resources

Tokenization vs. Encryption: Options for Compliance

webinar-tokenization-vs-encryptionSecurosis research analyst Adrian Lane will provide an unbiased look at how tokenization compares with encryption, where tokenization fits within different compliance frameworks, and how it can help save time and money. Join Adrian, a tokenization expert and long-time data security practitioner, during a one-hour, educational webinar May 21st, 11 am Eastern.

The webinar is intended to help IT departments determine when to use tokenization and when to use encryption. It will explain the tradeoffs between encryption and tokenization when used to solve compliance problems, especially PCI.

The webinar also will explain why:
  • There's a common misconception that tokenization and format preserving tokens are the same.
  • If credit card data is replaced with tokens, almost half the security checks no longer apply, taking them out of scope for a PCI audit.
  • Encryption is well-suited for protecting PII. Tokenization doesn't work as well.
Tokenization is getting a ton of press lately, and it’s fair to ask why – particularly as its value is not always clear. After all, tokenization is not specified by any data privacy regulations as a way to comply with state or federal laws. In fact, when people think security, they often think encryption by default, a backbone technology in the IT security toolbox, but not a panacea. It's often deployed into situations where it does not provide value; rather it adds complexity and cost without better security.

Tokenization is generating buzz because of its ability to fill into these areas where encryption is not ideal. In specific cases, tokenization offers better security and reduced complexity.

The webinar will help you understand how tokenization fits within different compliance scenarios, and delve into the questions about how tokenization is being used for compliance. Adrian will discuss the tradeoffs between encryption and tokenization specifically in relation to the problems IT organizations are most looking to solve: compliance initiatives, especially PCI.

Adrian does not endorse specifics products, but is an advocate of the technology, saying "Personally Identifiable Information (PII) remains a huge potential market for off-the-shelf tokenization products."

In the webinar, Adrian will evaluate which technology is best suited for three types of data - PII, payments and Personal Health Information (PHI).

Watch the Webcast (53 Min. - Opens in new window)