Tokenization on the Node - Data Protection for Security and Compliance
-
Upload
ulf-mattsson -
Category
Technology
-
view
1.008 -
download
0
description
Transcript of Tokenization on the Node - Data Protection for Security and Compliance
![Page 1: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/1.jpg)
Tokenization on the Node - Data Protection for Security and Compliance
Ulf Mattsson, CTO
Protegrity
![Page 2: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/2.jpg)
2
What Is Tokenization on the Node ?
![Page 3: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/3.jpg)
3
![Page 4: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/4.jpg)
• Strategic partnership since 2004
• Advocated solution for data protection on Teradata Databases
• Proven parallel and scalable data protection for Teradata MPP platforms
• Collaboration on forward-looking roadmaps– New and advanced data protection options– Integration with new Teradata Database features– Seamless operation on large data warehouse systems
• World-class customers
4
Teradata and Protegrity
![Page 5: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/5.jpg)
Protegrity Data Protection for Teradata
• A comprehensive data protection solution for Teradata Databases– Provides additional separation of duties through a separate
Security Manager interface for creation and maintenance of security policies
– Includes a patented key management system for secure key generation and protection of keys when stored
– Supports multiple data protection options including strong encryption and tokenization
– Supports multiple cryptographic algorithms and key strengths– Automates the process of converting clear text data to cipher text
5
![Page 6: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/6.jpg)
Protegrity Data Protection for Teradata
• A comprehensive data protection solution for Teradata Databases– Provides additional access controls to protect sensitive information
(even DBC can not see unencrypted data unless specifically authorized by the Security Manager)
– Includes additional auditing separate from database audit logs (such as the Access Log)
– Designed to fully exploit Teradata Database parallelism and scalability– Enterprise-wide solution that works with most major databases and
operating systems (not just Teradata)
6
![Page 7: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/7.jpg)
Select Protegrity Customers
Select Protegrity Customers
7
![Page 8: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/8.jpg)
Data Breaches Gone Mad - Learn how to Secure your Data Warehouse Straight Away!
8
www.protegrity.com
![Page 9: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/9.jpg)
Who Are The Hackers and What Are They Doing?
9
![Page 10: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/10.jpg)
Some of you have already met Yuri.
10Source: http://www.youtube.com/user/ProtegrityUSA
10
![Page 11: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/11.jpg)
Last year he and his “anonymous” friends hacked AT&T.
11Source: http://www.youtube.com/user/ProtegrityUSA
11
![Page 12: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/12.jpg)
This year they hacked Sony and boughtBMW M5s.
Source: http://www.youtube.com/user/ProtegrityUSA
![Page 13: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/13.jpg)
• Data including passwords and personal details were stored in clear text
• Attacks were not coordinated and not advanced
• Majority of attacks were SQL Injection dumps and Distributed Denial of Service (DDoS)
The Sony Breach
13
![Page 14: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/14.jpg)
Next month Yuri plans to hit a major telco with the keys provided by a disgruntled employee.
Source: http://www.youtube.com/user/ProtegrityUSA14
![Page 15: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/15.jpg)
Then Yuri is going to buy a private jet.
Source: http://www.youtube.com/user/ProtegrityUSA15
![Page 16: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/16.jpg)
*: Number of breaches
Source: 2011 Data Breach Investigations Report, Verizon Business RISK team and USSS
Business ServicesHealthcare
MediaTransportationManufacturingTech Services
GovernmentFinancial Services
RetailHospitality
0 5 10 15 20 25 30 35 40 45 %
Who Is The Next Target For Yuri?*
16
![Page 17: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/17.jpg)
Source: Trustwave Global Security Report 2011
Where is Yuri?
17
![Page 18: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/18.jpg)
So how does Yuri do it?
Source: http://www.youtube.com/user/ProtegrityUSA18
![Page 19: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/19.jpg)
%
SocialMisuse
ErrorPhysicalMalwareHacking
0 20 40 60 80 100
*: Number of records
Source: 2011 Data Breach Investigations Report, Verizon Business RISK team and USSS
What Attack Methods Did Yuri Use?*
19
![Page 20: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/20.jpg)
“Usually, I just need one disgruntled employee. Just one.”
