Cloud encryption and tokenization trends in financial services
The adoption of the cloud continues to grow rapidly with Gartner forecasting $282 billion in spending by 2018.
“As financial services adopt the cloud, strict compliance regulations and corporate policies push them to be early adopters of security technologies,” said Pravin Kothari, founder and CEO, CipherCloud. “At the same time, the influence of cloud has upped the ante for financial services firm CISOs and their teams. As these companies increase their cloud adoption, they are building data protection in the cloud with the help of innovative encryption and tokenization technologies. Both regulatory scrutiny and the pace of data breaches compel the increased protection of their sensitive information.”
Overall, survey results from more than 50 global banking and financial services firms across North America, Europe, Asia Pacific and Latin America indicate that they are aggressively adopting and proactively securing data in the cloud.
Nearly 100 percent of the firms put personally identifiable data, such as names, addresses and phone numbers in the cloud. 33 percent use the cloud to store highly sensitive PIIs such as social security numbers, birth dates, tax IDs, etc. 47 percent use the cloud to process personal finance data and 53 percent have business confidential data in the cloud.
Each firm uses one or some combination of data protection technologies, such as encryption or tokenization, to protect these various categories of sensitive data. These findings debunk the notion that financial institutions shy away from cloud and show that these firms are increasingly mature in their cloud data protection practices.
Key findings:
40 percent of firms with highly sensitive personal identifiable information choose tokenization for protection. As sensitivity of data goes up, so does the tendency of using tokenization and strong encryption schemes. Tokenization is used progressively less as the criticality of data decreases, indicating a preference for encryption when it comes to data that requires frequent search and sort functions.
64 percent of firms use searchable encryption to protect sensitive data while supporting business workflows. Firms trade off searchability for security strength when the data is used in enterprise workflows to reference or index other information.
Format preserving is key for special structured data. Protecting data – such as email, URL, phone numbers, where the data has a specific recognizable format – requires format-preserving protection, above all other constraints.
Protecting sensitive data while supporting business operations is a balancing act. Depending on the nature of the data – format, sensitivity and business use cases – the enterprise may choose a very different protection scheme. Enterprises can leverage CipherCloud’s data protection framework to make these complex decisions.