Protegrity Takes Tokenization Beyond PCI

A major player in the token security market, Stamford, Conn.-based Protegrity USA wants to reach beyond its PCI (Payment Card Industry) base--including Visa, MasterCard, Best Buy, Southwest Airlines, Gap and Lowe's--to the broader personally identifiable information (PII) market. Protegrity Data Security Platform 5.5 is the latest release of Protegrity's soup-to-nuts enterprise security management solution and extends the company's tokenization capabilities to additional PII data types, includin

February 14, 2011

2 Min Read
Network Computing logo

A major player in the token security market, Stamford, Conn.-based Protegrity USA wants to reach beyond its PCI (Payment Card Industry) base to the broader personally identifiable information (PII) market. Protegrity Data Security Platform 5.5 is the latest release of Protegrity's soup-to-nuts enterprise security management solution and extends the company's tokenization capabilities to additional PII data types, including medical IDs, e-mail addresses, Social Security numbers, dates, addresses and names.

Securing customer data as required by regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Privacy Act and PCI Data Security Standards (DSS) costs on average $3.5 million each year, with companies paying $9.4 million a year for non-compliance-related problems, according to a recent Ponemon Institute study ("The True Cost of Compliance"). Protegrity says that its latest enhancements are intended to extend protection and performance capabilities, along with significant cost reductions, to these emerging markets.

The biggest current opportunity is health care or protected health information (PHI) such as HIPAA, says the company. Organizations that need to follow data protection regulations like HIPAA 18 (medical IDs, dates, e-mail addresses, URLs, etc.) can now deploy release 5.5 to tokenize alphabetic, numeric and alphanumeric data.

The new release also interoperates with cloud databases due to new compatibility with VMWare Hypervisor, Citrix XenServer Hypervisor, XenSource Hypervisor and Microsoft Hyper-V virtual servers.

Analyst Derek Brink, VP and research fellow, IT security, of Aberdeen Group, says that PCI has been the starting point for nearly all tokenization projects that he's been aware of "because the market really does want to deal with compliance and safeguard their customers, but at the lowest possible cost." By "mainstream" Protegrity means that the process of tokenization is being targeted at something other than cardholder data--such as health care information, financial information, intellectual property and any number of other forms of PII.This is an ambitious undertaking by Protegrity. Brink says he illustrates the complexities by way of imagining a scenario in which valuable information is stored in varying amounts in each of our individual homes. On top of this, superimpose a set of standards that require homeowners to lock their doors, get a watchdog, identify every visitor, close their windows every night, make their beds and wash their dishes every day, as well as report accurately and in detail on all of the above.

"The probability of every home being in compliance at all times under this scenario is nil. Eventually, someone would ask the obvious question: Why must this valuable information continue to be stored in our homes? Wouldn't it be more cost-effective, and ultimately more successful, to store and protect the valuable information in fewer, centralized, secure locations? These are the biggest trends driving the market--the sincere desire to achieve and sustain regulatory compliance, but to do so in a more efficient and cost-effective way."

See more on this topic by subscribing to Network Computing Pro Reports Informed CIO: Cloud Compliance in Government (subscription required).

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights