A company that offers data security with a process called tokenization is about to offer the technology in the cloud. Atlanta-based nuBridges unveiled its tokenization-as-a-service (TaaS) offering, available sometime in March, at the RSA Conference 2011 going on this week in San Francisco. Tokenization is the process of creating tokens that represent data secured in another database. IT professionals can use the tokens to analyze the data in various programs without exposing the actual data.
Tokenization saves companies the time and expense of managing complex data encryption systems for compliance with industry regulations, such as the Payment Card Industry's Data Security Standard (PCI DSS) for the global credit card payment industry. NuBridges, which began offering on-premise tokenization technology in 2009, is going to offer the TaaS option to businesses that are comfortable with the cloud in general and want the cost savings and ease of use it offers, says Gary Palgon, VP of product development for nuBridges.
"We are seeing a trend of acceptance. We saw in 2010 a trend much faster than we predicted of companies not only using the cloud, but using it for production data," Palgon says. Tokenization protects sensitive data that is used throughout an enterprise but is subject to PCI compliance, which requires encryption, he says.
A retailer may process credit card transactions at numerous stores and send all that data to its corporate headquarters, where it's also used for post-transaction business processes, such as account settlement, chargebacks or sales auditing. By replacing the credit card data in those systems with tokens, IT assets aren't subject to PCI compliance. "When you look at what systems are handling credit card information, once you tokenize it, it's not a credit card number anymore," Palgon says.
Helzberg Diamonds, a jewelry retailer with 235 stores, is about to implement an on-premise tokenization software system from nuBridges, says Florian Yanez, manager of technical systems and information technology for the Missouri-based chain. By adopting tokenization, the number of IT systems, such as servers, that are "in scope," meaning subject to PCI compliance, will drop from about 400 to as few as 10, Yanez says.