A major player in the token security market, Stamford, Conn.-based Protegrity USA wants to reach beyond its PCI (Payment Card Industry) base to the broader personally identifiable information (PII) market. Protegrity Data Security Platform 5.5 is the latest release of Protegrity's soup-to-nuts enterprise security management solution and extends the company's tokenization capabilities to additional PII data types, including medical IDs, e-mail addresses, Social Security numbers, dates, addresses and names.
Securing customer data as required by regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Privacy Act and PCI Data Security Standards (DSS) costs on average $3.5 million each year, with companies paying $9.4 million a year for non-compliance-related problems, according to a recent Ponemon Institute study ("The True Cost of Compliance"). Protegrity says that its latest enhancements are intended to extend protection and performance capabilities, along with significant cost reductions, to these emerging markets.
The biggest current opportunity is health care or protected health information (PHI) such as HIPAA, says the company. Organizations that need to follow data protection regulations like HIPAA 18 (medical IDs, dates, e-mail addresses, URLs, etc.) can now deploy release 5.5 to tokenize alphabetic, numeric and alphanumeric data.
The new release also interoperates with cloud databases due to new compatibility with VMWare Hypervisor, Citrix XenServer Hypervisor, XenSource Hypervisor and Microsoft Hyper-V virtual servers.
Analyst Derek Brink, VP and research fellow, IT security, of Aberdeen Group, says that PCI has been the starting point for nearly all tokenization projects that he's been aware of "because the market really does want to deal with compliance and safeguard their customers, but at the lowest possible cost." By "mainstream" Protegrity means that the process of tokenization is being targeted at something other than cardholder data--such as health care information, financial information, intellectual property and any number of other forms of PII.