different sets of characters will be needed in the clear.
Dynamic Data Masking and Redaction permanently remove or obscure sensitive information – they are not reversible.
Data received via a REST API does not require code changes for RESTful services or clients because RESTful API calls are transparently intercepted and data is protected or revealed within the request/response.
When you limit your data protection to the data inside a database, you don’t need to modify applications. Choose from our portfolio of Tokenization solutions: Deploy native column-level data protection that is independent from database vendors, or an SDK in your applications, or a RESTful service.
Thales CipherTrust Tokenization has reversible solutions (Static Data Masking) and non-reversible solutions (Dynamic Data Masking, Redaction).
Explore benefits you can expect from Thales CipherTrust Tokenization solutions
The Forrester Wave™: Data Security Platforms, Q1 2025
Cost savings and business benefits enabled by the CipherTrust Data Security Platform
Thales offers superior capabilities for data discovery, encryption, tokenization, and data access controls, including visibility of cryptographic posture and governance of keys and secrets.”
Related resources
Frequently asked questions
How can we protect unstructured data?
By using strong encryption (both at rest and in transit), fine-grained access controls (role-based or attribute-based), and data loss prevention (DLP) tools combined with continuous monitoring and regular backups.
What are unstructured data solutions?
Solutions include object storage platforms (e.g., Amazon S3, Azure Blob Storage), data lakes and lakehouses, NoSQL databases (e.g., MongoDB, Couchbase), and content management systems equipped with metadata tagging and indexing capabilities.
How do you solve unstructured data?
You tackle unstructured data by implementing automated classification and metadata extraction, indexing for searchability, and employing analytics or AI/ML tools to derive structure and insights.
What is the best way to store unstructured data?
The best approach is to use scalable, cost-effective object storage with rich metadata support—often via a data lake or distributed file system—so that you can manage, secure, and analyze the data efficiently.