Source: http://www.youtube.com/user/ProtegrityUSA20
![Page 21: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/21.jpg)
• Attackers stole information about SecurID two-factor authentication
• 60 different types of customized malware • Advanced Persistent Threat (APT) malware
tied to a network in Shanghai• A tool written by a Chinese hacker 10 years
ago
The Attack On RSA Security
21
![Page 22: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/22.jpg)
%
Third party monitoring service
Brag or blackmail by perpetrator
Internal fraud detection
Internal security audit or scan
Reported by employee
Unusual system behavior
Reported by customer/partner effected
Notified by law enforcement
Third party fraud detection
0 10 20 30 40 50*: Number of breaches
Source: 2011 Data Breach Investigations Report, Verizon Business RISK team and USSS
Do You Know If Yuri Hacked You?*
22
![Page 23: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/23.jpg)
Why Should I Care?
23
![Page 24: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/24.jpg)
• Some issues have stayed constant:• Threat landscape continues to gain sophistication • Attackers will always be a step ahead of the defenders
• Different motivation, methods and tools today: • We are fighting highly organized, well-funded
crime syndicates and nations• Move from detective to preventative controls needed
Source: Forrester and http://www.csoonline.com/article/602313/the-changing-threat-landscape?page=2
Yuri Changed The Threat Landscape
24
![Page 25: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/25.jpg)
25
How Can We Secure The Sensitive Data
Flow?
![Page 26: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/26.jpg)
We Need To Protect The Data Flow
Protected sensitive information
Unprotected sensitive information:
: Enforcement point
26
![Page 27: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/27.jpg)
What Has Industry Done
To Protect Itself?
27
![Page 28: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/28.jpg)
Source: PCI DSS Compliance Survey, Ponemon Institute
ID & credentialing system
Database scanning and monitoring (DAM)
Intrusion detection or prevention systems
Data loss prevention systems (DLP)
Endpoint encryption solution
Web application firewalls (WAF)
Correlation or event management systems
Identity & access management systems
Access governance systems
Encryption for data in motion
Anti-virus & anti-malware solution
Encryption/Tokenization for data at rest
Firewalls
0 10 20 30 40 50 60 70 80 90
WAF
DLP
DAM
%
What is Cost Effective Data Protection?
28
![Page 29: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/29.jpg)
AccessRight Level
Risk
Data Tokens
TraditionalAccessControl
IHigh
ILow
High –
Low -
Old and flawed:Minimal access levels so people can only carry out their jobs
New:CreativityHappens
At the edge
Source: InformationWeek Aug 15, 2011
Can New Data Security Help Creativity?
29
![Page 30: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/30.jpg)
What has Industry Done To
Protect Databases?
30
![Page 31: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/31.jpg)
How Did Data Security Evolve?
Year Event
2010 Memory Data Tokenization introduced as a fully distributed model
2005
Centralized Data Tokenization introduced with hosted payment service
DTP (Data Type Preserving encryption) used by in commercial databases
Attack on SHA-1 hash announcedDES was withdrawn
2001 AES (Advance Encryption Standard) accepted as a FIPS-approved algorithm
1988 IBM AS/400 used tokenization in shadow files1975 DES (Data Encryption Standard) draft submitted by IBM
1900 BC Cryptography used in Egypt
31
![Page 32: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/32.jpg)
123456 777777 1234
123456 123456 1234
aVdSaH 1F4hJ 1D3a
!@#$%a^///&*B()..,,,gft_+!@4#$2%p^&*Hashing -
Strong Encryption -
Alpha -
Numeric -
Partial -
Clear Text Data -
Intrusiveness (to Applications and Databases)
I
Original
!@#$%a^.,mhu7/////&*B()_+!@
666666 777777 8888Tokenizing or
FormattedEncryption
Data
Length
Sta
ndar
dE
ncry
ptio
n
How Can We Limit Changes to Applications?E
ncod
ing
32
![Page 33: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/33.jpg)
What Is The Next Step In Data Protection?
The Promise Of A Better World
33
![Page 34: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/34.jpg)
Replace Sensitive Data With Fake Data
34
1234 5678 1234 5678
Random number
DataToken
![Page 35: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/35.jpg)
Applications & Databases
: Data TokenProtected sensitive
information:
Unprotected sensitive information:
De-tokenization Tokenization
35
Replace Sensitive Data With Data Tokens
![Page 36: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/36.jpg)
Yuri Hates Tokens!
