When it comes to advancements in data encryption, you can find a lot of news on quantum computing (which could easily decrypt anything encrypted), homomorphic encryption (which returns results on processing encrypted data), and honey encryption (tricking hackers into believing they retrieved the encrypted data). As these and other advancements come to market, it’s easy to overlook some advanced data protection methods that are producing a lot of value for business leaders today.
Format-Preserving Encryption (FPE)
- Data is encrypted while it’s at rest, stored in files or databases, or on storage devices. While data is encrypted, businesses cannot use it. Data needs to be decrypted in order to be used for business intelligence and analytics, or for downstream functions, such as help-desk, back office support, and other services.
- Decryption creates a potential security vulnerability, because the original data is exposed after the decryption process.
- FPE allows organizations to benefit from the security aspect of encryption, but provides the business with the benefit of data utilization, by producing encrypted values that retain the format of the original data allowing it to flow between systems that only recognize a certain format, while staying in a protected state.
Tokenization
- Tokenization, like encryption, uses cryptography to secure data. Tokenization also retains the format of the original data, but it offers greater operational and business value over encryption.
- From an operational point of view, tokenization does not use digital keys to create the secured data set. Since there are no keys, there is no key management operation (key rotation retirement). There’s less security risk, too, because with encryption, hackers don’t necessarily look to crack encryption, they look for encryption keys to steal.
- From a business point of view, tokenization offers relief when it comes to Security Audit inspections. Since tokenization actually replaces sensitive values with surrogate values, the sensitive data no longer exists where the data is stored. Therefore, the scope in which a security audit is performed within an enterprise is reduced.
Data Masking
- Data masking differs from both FPE and tokenization in that it is irreversible; once the data has been masked, there is no way to return it to clear text.
- Typical use cases include testing, QA, and customer support. Some of the most common examples we've all seen while shopping or banking online are our credit and debit card numbers being displayed as a row of X's with only the last four digits visible.