nuBridges’ Token Manager Gets Enterprise Upgrade
June 29, 2010 Alex Woodie
nuBridges last week unveiled a new version of its cross-platform data tokenization offering that addresses the flexibility demands of enterprise customers. With features such as the capability to run multiple, synchronized data vaults (to boost resiliency and recoverability) and to accept encrypted data at the point of capture (such as point of sale systems), nuBridges says Protect Token Manager 2.0 will help large enterprises minimize the security and regulatory risk of data exposure.
nuBridges launched its Protect Token Manager product just over a year ago to give customers a second option for protecting critical data using a relatively new technology called tokenization. The software is an optional component of the nuBridges Protect suite, which also supports the older form of encryption, whereby critical data is encrypted in place, either by using a second table inserted into the database, or by obscuring certain pieces of text within a field.
Under tokenization, critical data residing across databases or applications is replaced with a meaningless token, which is used to access the real data, which is stored in plain text in a secure central vault. This technique addresses several shortcomings that exist with some applications of traditional encryption. For starters, because critical data is stored in a central location, it minimizes the potential for a mishandled encryption key leading to lost data. Also, tokenization makes it easier to maintain the particular format of the data, which is important for reporting and testing purposes.
Protect Token Manager’s new capability to run multiple, identical data vaults is an important feature for national or multi-national organizations that run multiple data centers for purposes of resiliency. By synchronizing the tokens across two or more geographically remote locations, Protect Token Manager 2.0 gives large organizations the same type of protection against disaster that data replication and high availability technologies provide for ERP and WMS systems of the largest retailers. Administrators can still manage keys from a central location.
The new version also allows companies to input encrypted data (such as credit card numbers) directly from the point of capture, such as a POS system, into the Protect Token Manager data vault, where it is tokenized for use in “downstream” systems. This approaches minimizes the handling of encrypted data, and thus, the chances for data exposure. nuBridges also supports the “store and forward” approach, whereby data is stored in an encrypted format at or near the point of capture, which the vendor says is ideal for scenarios where endpoints are vulnerable to network disruption, such as remote retail operations.
The third big new feature is the capability to break referential integrity between tokens and the actual data that they represent. nuBridges originally developed Protect Token Manager to maintain a one-to-one relationship between the token and the underlying data. However, nuBridges has learned that, in some cases and for some types of data, maintaining referential integrity actually damages the security posture of the customer.
For example, using the same token value to represent a given employee salary gives an unwanted hint at what the underlying value is. In this case, two employees with the same salary will be able to tell the others’ salary by looking at the token. Giving customers the capability to “turn off” referential integrity or format preservation is important for protecting non-unique personally identifiable information (PII), such as dates of birth, sip and postal codes, and salaries.
nuBridges Protect Token Manager 2.0 is planned for general availability in July 2010. The software is designed to work with i/OS and DB2/400, as well as open systems platforms. Pricing starts at about $50,000. For more information, visit www.nubridges.com.