With token architecture, tokens are substituted for sensitive information on the network.

Encryption has become increasingly important as a means of protecting sensitive information from poachers. As widely publicized data breaches have brought information security under closer scrutiny by governments and industry consumer protection agencies, encryption is no longer an option for many companies but a necessity.

While encryption offers a strong measure of protection for a company’s data, it also imposes additional burdens. For example, encrypted data takes up more space than unencrypted data. that means encrypted data bumps up the demands on a concern’s storage systems. In addition, broad use of encryption can, in some industries, increase the cost of compliance audits, as all systems using encryption must meet the standards of regulators both public and private.

One way to relieve the burden encryption places on organizations that’s gaining popularity is tokenization. Not only does this technology reduce the storage requirements created by encrypting data, but it improves security and curbs compliance costs. The fewer the places that sensitive data is stored in a system, the fewer the places subject to compliance audits.

Tokenization saves space by substituting tokens for encrypted information within a system. Typically when a piece of information is encrypted, it is returned to its original location–a record in a database, for example–in encrypted, or cybertext, form. With tokenization, after information is encrypted, it’s stored in a central location, typically a data vault, and a token representing that data is returned to the original location. That token, which takes up less space than its encrypted analog, can be used anywhere the original information would be used. So if the data is used in multiple locations, space is saved because encrypted forms of it need not be stored at those locations. What’s more, the encrypted data is stored at only one location making it easier to secure.

By their nature, tokens add a level of security to sensitive data. Since the token acts as a pointer to the encrypted data, it contains no sensitive information that could be cracked by a Black Hat. If a cyber thief broke into a database containing credit card numbers that had been tokenized, he or she would leave with a batch of worthless tokens.  In addition, they reduce the number of locations where sensitive data is stored. That reduces the number of places information highwaymen can attack in search of sensitive data. However, while it’s easier to defend a single repository of sensitive information than a web of applications, databases and such containing that kind of data, it does create a juicy target for criminals, just as banks are riper targets for amassing illegal wealth than a citizen standing at an ATM machine.

Another benefit of tokenization is better control over who has access to sensitive information. Access to encrypted data can be restricted to specific employees with authorization to do so and further limits can be placed on who can view decrypted, or cleartext, records.

As valuable as encryption is, it can create problems across data sets, problems that can be alleviated with tokenization. For example, in relational databases, encrypting sensitive fields can upset the referential integrity of the information. A primary key in a customer file–the customer number, for instance–that has been encrypted may not jibe with an encrypted foreign key–say, the same customer number in an order file. That’s because encrypted values are created randomly for security reasons. Although there are ways to make these values consistent, doing so may undermine the security of the process.

With tokenization, that problem is removed because the same token is used throughout the database. The token acting as the primary key in the customer file would be the same as the one in the order file.

Token architectures work best in heterogeneous IT environments that include mainframes, distributed systems for back office systems and an assortment of endpoints. The greater variety of confidential information that needs to be protected, the more valuable a token system can be. Token systems have proved to be very popular in the payments industry. That’s no surprise, since that industry has millions of endpoints–practically anyone who sells anything–which creates a serious security problem. However, the technology is creeping into other sectors that deal with sensitive information such as health care and government agencies.