36
![Page 37: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/37.jpg)
What is Tokenization and What is the Benefit?
• Tokenization– Tokenization is process that replaces sensitive data in systems with inert
data called tokens which have no value to the thief– Tokens resemble the original data in data type and length
• Benefit– Greatly improved transparency to systems and processes that need to be
protected• Result
– Reduced remediation– Reduced need for key management– Reduce the points of attacks– Reduce the PCI DSS audit costs for retail scenarios
37
![Page 38: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/38.jpg)
Tokens For PCI, PII & PHI
38
![Page 39: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/39.jpg)
Tokens Can Be More Flexible Than Encryption
Type of Data Input Token Comment
Token Properties
Credit Card 3872 3789 1620 3675 8278 2789 2990 2789 Numeric
Medical ID 29M2009ID 497HF390D Alpha-Numeric
Date 10/30/1955 12/25/2034 Date
E-mail Address [email protected] [email protected] Alpha Numeric, delimiters in input preserved
SSN Delimiters 075-67-2278 287-38-2567 Numeric, delimiters in input
Credit Card 3872 3789 1620 3675 8278 2789 2990 3675 Numeric, Last 4 digits exposed
39
![Page 40: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/40.jpg)
What Is The Impact On Performance And Scalability
40
![Page 41: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/41.jpg)
10 000 000 -
1 000 000 -
100 000 -
10 000 -
1 000 -
100 -
Transactions per second (16 digits)
I
Format
Preserving
Encryption
Speed of Different Protection Methods
I
Data
Type
Preservation
I
Modern
Data
Tokenization
I
AES CBC
Encryption
Standard
I
Basic
Data
Tokenization
Encryption
*: Speed will depend on the configuration41
![Page 42: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/42.jpg)
I
Format
Preserving
Encryption
I
Data
Type
Preservation
I
Modern
Data
Tokenization
I
AES CBC
Encryption
Standard
I
Basic
Data
Tokenization
High
Low
Security
Level
Encryption
*: Speed will depend on the configuration42
Security of Different Protection Methods
![Page 43: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/43.jpg)
Data Protection Methods
Data Protection Methods Performance Storage Security Transparency
System without data protection
Monitoring + Blocking + Masking
Data Type Preservation
Strong Encryption
Tokenization
Hashing
Best Worst
43
The next step in data protection; Tokenization
![Page 44: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/44.jpg)
How does Tokenization on Teradata Work?
44
![Page 45: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/45.jpg)
Token Server
Clique
Node
Node
Protegrity Agent
Protegrity Agent
AMP
AMP
AMP
AMP
AMP
AMP
AMP
AMP
The Bottleneck when Using Old Basic Tokenization
Credit CardNumber
Social Security Number
PassportNumber
Large footprint becomes larger
Replication becomes more complex
Solution may be unmanageable and expensive
45
![Page 46: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/46.jpg)
Modern Tokenization for Teradata Architecture
Clique
Node
Node
Protegrity Agent
Protegrity Agent
AMP
AMP
AMP
AMP
AMP
AMP
AMP
AMP
TokenizationOperations
TokenizationOperations
Small footprint
Small static token tables
High availability
High scalability
High performance
No replication required
No chance of collisions
46
![Page 47: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/47.jpg)
The World’s
Smallest & Fastest Tokenizer
47
![Page 48: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/48.jpg)
Performance Comparison
• Basic Tokenization– 5 tokens per second (outsourced)– 5000 tokens per second (in-house)
• Modern Tokenization– 200,000 tokens per second (Protegrity)
• Single commodity server with 10 connections.• Will grow linearly with additional servers and/or connections
– 9,000,000+ tokenizations per second (Protegrity /Teradata)
48
![Page 49: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/49.jpg)
What Is The Customer
Experience?
