CipherTrust Tokenization dramatically reduces the cost and effort required to comply with security policies and regulatory mandates.
What is tokenization?
Originally defined for payments, tokenization protects sensitive data (e.g., cardholder data – such as primary account number) by replacing the original data with a unique string of characters or numbers known only to the tokenization system. Tokenization can be used anywhere you want to protect data while preserving its format. Format preservation (also known as Format Preserving Encryption or FPE) avoids the need to change your database schema.
Benefits of CipherTrust Tokenization
Vaulted and Vaultless solutions can be used independently or in conjunction with data masking or redaction.
Comply with PCI DSS
Protect and share payment card data securely
Faster, cheaper audits
Easily remove payment card data from PCI DSS scope
Maintain control in the cloud
Cloud providers never have access to token vaults or keys
Reliable decryption
Authorized users have secure access to decrypted data across environments due to centralized management
Reduce development costs
Developer and Operations involvement is significantly decreased. Data Security Admins pick up responsibility and can replace a cipher in less than a minute
Preserve database schemas
Format preserving tokenization eliminates the need to change database schemas and masked data is usable for data analysis
Stop the penalties and generate more revenue
Mandatory security regulations are multiplying, and non-compliance penalties range from $5,000 to $100,000 USD per month. Moving Developers from revenue-generating projects to support new regulations costs business opportunities and jobs. Our proven solutions enable you to achieve compliance with less work and fewer resources.
Recommended for development, testing and training environments. Static and Dynamic Data Masking obscure sensitive information, replacing some characters with symbols while keeping some data in the clear. Static Data Masking increases performance when the same set of characters is repeatedly needed in the clear. Dynamic Data Masking provides flexibility when different sets of characters will be needed in the clear.
Dynamic Data Masking and Redaction permanently remove or obscure sensitive information – they are not reversible.
Data received via a REST API does not require code changes for RESTful services or clients because RESTful API calls are transparently intercepted and data is protected or revealed within the request/response.
When you limit your data protection to the data inside a database, you don’t need to modify applications. Choose from our portfolio of Tokenization solutions: Deploy native column-level data protection that is independent from database vendors, or an SDK in your applications, or a RESTful service.
Thales CipherTrust Tokenization has reversible solutions (Static Data Masking) and non-reversible solutions (Dynamic Data Masking, Redaction).
The Forrester Wave™: Data Security Platforms, Q1 2025
Cost savings and business benefits enabled by the CipherTrust Data Security Platform
Thales offers superior capabilities for data discovery, encryption, tokenization, and data access controls, including visibility of cryptographic posture and governance of keys and secrets.”
Related resources
Frequently asked questions
How can we protect unstructured data?
By using strong encryption (both at rest and in transit), fine-grained access controls (role-based or attribute-based), and data loss prevention (DLP) tools combined with continuous monitoring and regular backups.
What are unstructured data solutions?
Solutions include object storage platforms (e.g., Amazon S3, Azure Blob Storage), data lakes and lakehouses, NoSQL databases (e.g., MongoDB, Couchbase), and content management systems equipped with metadata tagging and indexing capabilities.
How do you solve unstructured data?
You tackle unstructured data by implementing automated classification and metadata extraction, indexing for searchability, and employing analytics or AI/ML tools to derive structure and insights.
What is the best way to store unstructured data?
The best approach is to use scalable, cost-effective object storage with rich metadata support—often via a data lake or distributed file system—so that you can manage, secure, and analyze the data efficiently.