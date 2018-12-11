Speed and security: There doesn't need to be a trade-off when it comes to data.

Businesses are grappling with staying ahead of the game, as digitalization continues at a meteoric pace - and with it, the demand for speed and convenience. Against this backdrop, data security is more important than ever. But it shouldn’t be a choice between one or the other. When it comes to data, speed AND security can be a perfect marriage; you should never feel compromised.

And yet, there are plenty of high-profile examples of when security has been jeopardized in a catastrophic way. The latest data breach casualty to hit the headlines has been the hotel group, Marriott International – with the records of 500 million customers in the guest reservation database of its Starwood division potentially exposed. The attacker allegedly had access to its network since 2014.

Last year was also an annus horribilis for a few data giants. In 2017 Equifax lost 140 million records, while Alteryx (data analytics) lost 123 million. Each of these records contained personally identifiable information about U.S. citizens. Based on the U.S. Census Bureau’s population estimates, more than half of adults living in the USA were affected by the Equifax breach alone. That’s more than 124 million people in one fell swoop.

If data giants can find themselves in this damaging situation – both financially and reputationally – then businesses of all sizes and sectors across the world need to take heed. Far from scare-mongering, it should highlight the need for a heightened focus on data security. It also gives all of us valuable insight into how data is being attacked; cyber criminals are growing more sophisticated by the day.

When a breach occurs, the most valuable personal information is our financial data. And yet, the landscape is changing, making data security more nuanced and challenging than ever. With the advent of FinTech solutions, consumers are now expecting new, immediate ways to access their finances from any device. With this level of connectivity, the potential for a data theft is heightened. Hackers no longer need to go through the backdoor, when so many other weak entry points are penetrable. This is why keeping data safe needs to be perfectly balanced with insatiable consumer demand. It mustn’t lag behind.

And this is where the idea of tokenization plays a revolutionary role. It’s a solution that protects data, and provides Fort Knox-style security. Put simply, it replaces data with ‘tokens’. These tokens are data elements randomly generated by an algorithm, then substituted in place of the original data. This means the tokenized data has no value to anyone attempting to intercept or harvest it. At the same time, the protected data can still be used in business processes and for advanced analytics - like fraud detection or gaining deeper insights into customer behavior. Tokenization provides protection throughout the whole data journey. No matter if the data is at rest, in motion, or in use – it is always protected. There are always ways for cunning cyber criminals to get in, so it makes good business sense to not only protect the perimeter that they are trying to get into, but also the actual object of interest that is inside: the sensitive data itself. It’s a bit like putting fake money or jewelry in a safe, to outsmart robbers. Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG, believes it’s a highly effective security strategy.

“comforte AG recently helped one of the most advanced and ubiquitous payment processing networks in the world. With its large volume of transactions – transferring from nearly 50 million merchant locations, more than a million ATMs and with more than 15,000 clients across the world – the company is a high value target for cyberattacks; a breach would be catastrophic. comforte AG’s tokenization quickly proved invaluable, protecting sensitive data by rendering it unreadable to potential attackers. Cardholders and merchants can now send and receive payments whenever and wherever, safe in the knowledge that their data is secure,” according to Deveaux.

Significantly, the company’s processing speed was not affected during the implementation of tokenization into its existing application landscape. And the reason it can be business as normal is because the protected data – the tokens – retain the format of the original sensitive data; which means there is no need for changes to the applications. Fast to integrate, cost-effective and highly secure – it’s a powerful trinity for businesses. What’s more, it helps organizations meet compliance requirements. This has become increasingly important given the changing regulatory landscape for data privacy and security, with the latest changes to PCI DSS (Payment Card Industry Data Security Standard) and the advent of Europe’s GDPR (General Data Protection Regulation).

“According to PCI DSS requirements, cardholder data must be rendered unreadable wherever it is stored. GDPR rules go a step further, as they demand similar protection for personal data in general. Additionally, both the GDPR and PCI DSS stress that sensitive data should only be visible on a need-to-know basis within the organization and among its partners. Within this regulatory context, our experts helped one of Eastern Europe’s leading payments processors, Mercury Processing Services International. It serves more than 5.6 million accounts in the financial and banking sectors across Europe, the Middle East and Africa. We replaced sensitive data with a token value that is meaningless if exposed – therefore giving the company the confidence that it is fulfilling both PCI and GDPR requirements,” says comforte AG’s Jonathan Deveaux.

Secure personal data is absolutely indispensable in our digital economy. A data-centric security approach gives businesses the peace of mind that they’re both compliant and putting their customers’ privacy first. By integrating data security technology transparently into existing systems, rather than a dramatic digital overhaul, there is no disruption to business. Ultimately, speed and security in tandem, without compromise, is what will give companies the competitive edge in our data-driven world.