Originally defined for payments, tokenization protects sensitive data (e.g., cardholder data – such as primary account number) by replacing the original data with a unique string of characters or numbers known only to the tokenization system. Tokenization can be used anywhere you want to protect data while preserving its format. Format preservation (also known as Format Preserving Encryption or FPE) avoids the need to change your database schema.
Vaulted and Vaultless solutions can be used independently or in conjunction with data masking or redaction.
Protect and share payment card data securely
Easily remove payment card data from PCI DSS scope
Cloud providers never have access to token vaults or keys
Authorized users have secure access to decrypted data across environments due to centralized management
Developer and Operations involvement is significantly decreased. Data Security Admins pick up responsibility and can replace a cipher in less than a minute
Format preserving tokenization eliminates the need to change database schemas and masked data is usable for data analysis
Mandatory security regulations are multiplying, and non-compliance penalties range from $5,000 to $100,000 USD per month. Moving Developers from revenue-generating projects to support new regulations costs business opportunities and jobs. Our proven solutions enable you to achieve compliance with less work and fewer resources.
Recommended for development, testing and training environments. Static and Dynamic Data Masking obscure sensitive information, replacing some characters with symbols while keeping some data in the clear. Static Data Masking increases performance when the same set of characters is repeatedly needed in the clear. Dynamic Data Masking provides flexibility when different sets of characters will be needed in the clear.
Dynamic Data Masking and Redaction permanently remove or obscure sensitive information – they are not reversible.
Data received via a REST API does not require code changes for RESTful services or clients because RESTful API calls are transparently intercepted and data is protected or revealed within the request/response.
When you limit your data protection to the data inside a database, you don’t need to modify applications. Choose from our portfolio of Tokenization solutions: Deploy native column-level data protection that is independent from database vendors, or an SDK in your applications, or a RESTful service.
Thales CipherTrust Tokenization has reversible solutions (Static Data Masking) and non-reversible solutions (Dynamic Data Masking, Redaction).
Cost savings and business benefits enabled by the CipherTrust Data Security Platform
Thales offers superior capabilities for data discovery, encryption, tokenization, and data access controls, including visibility of cryptographic posture and governance of keys and secrets.”
By using strong encryption (both at rest and in transit), fine-grained access controls (role-based or attribute-based), and data loss prevention (DLP) tools combined with continuous monitoring and regular backups.
Solutions include object storage platforms (e.g., Amazon S3, Azure Blob Storage), data lakes and lakehouses, NoSQL databases (e.g., MongoDB, Couchbase), and content management systems equipped with metadata tagging and indexing capabilities.
You tackle unstructured data by implementing automated classification and metadata extraction, indexing for searchability, and employing analytics or AI/ML tools to derive structure and insights.
The best approach is to use scalable, cost-effective object storage with rich metadata support—often via a data lake or distributed file system—so that you can manage, secure, and analyze the data efficiently.