nuBridges Pushes ‘Tokenization’ with New Encryption Tool
April 28, 2009 Alex Woodie
System i security software vendor nuBridges last week unveiled a new product called nuBridges Protect Token Manager that puts a different spin on the problem of encryption in dispersed corporate environments. Instead of encrypting data as it rests in a company’s various databases and applications, the product replaces the critical data values with a token that points back to a single database, thereby providing a more secure repository for sensitive data, as well as preserving data formats.
nuBridges is well versed in the field of encryption. The Atlanta, Georgia, software company, which targets the IBM Power Systems server as well as open systems platforms, has been developing traditional encryption software for years. And with the Payment Cardholder Industry Data Security Standard (PCI DSS) pushing new encryption mandates onto retailers, banks, and other parties that hold credit card data, nuBridges has been looking for ways to solve some of the unforeseen consequences that encryption is having on companies, and to drive the state-of-the-art for tokenization, which Gartner and other IT analysts see as the future of encryption.
One of these problems is the storage footprint formed by encrypted data. Having encrypted data, or “ciphertext,” residing in multiple locations elevates the risk that data will be comprised through a mishandled key or other mistake. “The most effective and efficient approach to protecting critical data is to make sure it is stored in the clear in as few places as possible,” says John Pescatore, vice president and analyst at Gartner. “Technologies that reduce the complexity of doing so are badly needed.”
Tokenization is viewed as the solution to the encryption storage footprint problem, because it minimizes the number of places where unencrypted data is stored. With tokenization, instead of storing the unencrypted data locally, a token, or a surrogate value, is inserted in place of the original data. These tokens can then be passed around the network between applications, databases, and business processes safely, while leaving the encrypted data it represents securely stored in a central data vault, according to nuBridges.
But tokenization, as it is commonly used today, introduces its own set of problems. One of these is the referential integrity of databases when tokens and data values don’t maintain a strict one-to-one relationship. Upper case and lower case letters, numbers, and characters are often used interchangeably, which creates problems. Tokenization is also often outsourced today, which is a cause for concern of the most security conscious.
nuBridges Protect Token Manager seeks to solve these two problems by maintaining a one-to-one relationship between tokens and encrypted data, and by allowing companies to keep tight reins over their encryption mechanisms. The software also helps to narrow the scope of PCI DSS audits by limiting the number of places sensitive data is kept.
The new software was written in Java, runs on any Java Virtual Machine, a company representative says. It supports multiple databases, including DB2/400 (DB2 for IBM i), Oracle, and Microsoft SQL Server. It also generates Syslog-compliant logs for integrating with security information and event management (SIEM) products, and also integrates with nuBridges Protect Key Manager for managing the lifecycle of encryption keys.
nuBridges Protect Token Manager is available now. Pricing is dependent on the size and type of server, and starts at $50,000. For more information, visit www.nubridges.com.