49
![Page 50: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/50.jpg)
Tokenization Case Studies
Customer 1: Extensive enterprise End-to-End credit card data protection switching to Protegrity Tokenization• Performance Challenge: Initial tokenization• Vendor Lock-In: What if we want to switch payment processor?• Performance Challenge: Operational tokenization (SLAs)
Customer 2: Desired single vendor to provide data protection including tokenization• Combined use of tokenization and encryption • Looking to expand tokens beyond CCN to PII
Customer 3: Reduce compliance cost. 50 million Credit Cards, 700 million daily transactions• Performance Challenge: Initial tokenization • End-to-End Tokens: Started with the EDW and expanding to stores
50
![Page 51: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/51.jpg)
Faster PCI audit • Half that time• Qualified Security Assessors had no issues with the effective segmentation provided by Tokenization
Lower maintenance cost • Do not have to apply all 12 requirements of PCI DSS
to every system
Better security • Ability to eliminate several business processes such as generating daily reports for data requests and
access
Strong performance • Rapid processing rate for initial tokenization• Sub-second transaction SLA
51
Case Study – Large Chain Store
![Page 52: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/52.jpg)
How does Protegrity on Teradata Work?
52
![Page 53: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/53.jpg)
Protegrity Data Protection for TeradataClique
Policy Enforcement Agent
(UDF / UDT)
Node
Node
PEP Server
DeploymentServer
PEP Server
Log ProxyServer
Da
ta P
rote
ctio
nO
pe
ratio
ns
AMP
AMP
AMP
AMP
Da
ta P
rote
ctio
nO
pe
ratio
ns
AMP
AMP
AMP
AMP
Audit Logs
Policy
Enterprise Security Administrator (ESA)Enterprise Security Administrator (ESA)
Policy Management
Policy Management
Key Management
Key Management
Audit Management
Audit Management
Protected Data
53
![Page 54: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/54.jpg)
Protegrity in the ETL Process
SQL Server
ETL PlatformInformaticaData Stage
• Cleansing• Integration• Transformation
Sources TargetsTransformation
Teradata
EDW
Teradata Load P
rocessesAS/400
DB2
Original ValueNo AccessTokenMaskHash
Proteg
rity Policy R
ole B
ase
d A
ccess Control
Test Data
Oracle
Mainframe
54
![Page 55: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/55.jpg)
Data Masking is Not
Effective
55
![Page 56: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/56.jpg)
SystemType
Risk
Data Tokens
Data display Masking
IProduction
ITest / dev
Data Masking is Not Secure
High –
Low -
Data at rest Masking
IIntegration
testing
ITrouble
shooting
Exposure:Data in clear
before masking
Exposure:Data is only obfuscated
56
![Page 57: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/57.jpg)
Who Is
Protegrity?
57
![Page 58: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/58.jpg)
Why Protegrity?
• Protegrity’s Tokenization allows compliance across:
– PCI– PII– PHI
• Innovative: Pushing data protection with industry leading innovation such as out patented database protection system and the Protegrity Tokenization
• Proven: Proven platform currently protects the worlds largest companies• Experienced: Experienced staff will be there with support along the way
to complete data protection
58
![Page 59: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/59.jpg)
59
Database Protector
File System Protector
Tokenization
Application Protector
Security Administrator
SSL Channel
Secure Distribution
AuditLog
Policy
Secure Collection POS e-commerce Branch
How To Securing The Sensitive Data Flow
![Page 60: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/60.jpg)
60
How Will This Improve My Life?
![Page 61: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/61.jpg)
61
Why Tokenization?
1. No masking needed
2. No encryption/decryption when using
3. No key management across enterprise
![Page 62: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/62.jpg)
62
Why Modern Tokenization?
1. Better – small footprint
2. Faster – high performance
3. Lower total cost of ownership
![Page 63: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/63.jpg)
Tokenization Differentiators
Basic Tokenization Modern TokenizationFootprint Large, Expanding Small, Static
High Availability, Disaster Recovery
Complex, expensive replication required
No replication required
Distribution Practically impossible to distribute geographically
Easy to deploy at different geographically distributed locations
Reliability Prone to collisions No collisions
Performance, Latency, and Scalability
Will adversely impact performance & scalability
Little or no latency. Fastest industry tokenization
Extendibility Practically impossible Unlimited Tokenization Capability
63
![Page 64: Tokenization on the Node - Data Protection for Security and Compliance](https://reader034.fdocuments.us/reader034/viewer/2022051611/54b71a4f4a7959177f8b45a7/html5/thumbnails/64.jpg)
Thank you!
Got Tokens?Meet Yuri at the
Protegrity booth #201
64