SYDNEY & MELBOURNE, AUSTRALIA
AwareIT

enhance your Cyber Security Resiliance

Tokenization vs Encryption

They are not the same thing!

With encryption, sensitive data remains in your business systems - it's encrypted (and of course, can be decrypted).  With tokenization, sensitive data is replaced with randomized values in the same format and then completely removed from your business systems and securely vaulted offsite.


For a more detailed description of the differences, grab the short comparison document, below.


The Facts

image221

Some Statistics

Identity theft accounted for 69% of all data breaches. 

• US $20 is the average price for a stolen identity record.  

Despite 45% of American companies that had a ransomware breach paying-off the hackers only 26% of them had their data released. 

A Data breach is one of the top 3 causes of brand damage.

Tokenization removes the ability to use data when a network is breach 


image222

2018 Costs of a Breach

•  US $148 cost per Stolen Record Global Average

•  $233 per Capita Cost in the U.S.

•  $7.9M per Data Breach in the U.S.

•  $4.2M lost business


source: Ponemon 2018 Cost of a Data Breach

image223

Data Breach by the Numbers

• 1 out of 4 will experience a breach

• 668 Data Breaches in U.S. in 2018

• 22.4MM Compromised Records


source: Statista

WHAT'S THE DIFFERENCE BETWEREN ENCRYPTION AND TOKENIZATION

image224

 Tokenization and encryption are often mentioned together as means to secure information when it’s being transmitted on the Internet or stored at rest. In addition to helping to meet your organization’s own data security policies, they can both help satisfy regulatory requirements such as those under PCI DSS, EU GDPR or the Australian Privacy Act and Regulations.

  

While tokenization and encryption are both effective data obfuscation technologies, they are not the same thing, and they are not interchangeable - and of course you can  use both in your efforts to protect your data.  Each technology has its own strengths and weaknesses, and based on these, one or the other should be the preferred method to secure data under different circumstances. In some cases, such as with electronic payment data, both encryption and tokenization are used to secure the end-to-end process.

Encryption

  •  Mathematically transforms plain text into cipher text using an encryption algorithm and key 
  •  Scales to large data volumes with just the use of a single (preferable complex) encryption key to decrypt data
  •  Used for structured fields, as well as unstructured data such as entire files
  •  Ideal for exchanging sensitive data with third parties who have the encryption key
  •  Original data leaves the organization, but in encrypted form 
  • Can be de-crypted by brute force with some effort

Tokenization

  • Randomly generates a token value for plain text and stores the mapping in a database and can't be reversed (decrypted)
  •  Difficult to scale and maintain performance as database increases in size 
  •  Ideally suited for structured data fields such as payment card details, Tax File number, etc.
  •  Difficult to exchange data since it requires direct access to a token vault mapping token values (but that also means impossible to steal!)
  •  Format can be maintained without any diminished strength of the security 
  •  Can be setup so that original data is never stored on  the organization systems, simplifying  certain compliance requirements 

Why Tokenize Your Data

  • Removes the risk of losing sensitive data if there is a network comprise, “ No Data, No Theft “.
  • No data loss removes the need to report data breaches, under mandatory data breach reporting legislation, protecting brand image and reputation.
  • Reduce PCI DSS compliance audit scope.  Tokenization can be performed at the point of sensitive data capture.

Experts in Tokenization as a Service Integration

  • Seamless Integration & Implementation
  • Dedicated Project Manager and Architect
  • Data Conversion Plan and Templates
  • End-to-end Testing
  • 24 x 7 x 365 Support
  • Post-implementation Support

Omni-channel Integrations

  •  ERP
  • eCommerce
  • Mobile
  • Call Centre
  • Batch / EDI
  • P2Pe
  • Legacy Systems
  • Web Services

Capabilities

  • Data Vaulting
  • Custom Token Schemes
  • Tokenize any Dataset
  • Encryption and Key Management
  • Payment Gateway Integration
  • Fraud Detection Integration
  • Automated Clearing House Provider Integration
  • Financial Institution Integration

Experience in all industries

  •  Healthcare
  •  Insurance
  •  eCommerce
  • Fintech & Financial Institutions


  • Marketing,  Retail
  •  Hospitality
  •  Booking, Travel & Ticketing
  •  Accounting Services

The PersonaLlY Identifiable information (PII) architecture

image225

Cloud vs. On-premise

Benefits of Cloud

•Completely removes sensitive data from ecosystem

•Reduces complexity for companies with flat networks

•Supports burst peak times with horizontal and vertical scalability.


Cloud Saves Money

•Provides data security at a lower cost than buying or building in-house solution

•Reduces hardware, maintenance & personal costs

Volume-Based Pricing; no transactional, maintenance, or support fees.

image226

Protecting your Customer's Privacy

So you store all of your customer's details on a CRM in the cloud and the vendor encrypts it all for you - you don't have to worry, right?  Maybe not.  Encrypting the data is certainly better than just plain text, but encryption can be broken - some easily! Don't leave your company's reputation at the mercy of a cloud provider who is offering you a solution at the cheapest price!  


By all means, leave the bulk of customer data in the cloud system, but why not tokenize just the few critical fields that identify your customer and store those tokens in the system - a little extra effort but significant extra security.  Have a read of our eBook on the issues, below.