This document is a guide for enterprise security engineers, security analysts, and CISOs evaluating and comparing encryption solutions. Coding is an architectural model, not just a technology, not just an API. A successful token implementation results from the assessment of critical areas of interest in the areas of data security, architecture compatibility, scalability, performance, operation, monitoring, conformity assessment and integration. The commercial value of a token is high when it is successful, but as the company’s core technology, success will be short-lived without extensive pre-evaluation beyond the broadly evaluated application interfaces and token formatting guidelines.
Enterprise wide data-centric protection has become the preferred strategic way to protect
sensitive data in leading enterprises. By ensuring individual data elements are protected in all states across their lifecycle—at rest, in transit, and in use—data can be de-risked from theft and abuse, security and privacy compliance can be simplified, and business agility enhanced. By removing inevitable security and compliance concerns over live data
processing, new technologies that underpin innovation, agility, and growth can also be
embraced more rapidly.
Data centric security works by using state-of-the art protection methods directly applied at the data elements from capture or creation. Methods include traditional encryption, data tokenization, format preserving encryption (FPE), and masking.
A data-centric model operates on the principle of zero trust, converting sensitive data to a non-sensitive form at all times, and restricting sensitive live data exposure to a small set of readily monitored, managed and defended trusted processes or nodes. The data-centric model inverts the traditional model of protecting the boundary around the data which is increasingly indefensible: the protected data in effect becomes the persistent protection boundary itself, wherever it goes.
When data is secured in this fashion, it can flow into low or zero-trust processing environments more freely without risk, including cloud platforms, third party services, machine learning pipelines, file systems, transaction systems, data stores, and data lakes.