As enterprises continue to move their data to the cloud, and other non-secure locations where they have lesser control over the execution and the data, there is a growing concern about protecting the sensitive information as it's processed. Many countries and even some states in the US recently passed data breach notification, HIPPA privacy directives, or European privacy laws that require enterprises to be compliant and protect the sensitive data of their consumers (also known as Personally Identifiable Information or PII). The loss or breach of sensitive PII information can be devastating to an organization's brand and reputation, and a data breach puts its customer's at risk for identity theft and fraud. The definition of PII varies from place to place but includes a common list of Names, Data of Births, Tax Identification numbers, Social Security numbers, Zip/ postal codes, Address, Bank accounts, Drive License #s, Passport, etc.
Data protection is generally achieved through the encryption of the original sensitive value with a reversible cryptographic function. However, Personally Identifiable Information data may be split across applications and databases in an organization's network and retrofitting existing applications to protect against a breach would is prohibitively expensive.
Intel Expressway Tokenization broker offers the industry's only in-line proxy solution that can apply both tokenization or what is called Format Preserving Encryption (FPE) (NIST approved variation). FPE preserves the field length and data type of the original data, rather than expand the original plaintext to a block boundary by padding the data. In other words, while encrypting the data, you also preserve the format so the receiving end will continue to receive the message in its original format.
Limits changes to back-end applications, especially database tables, data-warehouses, and CRM applications.
Centralized management of encryption, and the encryption policy management in one centralized location.
Support for FPE & tokenization across multiple protocols: http(s) (SOAP, XML, JSON, REST traffic), MQ(over SSL), JMS(over SSL), (s)ftp(s) and non-structured like Cobol, EDI, & PDF.