CipherTrust Tokenization dramatically reduces the cost and effort required to comply with security policies and regulatory mandates.
What is tokenization?
Originally defined for payments, tokenization protects sensitive data (e.g., cardholder data – such as primary account number) by replacing the original data with a unique string of characters or numbers known only to the tokenization system. Tokenization can be used anywhere you want to protect data while preserving its format. Format preservation (also known as Format Preserving Encryption or FPE) avoids the need to change your database schema.
Benefits of CipherTrust Tokenization
Vaulted and Vaultless solutions can be used independently or in conjunction with data masking or redaction.
Comply with PCI DSS
Protect and share payment card data securely
AI Protection
Ready data for AI
Maintain control in the cloud
Cloud providers never have access to token vaults or keys
Reliable decryption
Authorized users have secure access to decrypted data across environments due to centralized management
Reduce development costs
Developer and Operations involvement is significantly decreased. Data Security Admins pick up responsibility and can replace a cipher in less than a minute
Preserve database schemas
Format preserving tokenization eliminates the need to change database schemas and masked data is usable for data analysis
Stop the penalties and generate more revenue
Mandatory security regulations are multiplying, and non-compliance penalties range from $5,000 to $100,000 USD per month. Moving Developers from revenue-generating projects to support new regulations costs business opportunities and jobs. Our proven solutions enable you to achieve compliance with less work and fewer resources.
Recommended for development, testing and training environments. Static and Dynamic Data Masking obscure sensitive information, replacing some characters with symbols while keeping some data in the clear. Static Data Masking increases performance when the same set of characters is repeatedly needed in the clear. Dynamic Data Masking provides flexibility when different sets of characters will be needed in the clear.
Dynamic Data Masking and Redaction permanently remove or obscure sensitive information – they are not reversible.
Data received via a REST API does not require code changes for RESTful services or clients because RESTful API calls are transparently intercepted and data is protected or revealed within the request/response.
When you limit your data protection to the data inside a database, you don’t need to modify applications. Choose from our portfolio of Tokenization solutions: Deploy native column-level data protection that is independent from database vendors, or an SDK in your applications, or a RESTful service.
Thales CipherTrust Tokenization has reversible solutions (Static Data Masking) and non-reversible solutions (Dynamic Data Masking, Redaction).
The Forrester Wave™: Data Security Platforms, Q1 2025
Cost savings and business benefits enabled by the CipherTrust Data Security Platform
Thales’ vision for data security is holistic and distinguishing, with market impact resulting from its focus on enabling postquantum preparations and crypto agility. Thales is underway with efforts to combine Thales CipherTrust and Imperva Data Security Fabric into a combined DSP. It boasts an impressive roadmap and robust community strategy for engagement.”
We have Tokenization and Encryption solutions to meet your security and infrastructure requirements.
Related resources
Frequently asked questions
How can organizations protect sensitive data without storing the original values everywhere?
Tokenization replaces sensitive data with non-sensitive tokens so that organizations can preserve business processes that rely on sensitive data while reducing exposure across applications, databases, analytics platforms, and third-party systems.
How can organizations reduce PCI DSS compliance scope?
Organizations can simplify compliance initiatives and reduce risk by reducing the number of systems that store or process regulated data. Tokenization helps remove payment card data from systems that do not require access to the original values.
How can organizations use sensitive data in AI and analytics without exposing regulated information?
AI and analytics initiatives often require access to large datasets. Tokenization helps organizations reduce exposure by replacing sensitive values with non-sensitive tokens to preserve data usability for many business processes, analytics workflows, and AI applications.
How can organizations safely share sensitive data with vendors, partners, and service providers?
Tokenization replaces sensitive information with non-sensitive tokens before data is shared outside the organization. This helps reduce exposure while supporting collaboration, outsourcing, analytics, and business operations.
How can organizations reduce the impact of a data breach?
Tokenization helps reduce the value of stolen data and limit exposure across applications, databases, and downstream systems. If tokenized data is exposed, attackers obtain non-sensitive tokens instead of the original sensitive values.
How can organizations reduce data exposure across applications, databases, and cloud environments?
Sensitive data often spreads across applications, databases, cloud services, analytics platforms, and AI environments. Tokenization helps reduce exposure by replacing sensitive values with non-sensitive tokens, allowing organizations to support business operations while limiting the spread of regulated information.