The 10 Most Trusted Healthcare IT Security Solution Providers 2018 Final file Healthcare IT optimize | Page 38
called as ‘secret key’ There are two types of encryption
keys: symmetrical and asymmetrical. In symmetrical
process, same key is used to lock and unlock the data, while
in asymmetrical these two keys are different. This helps to
reduce the radius of data vulnerability. Additionally, key
rotation can be used. Regular key rotation limits the amount
of data that can be encrypted using a single key. Therefore,
in case of interception, only a small amount of data is
vulnerable. In tokenization, these intricacies are eliminated. As the
token is a random code and not actually data in the
encrypted form, when and if compromised, no data is
breached. Also, as tokens only map the actual data, the
problem of application functionality is solved. But, with
tokenization, the user’s database increases in size as it has
to store the tokens separately. This makes it harder to scale
and maintain the database. Exchange of data is also difficult
as the exact token is needed to unlock it.
Vault-based and Vault-less
Tokenization
In the process of tokenization,
all the tokens are stored in a
token vault alongside data and
in the same size at data,
eliminating to need to modify
the storage space. Referencing
the token vault is the only way
to access data. The vault-based
tokenization needs expensive
synchronization methodologies
as well as it is too complex to
store large amount of data.
Recently, vault-less tokenization
was developed to tackle the
challenges in vault-based one.
In this, the sensitive data is replaced with a fake data that
looks exactly alike. It provides high security while
maintaining the usability of data. The Ever-Growing Need
With the digital revolution, the
landscape of business world has
turned upside down. It has created
entirely new industries and
enterprises. But, it has made the
organizations vulnerable to
various destructive and new
threats. Some of the industries,
including healthcare, rely on large
amount of data that is sensitive in
nature. As the volume of this data
grows, so does the risk of cyber-
attacks. Cyber criminals trade in
personal and sensitive
information; it is literally the
currency for them. The stolen or
hacked data is further sold to various buyers who sell it
further for even more money. To safeguard against these
threats, businesses and individuals should take immediate
steps in this direction and comply to several regulations like
HIPAA, GDPR, etc.
The Dilemma
Although both, encryption and tokenization are forms of
cryptography, they are very different and not
interchangeable. Each of them has its own set of benefits as
well as disadvantages. There remains a conflict between
which of them is best, the solution to which depends on the
organization’s requirements.
Edward Snowden, an American computer professional,
said, “Encryption works. Properly implemented strong
crypto systems are one of the few things that you can rely
on”. Encryption, today, is commonly used by millions of
people to encrypt the data on their phones and computers to
remain secure in case of accidental loss of sensitive data.
Also, it is used by government and corporates to thwart
sensitive data, surveillance, and so on, as it is possible to
encrypt and decrypt large amount of data with just one key.
Although it brings in many effective solutions, it also has
few drawbacks. Encryption breaks application
functionality; there is always a trade-off between the
strength of encryption and application functionality.
Moreover, if the key is compromised, the thief or hacker
can unlock all the data the key was used to protect.
36 | September 2018 |
Use Cases of the Two
Tokenization is commonly used to protect payment card
data. It is also used to safeguard other types of data,
sensitive in nature, like telephone numbers, account
numbers, email addresses, security numbers, and the data
needed in back-end systems. Encryption, on the other hand,
is better suited for unstructured data including long text
paragraphs or complete documents. It is also ideal for
exchange of data with the third party, helping to validate its
identity online. Both these technologies are being widely
used now-a-days to protect the data stored in applications or
cloud services.
The question that remains is- which one of them is better?
But the ideal solution depends upon the circumstance under
which it is used. Although tokenization is often seen to
more efficient, as there is no link between the original data
and the tokens, encryption can be considered the best
choice in case of unstructured data. Organizations can
leverage the benefits of either encryption or tokenization, or
even both, according to the difficulty at hand.