Consider Tokenization to Avoid PCI Stress
March 18, 2014 Alex Woodie
If your retail operations put you under the jurisdiction of the Payment Card Industry’s Data Security Standards (PCI DSS), you are likely experiencing a considerable amount of stress. You have sophisticated cyber criminals gunning for your sensitive data on the one hand, and foaming-at-the-mouth auditors looking to flag the smallest misconfigured setting on the other. What’s an IBM i administrator to do? If you talk to the folks at Liaison Technologies, the topic of tokenization as a service, or TaaS, will soon be broached.
Liaison sells an all-inclusive data security product called Liaison Protect that includes encryption, tokenization, and encryption key management for a range of platforms, including IBM i, Windows, Linux, and Unix. Tokenization is a form of encryption that replaces sensitive data in databases (including DB2 for i) with meaningless surrogate values, or tokens. When the real data value is required, the application submits the token, and retrieves the encrypted value from a central database.
The company gives customers the option of running the tokenization on-premise or in the cloud. Many IBM i environments may choose to run the software in-house, where they can host it all in a PASE JVM or break it up into two components and run the data vault on DB2 for i and run the token server on a Windows, Linux, or Unix server. Breaking the solution up into multiple layers adds complexity but also potentially boosts security.
If simplicity is your goal, then TaaS may be the best option. With TaaS, the data vault and token server components both run in Liaison’s cloud instead of the customer’s data center. The key advantage of this approach is that it eliminates the customer’s server from being subject to the rules of PCI DSS.
Earlier this month Liaison updated its TaaS offering. The Atlanta, Georgia, company says the new TaaS offering lowers capital expenditures and operating expenses. It’s about saving and reducing risk and stress, says Rob Fox, VP of application development at Liaison. “Based on customer requests, we are enhancing our offerings to become more deeply involved in securing these types of environments,” Fox says.