Tokenization

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Of the data obfuscation techniques,
00:00
tokenization plays
00:00
an especially important role in the cloud.
00:00
Tokenization is really the substitution of some type of
00:00
sensitive data for a digital string of numbers,
00:00
something that represents that data,
00:00
so it can be used in a particular cloud-based process.
00:00
In this lesson, we're going to
00:00
talk about the uses of tokenization,
00:00
the benefits of tokenization,
00:00
and some important security considerations
00:00
when using tokens in Cloud-based environments.
00:00
As I said before, tokenization
00:00
is a data security process of
00:00
substituting sensitive data elements
00:00
with a non-sensitive equivalent.
00:00
It's often referred to as a token.
00:00
It doesn't have any intrinsic meaning or value,
00:00
but it maps back to
00:00
the real record of data that is sensitive in nature.
00:00
It serves as a reference
00:00
>> to be used in various processes.
00:00
>> Tokenization, in order to be used securely,
00:00
you really have to put a lot of security
00:00
and validation around the tokenization system.
00:00
Because that system is used to create the tokens,
00:00
takeaway tokens and it
00:00
can be used to redeem sensitive information.
00:00
If there aren't strict security controls
00:00
and your tokenization system gets
00:00
compromised an insight or a threat actor
00:00
committed actually gain access to
00:00
sensitive information by commandeering tokens or grant
00:00
themselves unnecessary access to
00:00
other systems through faking tokens.
00:00
On a very important thing to do when it comes to
00:00
where to locate your tokenization system is that
00:00
the system should really be either stored in-house or
00:00
in a secured isolated segment
00:00
of a data center or your cloud environment.
00:00
I'm using a security services provider to
00:00
handle the tokenization granting process
00:00
within that environment.
00:00
Now, there are techniques
00:00
of where a token is a requirement.
00:00
Some regulations really want to see tokens
00:00
used and it's acceptable as a means
00:00
of auditing to show how
00:00
tokens can be linked back to their records
00:00
as a means of demonstrating that a process is secure.
00:00
Quiz question. The tokenization system is
00:00
hosted on the same network segment
00:00
as the data it represents.
00:00
If you were a security consultant,
00:00
which of the following would you be
00:00
least likely to recommend?
00:00
One, move the tokenization system
00:00
to an isolated network segment.
00:00
Two, contract with
00:00
a security services provider to
00:00
handle tokenization, or three,
00:00
ensure that logical access reviews
00:00
and strong passwords are used on
00:00
>> all accounts with access to this part of the network.
00:00
>> This is a bit tricky
00:00
because all of these things are good ideas,
00:00
but the most critical thing is that
00:00
the tokenization system and where it's
00:00
currently located pose a real threat.
00:00
Because if someone were to get
00:00
an access to this portion of the system,
00:00
they get immediately grant and
00:00
access this sensitive data.
00:00
Although logical access and strong passwords are
00:00
a best practice and should be enforced and reviewed,
00:00
they are probably the least relevant
00:00
security consideration for this scenario.
00:00
In this lesson, we talked about the use of
00:00
tokens to replace sensitive data.
00:00
We talked about some of
00:00
the security considerations of tokenization,
00:00
that the system should really be
00:00
isolated and protected or
00:00
outsourced all together to
00:00
ensure that it remains safe and secure.
00:00
Then we also talked about how tokenization should be
00:00
protected through network segmentation or outsourcing.
00:00
I'll see you in the next lesson.
Up Next